WealthKernel Fair Processing Notice (as at 13/06/2018)
Your personal information is very important to us. We will endeavour to take care to protect this information. We would like to highlight below a few matters relating to your information that you should be aware of.
If your personal information such as your contact details, or home address, financial information (together called “personal data” in this notice) changes you must inform us without delay. See ‘Contact us’ below.
WealthKernel Limited is a data controller of your personal data. It is registered with the UK’s Information Commissioner.
Our registered office address is at 4th Floor, 124 Goswell Road, Franklin Building, London, EC1V 7DP..
What personal data we process and why we process it
By deciding to use our services (as described in the “Our service” section of the Terms and Conditions you have entered into), you are choosing to provide us with focused personal data about yourself. We will use this for the purposes described in the “Our service”, “Do we handle your money and investments” and “Anti Money Laundering” sections of our terms and conditions (“Ts&Cs” which you will find on the sites of our respective partners).
In addition, we will use your personal data for the purpose of complying with our legal and regulatory obligations, to establish or exercise our legal rights, to defend legal claims and to protect our business against actual or suspected crimes including fraud. All this is processing which is necessary for administering your relationship with us under these Terms. We may also use your personal data for the direct marketing purposes described in the “Unsolicited Promotions/Direct Marketing” section below (subject to your consent where this is required under data protection law).
We collect your personal data directly from you and we will also obtain it indirectly from other sources – these include your Introducer and the Custodian as more particularly referred to in the “Do We Handle Your Money And Investments?” section of our Ts&Cs, as well as the third parties mentioned in the “Anti-Money Laundering” section of the Ts&Cs. We will also collect and review your personal data from and against publicly accessible sources as we explained in the “Anti-Money Laundering” section of our Ts&Cs.
Legal ground for processing under data protection law
The legal grounds on which we process your personal data under data protection law include:
Processing that is necessary for performance of a contract (in particular, our Ts&Cs) or in order to take steps at your request prior to entering into a contract;
Processing that is necessary for our own legitimate interests or those of third parties provided these are not overridden by your interests and fundamental rights and freedoms. These legitimate interests are:
for management and audit of our business operations including auditing;
for market research and analysis including developing statistics (we may anonymise your personal data prior to this);
to administer the arrangements that we have with you under our Ts&Cs and to provide customer service and support functions including those made available on our website and over the telephone;
for direct marketing about our own products/services (subject always to having offered you the opportunity to opt-out of this beforehand); and
when there is a sale or reorganisation of our business assets (in that scenario purchasers may be able to obtain personal data from us where necessary for their own legitimate interests of preparing for completion of the sale or reorganisation);
Processing that is necessary to comply with a legal obligation (other than a contractual obligation). Such legal obligations include:
processing your request for information or when you exercise your rights against us under data protection law;
compliance with legal and regulatory requirements (such as anti-money laundering and anti-fraud checks);
establishing and defending legal rights;
activities relating to the prevention, detection and investigation of crime; and
verification of identity/ies; and/or
Processing that is based on your freely given, specific, informed and unambiguous consent. Such consent will be sought:
when you consent to direct marketing from us about the products/services of our business partners or from those partners themselves; and/or
when you specifically request that we share your personal and financial information with a third party.
Please note – where you provide us with your consent, you are entitled to withdraw your consent at any time. If you do this and if there is no alternative lawful reason which justifies our processing of your personal data for a particular purpose, this may affect what you are entitled to receive from us. For instance, if you withdraw your consent to direct marketing from us about our business partners, we will stop using it for that purpose and we will not inform you about our other products and services of our business partners unless you alter your preferences again in future. This is the type of marketing which relies upon your consent.
