Henderson Rowe (The ‘Firm’) is committed to safeguarding privacy. In line with the Data Protection Act (DPA) 1998 and EU General Data Protection Regulation (GDPR) 2018 our clients, prospective clients and website users are given specific rights in relation to their personal information. “Henderson Rowe”, “we”, “us” and “our” means Henderson Rowe Limited.
We are registered as a data controller with the UK Information Commissioner’s Office and our data protection registration number is Z7087362.
We may update this Policy from time to time on our website and recommend that you check this page occasionally to ensure that you are aware of any changes.
2. Collecting and Using Your Personal Data
Your data is used for the provision of our investment services. Your data is used primarily for regulatory purposes to ensure the suitability of our services and products. Your data may also be used for marketing purposes, as set out later in this policy, so that we may tell you about products and services you may be interested in, as well as to invite you to client events.
The following are specific examples of how we may use your personal data:
- To understand your journey on our website.
- To help us identify you and any accounts, products or services you may hold with us.
- Administration purposes.
- Research, statistical analysis and behavioural advertising.
- Marketing – please see the marketing and opting out section below.
- Identity verification, financial background or security checks –please see the identification and verification section below.
- Fraud prevention and detection (including money laundering checks).
- To deal with enquiries and complaints made by you through contact with us.
- To notify you of any changes or improvements to our website, our products or our services that may affect you.
We are entitled to use your personal data in these ways because:
- We need to do so in order to perform our contractual obligations with you.
- We have obtained your consent.
- We have legal and regulatory obligations that we must discharge.
- We may need to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
- The use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as:
- Allowing us to effectively and efficiently manage and administer the operation of our business.
- Maintaining compliance with internal policies and procedures.
- Monitoring the use of our copyrighted materials.
- Obtaining further knowledge of current threats to network security in order to update our security solutions and provide these to the market.
3. LAWFUL BASIS FOR PROCESSING OF PERSONAL DATA
In general, we process personal data on the following lawful bases:
- Legitimate Interests: This basis is used for prospective clients, whereby personal data – obtained by means of a lead generator, referral or by research into publicly available information – will be used to make contact via live marketing calls, once they have been screened to ensure the individual is not on the Telephone Preference Service (TP) list. This activity requires no specific consent under the Privacy and Electronic Communications Regulation (PECR) and has undergone a documented Legitimate Interests Assessment in accordance with ICO guidance ensuring it is Identified, Necessary and Balanced.
- Consent: Where we have received your consent to process your personal data for a specific purpose. This basis is primarily used for prospective clients, where they have agreed to being added to our email marketing list. We will obtain their consent to being sent these emails at the time of adding them to this list, in accordance with our marketing preferences (See Marketing & Opting out below)
- Contract: Where processing of your data is necessary for the Firm’s contract with you. This is the basis under which the Firm processes the personal data of its clients and former clients (subject to our legal and regulatory record keeping obligations) and shares personal data with its suppliers and third-party providers – only where such sharing is necessary to the execution of your contract with us.
- Legal Obligation: Where the data processing of your data is necessary to comply with the law (not including the execution of a contract as above). This basis is used for the processing of Criminal Offence Data as defined within the GDPR and is used for the processing of Prospective Client data where the individual has been screened for Fighting Financial Crime purposes but has not subsequently been offered services by the Firm.
We may monitor and record communications with you (such as telephone conversations and emails) for quality assurance, training, fraud protection and compliance purposes.
5. MARKETING AND OPTING OUT
We may from time to time contact you by email to obtain your consent to send electronic marketing to you. We have three levels of marketing consent from which you can choose:
- Market View: We will contact you by email once every three months with our Quarterly Market View, free of charge, which may include information on any new products/services that we have or will be launching.
- Products & Services: We will contact you as per the above, plus we will email you adhoc information, no more than once per month, on any new products or services that we have or will be launching.
- Opt-out: We will place your email address onto a ‘No-contact’ list, to make sure that we don’t inadvertently contact you in this way again.
When you have selected your preferred option, we will continue to contact you in this way until you tell us otherwise. If you stop wanting to receive these communications from us, or wish to change your preferences, please just let us know. We will not (without your consent) supply your personal information to any third party for their own or any other third party’s direct marketing.
