last updated 27 June 2019
DATA PROTECTION AND DISCLOSURE OF INFORMATION
As part of our day to day business we need to collect personal data from our clients and potential clients to ensure that we can meet their needs for a range of financial services and provide them with information about our services.
Your privacy is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This notice outlines how we manage your personal data and details your rights in respect of our processing of your personal data.
Who are we?
This Privacy Notice applies to the processing activities of Rubrics Asset Management (Ireland) Limited. and who will act as the data controller for the processing of your personal data.
Any reference to ‘us’, ‘our’, ‘we’ in this Privacy Notice is a reference Rubrics Asset Management (Ireland) Limited. Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Notice is a reference to any of our clients and potential clients.
Our Privacy Notice will be reviewed from time to time to take account of new obligations and technology, changes to our operations and practices and to make sure it remains appropriate to the changing environment.
What kind of personal data do we collect?
We collect information necessary to fulfil our obligations to our clients in the course of providing a range of financial services.
We may collect the following types of information about you:
Name, address and contact details, date of birth and gender, information about your income and wealth including details about your assets and liabilities, account balances, trading statements, tax and financial statements, bank details, education and qualifications, employment details including employment history, family details, lifestyle and social circumstance, location data, any other similar information,
On occasion the following sensitive personal data may be obtained: Physical or mental health details, political opinion, trade union membership, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, genetic data, biometric data. We will only obtain and process this information with your express consent.
We also keep records of your trading behaviour, including a record of; products you trade with us and their performance, products we trade on your behalf and their performance and historical data about the trades and investments you have made.
Much of this information is collected in compliance with our duties under the auspices of Central Bank of Ireland and Data Protection regulations. This includes our obligation to verify the identity of clients and to maintain records of regulated business including a record of products you invest in and historical data about investments you have made. If you chose not to provide the information required, we may not be able to provide you with the requested product or service.
If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained their consent.
How is the personal data obtained?
We obtain this information in a number of ways, for example through your use of our services or other dealings with us including through the account opening process, and from information provided in the course of ongoing customer service correspondence. We may also collect personal data about you from third parties through publicly available sources.
Additionally, we may obtain personal data about you through your use of our websites, apps, or using cookies on our websites, in particular by recording your activity and which pages you look at on our websites (please see below on Cookies)
We may record any communications with you including electronic, by telephone, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our duties under FCA rules in relation to our record keeping obligations.
Such telephone conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which may record your image.
What Lawful Basis do we rely on?
We may be required to collect and use certain types of personal information to comply with the requirements of the law and/or regulations, however we are committed to processing all personal information in accordance with the General Data Protection Regulation (“GDPR”), General Data Protection Regulation (697/2016/EU) (the “GDPR”) and applicable Irish data protection legislation (currently the Irish Data Protection Act 2018) (the “Data Protection Legislation”)
The data protection laws allow us to only process your data for certain reasons:
- to perform a contract that we are party to;
- to carry out legally required duties;
- for us to carry out our legitimate interests;
- where we obtain your consent;
- to protect your interests; and
- where something is done in the public interest.
All the processing carried out by us falls into the first four permitted reasons, for example; our use of your personal data in order to comply with our obligations under contract. This includes where a contract is not yet signed but you have requested us to take action as a first step (e.g. provide details of our services). This may also include online application forms that are completed prior to an agreement being signed.
Another reason could be to comply with legal or regulatory requirements, such as carrying out verification checks in line with anti -money laundering regulations.
Where our use of your personal data requires consent, such consent will be provided explicitly by you.
If we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time by contacting us using the contact details set out in this Privacy Notice.
What we do with the personal data we obtain?
We may use information held about you in the following ways:
- To provide you with any services and/or information you request from us (which includes carrying out any obligations arising from any contracts entered into between you and us);
- to notify you about changes to our services;
- to provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased or expressed an interest in which are offered by Rubrics Asset Management (Ireland) Limited and which we think may be of interest to you. You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by contacting us by phone, post or email using the details in the ‘Contact us’ section below. You can unsubscribe from emails by following the unsubscribe instructions included in every email.
- to administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes;
- to improve our sites to ensure that content is presented in the most effective manner for you and for your computer;
- to measure or understand the effectiveness of content we serve to you and others, and to deliver relevant content to you;
- for the purposes of providing services such as ‘most popular’ information on our site;
- to deliver targeted advertisements to you and others as you browse the internet;
- to obtain your feedback on a product, service or our sites via a third party appointed by us;
- to allow you to participate in interactive features of our sites, when you choose to do so; and
- as part of our efforts to keep our sites safe and secure and to prevent and detect money laundering, financial crime and other crime.
Disclosure of your personal data
We may share the personal data we hold about you across Rubrics Asset Management (Ireland) Limited to enable us to better understand your needs and run your accounts in the efficient way that you expect. Your personal data may also be used by the Group for customer modelling, statistical and trend analysis, with the aim of developing and improving our products and services.
We will never sell, trade, or rent your personal data to others; however, we may share your information with selected third parties including:
- our service providers, suppliers and sub-contractors for the performance of any contract we have entered into with them. They may then process this data on our behalf to help run some of our internal business operations for example IT services.
- governmental or judicial bodies or agencies to comply with our legal and regulatory obligations;
- fraud prevention agencies, other companies and organisations to prevent or detect financial and other crime;
- non-affiliated companies may sometimes be used to provide certain services such as preparing and mailing prospectuses, reports, account statements and other information, conducting research on client satisfaction, and gathering shareholder proxies.
- advertisers and advertising networks that require the data to select and serve adverts about our services to you and others. It will only be passed to third party advertisers in order to provide services on behalf of Rubrics Asset Management (Ireland) Limited;
- data, service and software providers that assist us in the improvement and optimisation of our sites;
- Credit reference agency or a verification company to conduct checks on you to verify the information you have provided
Where we share your data with third parties, we ensure that your data is held securely and in line with GDPR requirements.
Do we make automated decisions concerning you?
We do not carry out automated profiling on you; however, we may send your details on to a reference agency necessary for compliance with a legal obligation – for example in connection with fraud prevention or anti-money laundering.
How we store personal data
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold personal data in a combination of secure computer storage facilities and paper-based files and other records and take steps to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that personal data is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations. For example, we are subject to certain anti-money laundering laws which require us to retain verification of identity records for a period of five years after our business relationship with you has ended.
If we hold any personal data in the form of a deed, we will hold this deed in its complete form for a period of 12 years after our business relationship with you has ended.
If we hold any personal data in the form of a recorded communication, by telephone, electronic, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements which will generally be 5 years after our business relationship with you has ended.
Where you have opted out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.
Management and Safeguarding of personal data
We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle personal data to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. We have appointed a Data Protection Officer to ensure that our management of personal data is in accordance with this Privacy Notice and the applicable legislation.
The internet is an open medium and we cannot guarantee that any information you send to us by email or via our sites will not be intercepted or tampered with; any transmission is at your own risk. To help protect your personal data and minimise the risk of it being intercepted by unauthorised third parties our secure servers employ Secure Socket Layer v3 (SSL) or Transport Layer Security v1 (TLS) encryption when you submit information to us through our sites. This security is signified by the “https” and the padlock on the URL bar. Some older browsers do not allow the use of current SSL technology and we therefore recommend that you use an up to date browser. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights as a data subject
The data protection laws give you certain rights in relation to the data we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this Privacy Notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data, we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to store and use the data where so permitted by having a legitimate reason for doing so or where required by law, regulation or by any other competent authorities.
You can read more about these rights here; https://www.dataprotection.ie
Transfers of personal data outside the EEA
Your data may be transferred to, stored at, and processed at a destination outside the European Economic Area by our service providers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR or other relevant laws.
Links to external websites
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any personal data to these websites.
Access to personal data about you
You have the right to request a copy of the personal data we hold about you. If you would like a copy of some or all of this information you may contact us by telephone on +353 1 571 9619 or you may write to us at our business address:
GR-119, Block D, Iveagh Court, Harcourt Road, Dublin 2, D02 VH94, Ireland
If any of the information we hold is inaccurate, you can ask us to make any necessary amendments.
Updates to the Privacy Notice
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your personal data. The updated Notice will be published on our website and comes into effect at the time of publication on the website.
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email us on firstname.lastname@example.org write to us at: GR-119, Block D, Iveagh Court, Harcourt Road, Dublin 2, D02 VH94, Irelandor call us+353 1 571 9619
What if you have a complaint?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set above. If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Data Protection Commissioner. You can find details about how to do this at https://www.dataprotection.ie/or by writing to them at.
Data Protection Commission
R32 AP23 Co. Laois