If you wish to withdraw your consent, please e-mail us at email@example.com
Unsolicited promotions/direct marketing
We would like to tell you about the products and services of the business partners we work with by means of an unsolicited marketing communication (by telephone, email or post). For instance, to discuss the relative merits of a particular product or service of a third party which is our business partner which we feel may be of interest to you. In addition, we would like to share your name and contact details (in particular your telephone number, email and/or postal address) with our business partners so that they can contact you directly to tell you about their products and services. These types of communications can only be made with your prior consent. As such, when you become a client of ours, you will have the option to consent, or opt in to receiving such communications. In this regard, please see the consent collection mechanisms (in particular, the tick box(es)) on our website portal which relates to this.
If we wish to communicate with you about our own products/services (distinct from those of third parties) then we may not require your consent and instead we may rely on our legitimate interests as being the lawful reason for this – provided we have given you the opportunity to opt-out of these types of communications from us. Again, please see the marketing tick box(es) on our website portal which relate to this.
You are in control of when we can or cannot market to you. As such, you can unsubscribe from this type of direct marketing communication from WealthKernel Limited at any time by email to firstname.lastname@example.org. Additionally, you will be reminded of this right in each marketing communication that we send to you including by email. If you wish to unsubscribe from marketing emails from our business partners you would need to notify them directly using the unsubscribe link in their own marketing emails.
Disclosures of personal data
We may disclose your personal data in response to a court order, to the FCA in accordance with our duties as an FCA authorised firm, to our legal and professional advisors, to our service providers, to actual or prospective purchasers of our business or assets and to law enforcement or other government agencies, in each case subject to our obligations under applicable data protection laws. We will also share your personal data with your Introducer and the Custodian as described in the “Do We Handle Your Money And Investments?” section of our Ts&Cs should this be necessary to administer your relationship with us under our Ts&Cs. We may also share your personal data with replacement asset managers should Your Introducer fall away (as relevant – see ‘Your Introducer’ section of the Ts&Cs).
Third parties provide some services to WealthKernel. These include processing business or obtaining compliance or regulatory advice (such advice usually being obtained from professional advisors with whom we have contracts to ensure appropriate handling of your personal data), which warrant the disclosure of more than just your basic contact details. We will take steps with a view to ensuring that we only share with those third parties your personal data where that is proportionate to the purposes of the disclosure.
Transfers outside the EEA
When we process your personal data it will be transferred to countries or territories which may not provide the same level of protection as those in your country of residence. In particular, transfers will be made outside of the European Economic Area (EEA). In those cases, steps will be taken to protection your personal data in the country of import, as required by applicable data protection laws to which we are subject. In such instances, we will put in place measures to protect such transfers and your data protection rights, such as the EU Standard Data Protection Clauses (also known as EU Model Clauses). You can find out what these are here: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. If you would like to know more about our international transfers, or would like a copy of EU Model Clauses (if relevant), please use the contact information provided in the Contact Us section below.
If we transfer information to the United States, we may also rely on the EU/US Privacy Shield certification scheme, where the party who we transfer your personal data to has certified itself under that regime. Details of the EU/US Privacy Shield certification scheme can be found here: https://www.privacyshield.gov/welcome.
Retention and criteria used
We will keep your personal data for as long as we need it to fulfil the purposes for which it was collected (see above). We will keep certain personal data after that where this is necessary to comply with legal and/or regulatory requirements. The criteria we use to determine data retention periods for personal data includes the following:
Retention in case of queries. We will retain your personal data in case of queries from you about our provision of the Services to you until your query has been dealt with, and a short period after that, in order to ensure that any follow-up questions can be appropriately handled.
Retention in case of claims. We will retain your personal data for the period in which you might bring claims against us in connection with our Ts&Cs. This will include retention in the case of any legal claims or court cases regarding the same.
Retention in accordance with legal and regulatory requirements. We will retain your personal data after the periods described above as necessary in order to comply with our regulatory compliance obligations, or statutory requirements for data retention.
If you would like further information about our data retention practices you can ask for this at any time. Please see ‘Contact Us’ below.