6. DISCLOSURE OF YOUR PERSONAL DATA
We may, where necessary in the execution of our service and in accordance with the Lawful Bases as set out above, disclose the personal information that we have collected from you to:
- Our outsourced operations, clearing and settlement provider.
- Our other suppliers and service providers.
- Identification and verification agencies for the purposes of anti-money laundering and Fighting Financial Crime.
- Law enforcement agencies and regulators in connection with any investigation to help prevent unlawful activity and/or regulatory breaches.
7. INFORMATION ABOUT OTHER INDIVIDUALS
- If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can:
- Give consent on their behalf to the processing of their personal data (including minors, for whom your consent to data processing is implicit in our account opening process)
- Receive on their behalf any data protection notices.
- Give consent to the processing of their personal information abroad.
- Give consent to the processing of their Special Category Data (such as their physical or mental health, racial or ethnic origin or religion or politics).
8. SPECIAL CATEGORY DATA
Special Category Data (SCD) is defined as including personal data relating to:
- Ethnic origin;
- Trade union membership;
- Biometrics (where used for ID purposes);
- Sex life; or
- Sexual orientation.
Henderson Rowe treats SCD with the utmost care and will usually only process your SCD where you have given your explicit consent for us to do so, unless the processing is necessary, for example:
For us to comply with our obligations under anti-money laundering legislation;
- Where consent cannot be given by or on your behalf (for example where you are incapacitated and/or physically unable to provide consent);
- We cannot reasonably be expected to obtain consent from you (for example due to concerns relating to lack of mental capacity to provide consent);
- To comply with our regulatory or legal obligations, be these about the application of any contract we have in place with you, about any legal proceedings or intended legal proceedings, or for obtaining legal advice; and
- For the prevention of fraud or unlawful activities. Disclosure may be made to a relevant third party, including anti-fraud organisations and the police.
9. INTERNATIONAL DATA TRANSFERS
Information that we collect from you including via our website (such as when discussing our services with you over the telephone, make an enquiry via our website or obtaining your consent to receive marketing) may be stored, processed and transferred outside of the UK, to enable us to provide you with services and/or to administer our relationship with you.
If we need to transfer your personal information outside of the European Economic Area we will either request your consent to do so, or that transfer will be subject to a European Commission approved contract that will safeguard your personal information.
10.RETAINING PERSONAL INFORMATION
Personal information that we process for any purpose will not be kept for longer than is necessary in the execution of our services and in line with our approach to prospecting as set out above.
When you consent to receiving our email marketing, for example, you will keep receiving it in the manner you have selected indefinitely, until you opt-out.
How long we hold your personal data will vary, as determined by various criteria including:
- The purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- Legal obligations – laws or regulation may set a minimum period for which we must keep your personal data.
- Our Legitimate Business Interests – in the execution of our prospecting process.
11.SECURITY OF YOUR PERSONAL INFORMATION
We will use technical and organisational measures to safeguard your personal information and take reasonable precautions to prevent the loss, misuse or alteration of your personal information. For example:
- We will store all the personal information that you provide in a secure private cloud environment, which is password and firewall protected.
- Access to your account via the online services provided via our suppliers is controlled by password and username credentials that are unique to you.
Henderson Rowe has in place a robust Data Protection Policy, which can be made available on request, setting out our approach to protecting your personal data. We cannot, however, guarantee the security or integrity of all data we hold, as cybersecurity breach risk cannot be entirely mitigated and the transmission of information over the internet is inherently insecure.
You have legal rights in relation to the personal data that we hold about you, which you can exercise by contacting us at any time. These include:
- The right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you.
- The right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so.
- In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit that data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us.
- The right to request that we rectify your personal data if it is inaccurate or incomplete.
- The right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it or required to comply with regulations.
- The right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request.
- The right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us. You can find out more information about your rights by contacting the Information Commissioner’s Office (ICO) or by searching their website at https://ico.org.uk.
13.INTERNET USAGE AND COOKIES
You can access full information concerning use of our website, which can be found within our Website Disclaimer at www.hendersonrowe.com.
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both “session” cookies and “persistent” cookies on the website. We may use the session cookies to keep track of you whilst you navigate the website and the persistent cookies to enable our website to recognise you when you visit. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just thirdparty cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites.
14.THIRD PARTY WEBSITES
Our website includes hyperlinks to, and details of, third party websites over which we have no control. We are not responsible for the privacy policies and practices of third parties.