This privacy notice tells you what to expect when Numis collects personal information. This applies to information we collect about:
Numis is the controller for your personal data (which means we make decisions about what information we collect about you, what it is used for and who we share it with). We are registered with the Information Commissioner’s Office (also known as the ICO) under registration number Z7352263.
Numis uses personal data to provide services requested from us, manage accounts, make decisions, detect and prevent financial crime, for analysis and assessment, and to ensure that we comply with applicable legal and regulatory requirements. We do not pass your personal data to external marketers unless you have given us your explicit permission.
Personal data is defined as: “Any information relating to an identified or identifiable natural person”
A further level of personal data is Sensitive, or ‘special category’ personal data. The following data falls within this definition:
Outside of the HR department, Numis records and retains very little data that would constitute ‘sensitive personal data’ as it largely has very little relevance to what we do as a business.
Under UK data protection law, every individual has the following rights:
Please note these rights may be superseded in some cases. For example, as a regulated firm we have a legal obligation to retain records of clients and trades. This legal obligation could mean that even if we are asked by a client to erase or restrict their personal data, we may not be able to legally do so. We may also not be able to provide all personal data held if doing so would contravene the personal data rights of a third party. Each request will be dealt with on a case by case basis.
In order to legally process personal data we need to rely on one or more of the following conditions:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
If we have obtained your consent to process your data, you have the right to withdraw that consent at any time, at which point we will no longer be able to process your data. We always include an unsubscribe link in the footer of our marketing emails, or you can contact us at email@example.com.
Please note, however, that in cases where we have a legal obligation, we may need to continue to process your data regardless of consent.
If we have obtained your consent to process your data, you have the right to withdraw that consent, at which point we will no longer be able to process your data – if that is the only condition which we are relying upon to justify the processing.
When someone visits www.numis.com we collect standard internet log information and details of visitor behaviour patterns. We do not use this and it is only processed in a way which does not identify anyone. We do not make or attempt to find out the identities of those individuals visiting our website.
Numis has legal obligations under the money laundering regulations 2007 to identify and verify its customers and perform ongoing monitoring on customer data. As part of customer identification (“KYC”) procedures Numis collects personal information, such as phone numbers, e-mail addresses and financial details, along with identification information such as date of birth, residential address and nationality. Numis may also hold personal information obtained through publicly available sources such as credit agencies, media publications and company registries. Some of the information we check is sensitive personal data (known as special category data) such as your nationality and any previous criminal convictions.
In the interests of fraud prevention and the prevention of financial crime(s) your customer identification
data will be shared with third parties who perform monitoring services on behalf of Numis; these third parties are required to adhere to the same high privacy standards as Numis.
Your personal data will only be shared in accordance with data protection laws and where third parties are providing services to Numis as part of our ongoing services and in order to satisfy our legal and regulatory obligations and/or provision of our ongoing services to clients.
Numis also utilises cloud storage solutions that may in some cases mean that personal data will be stored on servers held in other countries, specifically the USA. We also have contracts in place with some suppliers who work on our data in order for us to be able to fulfill our contractual obligations – specifically a firm in Sri Lanka which assists us with Singletrack software. As with all our third party suppliers, they will be required to adhere to our high standards of data privacy. We have a contract in place with all our suppliers which contain data protection and confidentiality obligations. Where we transfer data outside the UK, we always have a mechanism in place to ensure your personal data is processed safely. If you would like any additional information about which mechanisms we rely on for each of our suppliers, please contact us at firstname.lastname@example.org.
Contact information obtained by Numis as part of business related discussions or data relating to existing client relationships may be held as part of our records for as long as deemed necessary in order to further prospective and ongoing client relationships. Where contacted for marketing purposes these individuals will be given the opportunity to have their information removed from our records. Otherwise information will be processed and deleted in line with our retention schedule.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with company policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
Numis records telephone calls as part of its ongoing regulatory obligations and for monitoring and training purposes. These calls are kept for a pre-determined amount of time; however this can be extended if our regulator makes such a request. The calls are stored securely and with limited access given to specific employees.
When individuals apply to work at Numis, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law. These checks are facilitated by a third party who is based in the EU and we expect to adhere to the same data privacy standards as Numis.
Personal information about unsuccessful candidates will be held and destroyed in line with our retention schedule after the recruitment exercise has been completed. Some records are held to create a pipeline of talent for future recruitment. We may retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Numis, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once employment with Numis has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Employees of Numis agree that their personal data will be used and shared in accordance with our internal policies and that all correspondence made on work equipment will be recorded in line with our regulatory (FCA) requirements.
I.e. ‘how long we keep your data’. Numis retains personal data for set periods of time. We have a data retention schedule which sets out what kind of documents need to be retained, and for how long - different departments and paperwork are subject to varying legal obligations. Once data has reached the end of its retention schedule it is safely destroyed. Please see link for our retention schedule here.
In exceptional cases, we may be required to keep your personal data for longer than stated in our retention schedule (e.g. as evidence to help defend a legal claim)
Numis is committed to keeping your personal data safe and secure. Numis’ IT department utilizes advanced software to keep out external threats. Every employee has received face to face training on data protection, the importance of people’s personal data, and the importance of records management and archiving. Data is controlled by department, with access controls limited to those employees who require it for a purpose. Physical security measures are very strong, as to be expected for a regulated firm located within the London Stock Exchange building.
Numis tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any questions, please email email@example.com This email address is monitored by our Data Protection Manager – currently Tom Dyson, whose direct phone number is 020 7260 1259.
You have the right to complain directly to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters. We would hope to work with you to resolve any issues prior to this step.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Numis’ collection and use of personal information, although it does set out all of the purposes for which such is collected and used. However, we are happy to provide any additional information or explanation needed.
You acknowledge and agree that we may collect or use your personal data: