This privacy notice tells you what to expect when Numis collects personal information. This applies to information we collect about:
- Clients and prospective clients
- Contacts at firms we deal with in both a client and non-client capacity
- People who call us
- People who e-mail us
- Visitors to our website
- Job applicants and our current and former employees
- Speakers/presenters at meetings, presentations or seminars hosted or facilitated by Numis
Numis is the controller for your personal data (which means we make decisions about what information we collect about you, what it is used for and who we share it with). Numis Securities Limited is registered with the UK Information Commissioner’s Office (also known as the ICO) under registration number Z7352263.
Numis may use personal data to provide services requested from us, manage accounts, make decisions, detect and prevent financial crime, for analysis and assessment, and to ensure that we comply with applicable legal and regulatory requirements. We do not pass your personal data to external marketers and would not do so unless you have given us your explicit permission.
What is Personal Data?
Personal data means information relating to an individual who can be identified (directly or indirectly) from that information.
A further level of personal data is Sensitive, or ‘special category’ personal data. The following data falls within this definition:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership (or non-membership)
- genetic data
- biometric data
- data concerning health
- data concerning a natural person's sex life or sexual orientation
Outside of the HR department, Numis records and retains very little data that would constitute ‘sensitive personal data’ as it largely has very little relevance to what we do as a business.
Your Data Rights
- Under UK and EU data protection law, every individual has the following rights:
- the right to be informed; - i.e. what data is being gathered and how it is being used and stored
- the right of access; i.e. the right to see what personal data any company has relating to you
- the right to rectification; e.g. ensuring data are accurate and up to date, and corrected if not• the right to erasure; - often referred to as ‘the right to be forgotten’ – erasure of all data at your request
- the right to restrict processing; i.e. to limit data usage
- the right to data portability; i.e. for your data to be sent to another company on your behalf, at your request
- the right to object
Please note these rights may be superseded in some cases. For example, as a regulated firm we have a legal obligation to retain records of clients and trades. This legal obligation could mean that even if we are asked by a client to erase or restrict their personal data, we may not be able to legally do so. We may also not be able to provide all personal data held if doing so would contravene the personal data rights of a third party. Each request will be dealt with on a case by case basis.
In order to legally process personal data we need to rely on one or more of the following conditions:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
If we have obtained your consent to process your data, you have the right to withdraw that consent at any time, at which point we will no longer be able to process your data. Where appropriate, we include an unsubscribe link in the footer of our marketing emails. In addition, should you wish to unsubscribe from any email, or for any other data protection related query, you can contact us at email@example.com.
Please note, however, that in cases where we have a legal obligation, we may need to continue to process your data regardless of consent.
Visitors to our Websites
Visitors to numis.com
When someone visits www.numis.com we collect standard internet log information and details of visitor behaviour patterns. We do not use this and it is only processed in a way which does not identify anyone. We do not make or attempt to find out the identities of those individuals visiting our website.
Visitors to numiscorp.com
Visitors to custody.numis.com
Numis has legal obligations under applicable money laundering laws and regulations to identify and verify its customers and perform ongoing monitoring on customer data. As part of customer identification (“KYC”) procedures Numis collects personal information such as phone numbers, e-mail addresses and financial details, along with identification information such as date of birth, residential address and nationality. Numis may also hold personal information obtained through publicly available sources such as credit agencies, media publications and company registries. Some of the information we check is sensitive personal data (known as special category data) such as your nationality and any previous criminal convictions.
In the interests of fraud prevention and the prevention of financial crime(s) your customer identification data will be shared with third parties who perform monitoring services on behalf of Numis; these third parties are required to adhere to the same high privacy standards as Numis.
Your personal data will only be shared in accordance with data protection laws and where third parties are providing services to Numis as part of our ongoing services and in order to satisfy our legal and regulatory obligations and/or provision of our ongoing services to clients.
