Whitman Asset Management (“we”) and members of our group are committed to keeping your personal data safe and to ensuring the integrity and security of any personal data we may process.
The new European legislation including the General Data Protection Regulation (“GDPR”) which comes into force on 25th May 2018, and applicable national acts implementing the GDPR such as the UK Data Protection Act 2018 (or such other UK laws implementing the GDPR in the UK), has the objective of establishing greater protection of personal data and enhancing your rights in respect of your personal data.
We ask you to read this privacy notice very carefully as it contains important information on the way in which we will process your personal data, in particular:
- The personal information we collect about you;
- Our legal bases for processing your personal data;
- What we do with your personal information;
- Who your personal data may be shared with; and
- Your rights as a data subject under the Data Protection regulations.
What is personal data and how is it collected?
Personal data includes any information that directly or indirectly identifies an individual. We collect personal data relating to you and your use of our services from a variety of sources, which are detailed below.
We may collect certain personal data, such as personally identifiable information (such as name, date of birth), contact information (such as telephone number, address, email), financial information, employment and education data, other information gained during interactions or correspondence with you and, with your explicit consent, sensitive personal data.
We may collect your personal data directly from you, as well as from other parties. This includes where you agree to act as a Third Party Authority for a client of ours, as well as from third parties, such as credit reference agencies, fraud prevention agencies, electoral roll, financial advisors, court records of debt judgments and introducers and other publicly available sources.
Our legal basis for processing your personal data
We will only process your data where we have a legal basis for doing so. We may rely on the following legal bases for collecting and further processing your personal data:
- Contractual necessity e.g. to fulfil our obligations in respect of your account, policy or service;
- Legal or regulatory obligation;
- Legitimate interest; or
Why we process personal data?
We will process your personal data for the following purposes:
- In order to perform our contract with you e.g. to fulfil our obligations in respect of your account, policy or service;
- To the extent necessary for our own legitimate business interests (detailed below);
- To the extent necessary to comply with a legal obligation e.g. for compliance with legal and regulatory requirements or for the establishment and/or defence of legal rights or for activities relating to the prevention, detection or investigation of crime;
- To the extent that it is necessary to understand any health conditions that you may have, for the purpose of receiving suitable and appropriate financial advice, which will require your explicit consent; and
- For employees or candidates applying for a job with Whitman.
We are required to gain your explicit consent prior to processing any sensitive information about you, for example information about your physical health.
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We may use your personal data for our legitimate business interests in order to allow us to provide the best services and customer experience and to ensure our service remains relevant and tailored to your needs. For example, we may rely on our legitimate interest to process your personal data for the following purposes:
- Marketing, relating to products and services compatible with the original purpose for which we originally gained the information;
- To send you company updates, newsletters or other marketing communications;
- To enhance, modify, personalise or otherwise improve our services and communications for your benefit.
Please note you have the right to object to any processing for which we rely on legitimate interest as the legal basis. You can do so by using the contact details set out at the end of this privacy notice.
Who we share your personal data with?
We share your data with approved third-party providers that have adequate data protection measures in place that align with the requirements of the data protection regulation. For example:
- Professional companies and other persons providing services to us including legal, professional advisers, auditors, tax and accountancy advisers and printing services;
- Credit reference agencies, identity reference agencies and fraud prevention agencies; and
- Government bodies and agencies in the UK e.g. HMRC.
We do not share data outside of the EU and we do not sell your personal data or other information to any third party.
Your rights in respect of your data are:
- Right to be informed – you have the right to be informed of what we do with your data. The detail of what we do is in this privacy notice.
- Access rights: You can request a copy of the personal information we hold about you.
- Right to request rectification: We take reasonable steps to keep your information accurate, but you can also ask us to change any information we hold about you to keep it accurate, complete and current.
- Right to request erasure (‘to be forgotten’): You have the right to ask us to delete the personal information we hold on you; however, please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it.
- Portability: You have the right to request that we send the personal data you provided to us to another data controller in a commonly used electronic format, where technically feasible.
- Right to request restriction: You can request that we restrict our processing of your personal information.
- Right to raise an objection to our processing: Where our processing of your information is performed on the basis of ‘legitimate business interest’, then you can request we stop.
- Right to complain to a supervisory authority: If you are dissatisfied with our use or management of your personal information, you have the right to complain to an EU Data Protection Supervisory Authority. In the UK, the relevant Data Protection Supervisory Authority is the Information Commissioner’s Office (ICO) and you can contact them via their website: www.ico.org.uk
Personal data provided in respect of third parties
You acknowledge that you must have the authority to provide any third party’s personal data to us and agree to share this data protection notice with such third parties and inform them of the details you have advised us of.
Our retention policy
We will regularly review our records to ensure that we do not retain your personal data longer than is necessary, unless there is a legal reason for extended retention.
Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings.
Review of this policy
We may make changes to this policy from time to time and will post such updates on our website.
Who are we and how to contact us?
Whitman Asset Management is a data controller for the purposes specified in this privacy statement. You can contact us directly if you have any questions about this privacy notice or in order to exercise your data subject rights by addressing your email questions and requests via a method shown on our web page www.whitman.co.uk or by one of the following means:
By Phone: 0207 8467460
By Post (Business Address):
Whitman Asset Management
1 Manchester Square,