This privacy notice tells you what to expect when Numis collects personal information. This applies to information we collect about:
Numis may use personal data to provide services requested from us, manage accounts, make decisions, detect and prevent financial crime, for analysis and assessment, and to ensure that we comply with applicable legal and regulatory requirements. We do not pass your personal data to external marketers and would not do so without your explicit permission.
Under the General Data Protection Regulation, personal data is defined as:
“Any information relating to an identified or identifiable natural person”
A further level of personal data is Sensitive, or ‘special category’ personal data. The following data falls within this definition:
Outside of the HR department, Numis records and retains very little data that would constitute ‘sensitive personal data’ as it largely has very little relevance to what we do as a business.
Under the General Data Protection Regulation every individual has the following rights:
Please note these rights may be superseded in some cases. For example, as a regulated firm we have a legal obligation to retain records of clients and trades. This legal obligation could mean that even if we are asked by a client to erase or restrict their personal data, we may not be able to legally do so. We may also not be able to provide all personal data held if doing so would contravene the personal data rights of a third party. Each request will be dealt with on a case by case basis.
In order to legally process personal data we need to rely on one or more of the following conditions:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
If we have obtained your consent to process your data, you have the right to withdraw that consent, at which point we will no longer be able to process your data – if that is the only condition which we are relying upon to justify the processing.
Please note, however, that in cases where we have a legal obligation, we may need to continue to process your data regardless of consent.
Similarly, if you choose not to consent to our processing of personal data it may be the case that we would no longer be able to fulfil our contractual obligations and would have to effectively end our relationship – for example if a prospective employee declined to allow their data to be sent to a third party payroll provider, then we would not be able to make salary payment.
When someone visits www.numis.com we collect standard internet log information and details of visitor behaviour patterns. We do not use this and it is only processed in a way which does not identify anyone. We do not make or attempt to find out the identities of those individuals visiting our website.
Numis has legal obligations under the money laundering regulations 2007 to identify and verify its customers and perform ongoing monitoring on customer data. As part of customer identification (“KYC”) procedures Numis collects personal information and in some cases sensitive personal information, such as phone numbers, e-mail addresses and financial details, along with identification information such as date of birth, residential address and nationality. Numis may also hold personal information (including sensitive personal information) obtained through publicly available sources such as credit agencies, media publications and company registries.
In the interests of fraud prevention and the prevention of financial crime(s) your customer identification data will be shared with third parties who perform monitoring services on behalf of Numis; these third parties are required to adhere to the same high privacy standards as Numis.
Your personal data will only be shared in accordance with data protection laws where deemed necessary and where third parties are providing services to Numis as part of our ongoing services and in order to satisfy our legal and regulatory obligations and/or provision of our ongoing services to clients.
Numis also utilises cloud storage solutions that may in some cases mean that personal data will be stored on servers held in other countries, specifically the USA. We also have contracts in place with some data processors who work on our data in order for us to be able to fulfill our contractual obligations – specifically a firm in Sri Lanka which assists us with Singletrack software. As with all our third party data processors, they will be required to adhere to our high standards of data privacy. Under GDPR, all data processors – (i.e. external companies or individuals who process data on our behalf) have to do so under the terms of a written contract, holding the data processor to the standards of GDPR, whatever the jurisdiction they are present in – so that those who are outside of the EU still need to comply. We only have a small number of data processors based outside of the EU, and we have added an addendum to our contracts with these entities, covering GDPR responsibilities.
Contact information obtained by Numis as part of business related discussions or data relating to existing client relationships may be held as part of our records for as long as deemed necessary in order to further prospective and ongoing client relationships. Where contacted for marketing purposes these individuals will be given the opportunity to have their information removed from our records. Otherwise information will be processed and deleted in line with our retention schedule.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with company policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
Numis records telephone calls as part of its ongoing regulatory obligations and for monitoring and training purposes. These calls are kept for a pre-determined amount of time; however this can be extended if our regulator makes such a request. The calls are stored securely and with limited access given to specific employees.
When individuals apply to work at Numis, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law. These checks are facilitated by a third party who is based in the EU and we expect to adhere to the same data privacy standards as Numis.
Personal information about unsuccessful candidates will be held and destroyed in line with our retention schedule after the recruitment exercise has been completed. Some records are held to create a pipeline of talent for future recruitment. We may retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Numis, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once employment with Numis has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Employees of Numis agree that their personal data will be used and shared in accordance with our internal policies and that all correspondence made on work equipment will be recorded in line with our regulatory (FCA) requirements.
I.e. ‘how long we keep your data’. Numis retains personal data for set periods of time. We have a data retention schedule which sets out what kind of documents need to be retained, and for how long - different departments and paperwork are subject to varying legal obligations. For example the HR department’s data is commonly governed by employment law, while the compliance department commonly pays particular attention the money laundering regulations. These documents may contain personal data – most commonly in the form of names and email addresses. Once data has reached the end of its retention schedule it is safely destroyed. Please see link for our retention schedule here.
Numis is committed to keeping your personal data safe and secure. Numis’ IT department utilizes advanced software to keep out external threats. Every employee has received face to face training on GDPR, the importance of people’s personal data, and the importance of records management and archiving. Data is controlled by department, with access controls limited to those employees who require it for a purpose. Physical security measures are very strong, as to be expected for a regulated firm located within the London Stock Exchange building.
Numis tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Should you wish to exercise any of your data protection rights, please email firstname.lastname@example.org setting out your concerns/request. This email address is monitored by our Data Protection Manager.
You have the right to complain directly to the Information Commissioner’s Office (ICO) who regulate our use of data. We would hope to work with you to resolve any issues prior to this step.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Numis’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
You acknowledge and agree that:
(a) in order to administer our business we will be the controller of personal data; and
(b) pursuant to the terms of this Agreement or otherwise, we may collect, use, store or otherwise process personal data: