THE PRODUCTS AND SERVICES WE PROVIDE
1. Information we receive through our websites (“Stonehouse Websites“);
2. Information we receive through our products and services (“Stonehouse Products and Services” ).
THE TYPES OF PERSONAL DATA WE COLLECT
Many of the services offered by Stonehouse require us to obtain Personal Data about you in order to perform the services we have been engaged to provide. In relation to each of the services described above, we will collect and process the following Personal Data about you:
Information that you provide to Stonehouse.
This includes information about you that you provide to us by completing forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. The nature of the services you are requesting will determine the kind of Personal Data we might ask for, though such information may include (by way of a non-exhaustive list):
- basic Personal Data (such as first name; family name; company name; position in the company; company email address; business phone number; business address; city; postcode; country).
- any information that you choose to share with Stonehouse which may be considered Personal Data
Information that we collect or generate about you. This includes:
- information relating to your (or an applicant’s) investment in the applicable Stonehouse Products and Sevices, emails (and related data), customer relationship management information, call recordings and website usage data.
- a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the applicable Stonehouse Products.
Information we obtain from other sources.
- This might include information obtained for the purpose of our know-your-client procedures (which include anti-money laundering procedures, counter-terrorist financing procedures, politically-exposed-person checks, sanctions checks, among other things), information from public websites and other public sources and information received from your advisers or from intermediaries.
PURPOSE OF DATA COLLECTION
- The personal information we collect is for the following legitimate interest:
- Provision of financial products and services;
- Responding to your enquires;
- Administration of your investments;
- Promotion of ideas and events relating to services we provide;
- Keeping your records accurate and up to date,
- Maintenance of records of communications and management of your relationship with us;
- Compliance with any present or future law, rule, regulation, guidance, decision or directive (including those concerning anti-terrorism, anticorruption, fraud and AML);
- Carrying out, in appropriate cases, KYC checks and other procedures that we undertake prior to you becoming a customer of ours;
- Prevention and detection of fraud and other illegal activity or misconduct; and
- Informing you about compliance with legal and regulatory obligations and provide related guidance.
WHO WE SHARE YOUR DATA WITH
We may also share your Personal Data outside of the Stonehouse for the following purposes (in pursuit of our contractual obligations to you as a client):
- with our business partners. For example, this could include our partners from whom you or your company or your organisation purchased the Stonehouse Services. Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
- law enforcement agencies; financial regulators and other relevant regulatory authorities; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies;
HOW LONG WE RETAIN YOUR DATA
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – Stonehouse will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
WHAT RIGHTS YOU HAVE OVER YOUR DATA
Your personal data is protected by legal rights (where applicable), and may include:
1. The right to be informed The right to be informed encompasses our obligation to provide ‘fair processing information’ through a privacy notice. It emphasises the need for transparency over how we use personal data.
2. The right of access You have the right to access your personal data and supplementary information. The right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. The right of access allows you to submit a Data Subject Access Requests (DSARs) for a copy of the personal data that we hold about you.
3. The right to rectification The GDPR gives you the right to have personal data rectified if it is inaccurate or incomplete.
4. The right to erasure The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data where there is no compelling reason for its continued processing. However, the right to erasure does not provide an absolute ‘right to be forgotten’.
5. The right to restrict processing You have the right to ‘block’ or suppress processing of personal data, which will make it restricted, and permit us to store the personal data, but not to further process it.
6. The right to data portability The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The right to data portability only applies to personal data you provided to us, where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.
7. The right to object
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. You must have an objection on “grounds relating to your particular situation” if processing is based on performance of a legal task, our legitimate interests, or research purposes.
8. The right in relation to automated decision making and profiling
Article 22 of the GDPR has additional rules to protect you if we are carrying out solely automated decision-making that has legal or similarly significant effects on you. We will only carry out this type of decision-making where the decision is: necessary for the entry into or performance of a contract, authorised by Union or UK law applicable to us, or based on your explicit consent.
COOKIES, ANALYTICS AND TRAFFIC DATA
The Stonehouse website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics sets two cookies in order to evaluate your use of the website and compile reports for us on activity on the website.
The information collected by these cookies is anonymised and limited to website use and performance, device operating system, browser type, internet service provider name and non-specific geographic location. Google will not associate your IP address with any other data held by Google. By using the Stonehouse website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
HOW TO CONTACT US
If you have any comments, questions, concerns or complaints about how we are processing your information, please contact us at the email below. If we are unable to address your concerns, you also have the right to challenge our data processing decisions with a supervisory authority.
If you have any comments, questions or concerns about this Policy, please contact us at [email protected]