Frank Investments Limited, its subsidiaries and associated businesses (‘Frank Investments’ and ‘we’) are committed to protecting your personal data and your privacy. We endeavour to ensure that any personal data we collect about you will be held and processed strictly in accordance with the Data Protection Act 1998 (DPA) and, on and from 25 May 2018, the European General Data Protection Regulation (GDPR). The terms Personal Data, Data Controller and processing have the meanings given to them in the GDPR unless otherwise indicated.
Which policy is relevant to your situation?
At Frank Investments, we collect and process Personal Data in a number of ways. For instance, please see the below:
- You are browsing our website, inquiring about our services; receiving our marketing communications, responding to one of our surveys or otherwise interacting with us as a prospective, current or former customer other than in connection with ongoing services we are providing to you or your organisation;
- You are a client of Frank Investments;
- You are applying for or inquiring about a job at Frank Investments
- You are an employee or contractor of Frank Investments
- You are a supplier or service provider to Frank Investments.
Please note that we are in the process of updating all of our policies in order to ensure they are compliant with the GDPR before May 2018. Some of the information in this policy may, therefore, be temporarily unavailable. If this is the case, please check our website again at a later date or contact us.
- by you submitting information to us through our website www.frankinvestments.co.uk or when you subscribe to our newsletter and or blog (Website User Data);
- through your use of our other marketing resources, such as events or webinars which we run or sponsor (Marketing Data);
- from what we learn about you from your visit to our websites (Website Background Data); and/or
- by you otherwise interacting with us a prospective, current or former customer, (for example, where you provide your business card to us) other than in connection with ongoing services we are providing to you or your organisation (Prospect Data).
This statement does not apply to:
- the collection and processing of Personal Data while providing investment or regulatory or other services to our clients. For information about privacy in the context of services provided to our clients, please contact the relevant Frank Investments person responsible for your matter.
- the collection and processing of Personal Data about our employees or contractors. For information about privacy in the context of doing work for Frank Investments please contact Frank Investments.
- the collection and processing of Personal Data in relation to job candidates or applications for roles advertised on this website. For information about privacy in this context, please contact Frank Investments.
- the collection and processing of Personal Data on our suppliers or service providers. For information about privacy in this context, please contact Frank Investments.
2. Identity and Contact Details of Data Controller
For the purposes of the DPA and the GDPR, Frank Investments is the controller of Your Data. If you have any queries regarding this policy or complaints about our use of Your Data, please contact us at firstname.lastname@example.org, email@example.com or at the address below and we will do our best to deal with your complaint or query as soon as possible.
Frank Investments Limited,
57 Berkeley Square,
FAO: Data Processing
3. What we use Your Data for
The table below sets out the purposes for which we may process Your Data and the legal basis for the processing:
4. Who we share Your Data with
Please note that we may on occasion be required to share your information with the following categories of recipients:
- Third parties who provide services on our behalf. For example, we use third parties such as MailChimp and Squarespace to provide marketing automation services. A full list of all our third-party service providers is available on request.
We have taken steps to ensure that all such entities keep Your Data confidential and secure and only use it for the purposes that we have specified and have informed you of. Our service providers are subject to data processing agreements which are or are in the process of being updated to become, compliant with the requirements set out in the GDPR. Further details regarding any third parties who are located outside the EEA are set out in paragraph 5 below.
In relation to any other third parties, we will only disclose your information in the following circumstances:
- where you have given your consent;
- where we are required to do so by law or enforceable request by a regulatory body;
- where it is necessary for, or in connection with legal proceedings or in order to exercise or defend legal rights; and
- if we sell our company, go out of business, or merge with another company.
5. International Transfers
In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are always made in accordance with the DPA and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
Bank Julius Baer in the Channel Islands
Custody and Administration of our managed accounts are with Bank Julius Baer in Guernsey in the Channel Islands. The European Commission has ruled that Guernsey offers adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the DPA and GDPR.
6. Retention Period
Your Data will be stored for a maximum period of 6 years, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained. If you consent to marketing, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information. unless we request your consent to store it for a longer period.
7. Your Rights in relation to Your Data
Under the GDPR, you will have the following rights in relation to how we process Your Data:
- Right to request access – you may obtain confirmation from us as to whether Your Data is being processed and, where that is the case, access to Your Data.
- Right to rectification and erasure – you have the right to obtain rectification of inaccurate personal data we hold concerning you and to obtain the erasure of Your Data without undue delay in certain circumstances.
- Right to the restriction of processing or to object to processing – you may require us to restrict the processing we carry out on Your Data in certain circumstances or to object to us processing Your Data.
- Right to data portability – you have the right to receive Your Data in a structured, commonly used and machine-readable format.
- Right to withdraw consent – where you have provided your consent to us processing Your Data, you have the right to withdraw your consent at any time. This can be done by emailing firstname.lastname@example.org or email@example.com any time or by clicking the “unsubscribe” link on any marketing communications you receive from us.
- Right to lodge a complaint – you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for the United Kingdom is the Information Commissioner’s Office.
For further information on your rights, please see the Information Commissioner’s website here.
8. Additional Information
- There is no statutory or contractual requirement for you to provide Your Data to us and you are not obliged to do so. Please note, however, that we may not be able to provide you with the services you have requested, such as to receive our newsletter and or blog if you do not provide your contact details. As set out in our cookies policy, our website may not be able to function fully if you do not agree to certain cookies being set on your computer.
- We do not undertake automated decision-making or profiling on Your Data.
9. Security of personal information
We recognise the need to ensure that personal information gathered via this website remains secure. Our storage of data has security measures in place to protect against the loss, misuse and alteration of the personal information under our control. Our security measures include encryption to prevent unauthorised access. You acknowledge that although we exercise adequate care and security there remains a risk that information transmitted over the Internet and stored may be intercepted or accessed by an unauthorised third party.
10. Data obtained indirectly
In some circumstances, we may obtain Personal Data about you from other sources. This information may include your name, contact details and job title, which we obtain from third-party sources such as industry market research providers, organisers of events we sponsor or other publicly available sources, such as your company’s website.