We are committed to protecting your personal data. This statement explains how we do that. It sets out what we do with your personal data, how we protect it, and explains your pertinent privacy rights. We collect and use your personal data to enable us to conduct our business with you and to comply with the law. The basis we rely upon for lawfully collecting and using your personal data will depend on the purposes for which we are processing your personal data. These are detailed below:
(a) Performing our contract with you
When we do business with you, we do so under the Client Terms. For us to meet our obligations to you under the Client Terms we must process your personal data. We will only process your personal data in line with the Client Terms. When you provide personal data to us, we will use that personal data so we can:
We will only process that data for the purposes for which it was collected or to meet our legal obligations.
(b) Our legitimate interests
We process your information for the following reasons, which we define
as our legitimate interests:
(c) Our legal obligations
In some circumstances, we have a legal obligation to process and share your personal data. We must provide a wide range of data to regulators or other entities in order to prevent or detect crime. Sometimes this involves personal data. We will never transfer more personal data than is necessary to discharge our legal obligations.
(d) Your consent
We will ask you for your preferences in terms of how you would like us to communicate with you and what information you would like to receive from us. You can always adjust your communications preferences, and can opt not to receive information from us unless we are obliged to provide it.
The personal data you provide to us will include combinations of any of the following: Your name, email address, telephone number, address, identification numbers such as National Insurance number, banking account details, date of birth, voice biometrics & voice recordings, location information, employment information, gender, IP address, language, and marital status, dependants and beneficiaries and shareholders.
This information is typically provided to us by your adviser if you have one or by you through the course of your relationship with us. We hold your personal information relating to your account on paper and on computer systems.
Like most businesses, we use third parties, including other entities in the Fidelity Group, to help deliver our services. This will often involve a third party processing your personal data but that will only be in line with the purposes set out above. We operate a regular and strict regime of third party checks on how your personal data is protected.
Your personal data will be held in confidence by us but may be passed to other companies as detailed below:
Any transfer of information will usually be by electronic means, including the internet.
As part of delivery of our service to you it is necessary to transfer your personal data across national borders. These transfers may involve at least one of Fidelity’s Group entities operating in the EEA and as such will apply the European standard of protections to the personal data we process. In practice, this means that all the entities in the Fidelity Group agree to process your personal data in line with high global standards. Where your personal data is transferred within the Fidelity Group but outside of the EEA, that data subsequently receives the same degree of protection as it would in the EEA.
Where it is necessary to transfer personal data to a third party, stringent reviews of those with whom we share the data are carried out and that data will only be transferred in line with the purpose for which it was collected. The third parties to whom we transfer your data are located in the following countries: UK, The Netherlands, Germany, Ireland and India.
In some circumstances we transfer your personal data to companies for whom it is necessary to provide their services from a multitude of countries across the globe. The details of these transfers may be found on the websites of those companies, they are:
Ensuring the confidentiality, integrity and availability of your personal data defines our approach to information security. We ensure that the security risks to your personal data are managed in a way that makes sure we meet our legal and regulatory obligations. We produce, maintain and regularly test our business continuity plans. We utilise the internationally recognised information security best practices, ISO27001 and PCI-DSS. Our Information Security Policy & Standards are regularly reviewed, adhered to and tested for compliance. Information Security training is mandatory for all staff and breaches of information security, actual or suspected, are reported and investigated.
The law places robust obligations on entities in the protection of personal data. The way we protect your personal data reflects our legal obligations. A number of rights in relation to the use of your personal information empowers you to make certain requests of us, detailed as follows:
(a) Requesting a copy of your personal data
You can access the personal data we hold about you and exercise your right to have a copy provided to you, or someone else on your behalf, in a digital format by emailing or writing to us using the contact details set out in the Client Terms.
(b) Letting us know if your personal data is incorrect
If you think any of the personal data we hold about you is wrong please let us know by contacting us. We will check the accuracy of the information and take steps to correct it if necessary.
(c) Asking us to stop using or to erase your personal data
You have the right to object to our use of your personal data. You can ask us to delete it, to restrict its use, or to object to our use of your personal data for certain purposes such as marketing. If you would like us to stop using your data in any way, please get in touch. If we are still providing services to you we will need to continue using your information to deliver those services. In some circumstances we are obligated to keep processing your information for a set period of time.
Information will generally be provided to you free of charge, although we can charge a reasonable fee in certain circumstances.
How long do we keep your personal data?
We keep all personal data safe and only hold it for as long as necessary. To meet the requirements of both UK tax law, we must keep certain personal information for a minimum of 6 years.
How to complain
If you are unhappy with how we have used your personal data you can complain by contacting us or the UK Data Protection Officer, Fidelity International, Beech Gate, Millfield Lane, Surrey KT20 6RP
Finally, you also have the right to complain to your national data protection authority: Information Commissioner’s Office whose helpline number is: 0303 123 1113.