Numis also utilises cloud storage solutions that may in some cases mean that personal data will be stored on servers held in other countries, specifically the USA. We also have contracts in place with some suppliers who work on our data in order for us to be able to fulfil our contractual obligations – specifically a firm in Sri Lanka which assists us with Singletrack software. As with all our third party suppliers, they will be required to adhere to our high standards of data privacy. We have a contract in place with all our suppliers which contain data protection and confidentiality obligations. Where we transfer outside the UK or the EU, we always have a mechanism in place to ensure your personal data is processed safely. If you would like any additional information about which mechanisms we rely on for each of our suppliers, please contact us at firstname.lastname@example.org.
People who Contact us
Contact information obtained by Numis as part of business related discussions or data relating to existing client relationships may be held as part of our records for as long as deemed necessary in order to further prospective and ongoing client relationships. Where contacted for marketing purposes these individuals will be given the opportunity to have their information removed from our records. Otherwise information will be processed and deleted in line with our retention schedule.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with company policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
Over the Telephone
Numis records telephone calls as part of its ongoing regulatory obligations and for monitoring and training purposes. These calls are kept for a pre-determined amount of time; however this can be extended if our regulator makes such a request. The calls are stored securely and with limited access given to specific employees.
Job Applicants, Current and Former Numis Employees
When individuals apply to work at Numis, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law. These checks are facilitated by a third party who is based in the EU and we expect to adhere to the same data privacy standards as Numis.
Personal information about unsuccessful candidates will be held and destroyed in line with our retention schedule after the recruitment exercise has been completed. Some records are held to create a pipeline of talent for future recruitment. We may retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Numis, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once employment with Numis has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Employees of Numis agree that their personal data will be used and shared in accordance with our internal policies and that all correspondence made on work equipment will be recorded in line with our regulatory requirements.
I.e. ‘how long we keep your data’. Numis retains personal data for set periods of time. We have a data retention schedule which sets out what kind of documents need to be retained, and for how long - different departments and paperwork are subject to varying legal obligations. Once data has reached the end of its retentions schedule it is safely destroyed.
In exceptional cases, we may be required to keep your personal data for longer than stated in our retention schedule (e.g. as evidence to help defend a legal claim).
Numis is committed to keeping your personal data safe and secure. Numis’ IT department utilizes advanced software to keep out external threats. Every employee has received face to face training on data protection, the importance of people’s personal data, and the importance of records management and archiving. Data is controlled by department, with access controls limited to those employees who require it for a purpose. Physical security measures are very strong, as to be expected for a regulated firm.
Complaints or Queries
Numis tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any questions, please email email@example.com This email address is monitored by our Data Protection Manager.
You have the right to complain directly to the relevant data protection authority in respect of data protection matters. The UK regulator is the Information Commissioner’s Office (ICO), and the Irish regulator is the Data Protection Commission (DPC). We would hope to work with you to resolve any issues prior to this step.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Numis’ collection and use of personal information, although it does not set out all of the purposes for which such is collected and used. However, we are happy to provide any additional information or explanation needed.
You acknowledge and agree that we may collect or use your personal data:
1. as may be required by law, including under anti-money laundering and terrorist financing legislation;
2. to perform our obligations under any agreement we have with you and as you may request from time to time, including the provision of the services to you;
3. to manage or administer the relationship between us and you;
4. to inform you about other products or services of any Numis group company during the continuance of our relationship;
5. to assign or sub-contract, or procure goods or services, or to outsource any part of the normal business functions of any Numis group company to third parties;
6. to monitor our services, whether provided by ourselves or a third party;
7. to communicate with credit reference and information agencies to conduct our KYC;
8. to share personal data with other Numis group companies, with our professional advisers and other affiliated or non-affiliated business partners, or the professional advisers and other affiliated or non-affiliated business partners of another Numis group company, but only where the recipient has a legitimate interest in the information disclosed to them; and
9. at your request or with your consent (e.g. marketing)