Your rights under data protection laws
You have various rights under data protection law, however, these will not always be relevant or applicable to you – depending on the circumstances. We have described these rights below, but as noted, they may not always be applicable. If you wish to exercise any of these rights please contact us (see ‘Contact Us’ below):
The right to obtain access to personal data that we hold about you and certain prescribed information about how we process it. This is more commonly known as submitting a “data subject access request”. Under data protection laws in the UK you have a right to obtain copies of, or access to, your personal and financial information which we hold as data controller (subject to certain exemptions).
The right to obtain from us without undue delay the rectification of inaccurate personal data and to have incomplete personal data completed in certain circumstances.
The right to obtain from us the erasure of personal data without undue delay in certain circumstances (also known as the “right to be forgotten”). This right is not absolute – it applies only in particular circumstances and where it does not apply any request for erasure will be rejected. Circumstances when it might apply include where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed, when consent is withdrawn (if relevant), when the individual objects to processing and there is no overriding legitimate interest for our continuing the processing personal data, if the personal data is unlawfully processed, or if the personal data has to be erased to comply with a legal obligation.
The right to obtain the restriction of processing of your personal data may be relevant if you contest the accuracy of your personal data (which is proven to be correct); when the processing is unlawful and you request that use of the personal data is restricted and where you do not want erasure instead; or when we no longer need to process the personal data but you require the personal data to be retained in case of future legal claims.
The right to data portability where the personal data is processed by us based on consent, a contract, or using automated means (as relevant). This right allows individuals to obtain and reuse their personal data for their own purposes across different services without hindrance to usability. It is important to understand that this right is different from the right of access (see above) and this means that the types of personal data that you can receive through the right of portability are different to the types you could receive under the right of access.
The right to object to processing of your personal data – this right allows individuals in certain circumstances to object to processing based on legitimate interests, including profiling based on legitimate interests; direct marketing; and processing for purposes of statistics.
Rights relating to automated decision making about you including profiling (as relevant) if this has a legal or other significant effect on your as an individual – this right allows individuals in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken without human intervention.
As noted above, if you wish to exercise any of the above rights in relation to the personal data we hold about you, please use the information provided in the “Contact Us” section below.
We will monitor and record telephone calls and monitor email communications with you for the purpose of quality control, security and training, resolving complaints and/or to evidence the nature and contents of such conversations. In addition, we will do this where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business and to prevent or detect crime.
If you believe that any personal data information which we hold about you is inaccurate, out of date or incomplete, please tell us in writing as soon as possible. Where we are able to verify the inaccuracy, we will update your personal data, if we are not able to verify the accuracy, we will note your request against our records.
Data anonymisation and aggregation
We will from time to time anonymise or aggregate your personal data in such a way as to ensure that you are not identified or identifiable from it, in order to use it for additional purposes, as follows. We will use anonymised/aggregated data, for example, for statistical analysis and administration including analysis of trends, to carry out actuarial work, to tailor our business and our service offerings, to conduct risk assessment and to analyse costs and charges.
Please note that once personal data has been anonymised, it will cease being considered personal data, because you will no longer be identifiable. In such circumstances, this notice will no longer be applicable to that anonymised data.
You must not provide us with any personal data about any person other than yourself except with that other person’s express prior written consent and only ever after you have shown them a copy of this notice, as well as our Ts&Cs. In addition, please see the section in our Ts&Cs headed “Communication by someone not signed up to these Terms”.
Data Protection Officer: We have appointed a Data Protection Officer. The contact details of our DPO are as follows: email@example.com
Your right to lodge a complaint with the Supervisory Authority:
For personal data concerns, you are entitled to lodge a complaint with the Information Commissioner’s Office (details below) – this is an entirely distinct supervisory authority from the FCA.
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the data protection supervisory authority in the UK. You may do this if you consider that we have infringed the applicable data protection law. In the UK, the supervisory authority who is empowered to investigate whether we are complying with the data protection law is called the Information Commissioner’s Office. For more details including how to contact the ICO please visit its website: https://ico.org,uk/
If you have any questions regarding this notice, or how we process your personal data, or if you would like to exercise any of your rights under data protection law, please contact us by emailing firstname.lastname@example.org.