Data Protection Notice
Wealth & Investment
All personal information provided by you and/or your financial adviser will be treated in accordance with (a) the Data Protection Directive 95/46/EC and ePrivacy Directive 2002/58/EC as implemented by countries within the EEA, (b) from 25 May 2018, the General Data Protection Regulation, and/or (c) other laws that are similar, equivalent to or that are intended to implement, amend, or replace, the laws that are identified in (a) and (b) above (the “Data Protection Legislation”).
Personal data is information which directly or indirectly identifies you. We at Investec Wealth & Investment Limited are committed to processing your personal data in accordance with EU data protection laws. For the purposes of EU data protection laws, Investec Wealth & Investment Limited is the data controller.
It may be necessary for you to give us personal data so that we can provide you with the requested products and services, fulfil any contractual relationship with you, inform you of our services, comply with applicable laws, regulations and/or codes of practice and for the other purposes as set out in this notice where in our legitimate interests.
Collecting your personal data
We may collect your personal data in a number of ways, including from:
- you, for example, when you:
- apply for and use our products and services;
- call us, we will monitor and/or record your telephone calls
- enter into any agreement with us;
- contact and interact with us;
- ask us to contact you;
- attend events, participate in surveys, prize draws or competitions
- apply for and use our products and services;
- someone else for example, if a person applies for a joint account with you they may share your personal data with us or if you are a stakeholder in or manager of a business, and the business applies for products or services or enters into an agreement or interacts with us, we may obtain personal data about you to carry out checks against the business
- third parties such as credit reference agencies, fraud prevention agencies, financial advisors, introducers, research and data analysis partners
- public sources - for example, Companies House
- you, for example, when you:
What personal data we collect
Types of information we may collect includes:
Type of information Examples of information Personal details
- date of birth
- contact details
- tax details
- employment details
- regulatory history (where applicable)
- income and outgoings
- assets and liabilities;
- bank details
- account information and history
- account activity
- credit history and information (where applicable)
- shareholdings (where applicable)
Information we have from our dealings with you or from anyone acting on your behalf
- recordings of telephone calls with us
- records of our interactions/correspondence with you
- details of your transactions
Sensitive personal data (we will only collect this with your explicit consent or where the processing is specifically authorised by a regulatory body or required by law)
Including but not limited to the following:
- biometric data, such as voice or fingerprint information;
- religious beliefs
- sexual orientation;
- political affiliation;
- race and ethnicity
If you give us information about somebody else
You must make sure that if you give us personal data about someone else, you should have a lawful basis for doing so, for example, you have their consent to share personal data with us. Where applicable, you should ensure they read this Data Protection Notice and understand how we will use and disclose their information, in the ways described in this Data Protection Notice.
How we may use your personal data
We may use your personal data for reasons including but not limited to the following:
- to verify your identity;
- to verify the accuracy of the data you have provided to us;
- to provide products and/or services requested by you;
- to manage your accounts;
- to manage any contractual relationship with you;
- to make credit decisions (where applicable);
- to trace and recover debts;
- to detect and prevent fraud and money laundering;
- to administer surveys, prize draws or competitions;
- to manage events;
- to conduct analysis and market research, for example, to identify trends in the use of our products and services so that we can:
- improve the products and services we provide to you;
- improve our business;
- keep you up to date with relevant products and services
- to comply with applicable laws, regulations and/or codes of practice;
- to support research and analytics that assist us in marketing our products and services.
How will we use your personal data to make automated decisions
Detecting and preventing fraud
We use real time fraud detection systems to help us to identify whether your account may be being used fraudulently. These systems make automated decisions for us and take account of information such as fraud patterns. Your personal data may be used to make these decisions. For example, fraudulent activity may be suspected where there is unusual activity on your account. If we suspect a risk of fraud, we may stop any activity on the account, or refuse access to the account. You have the right to object to an automated decision, and ask for someone to review the decision.
- to verify your identity;
How we may disclose your personal data
We may disclose certain personal data as follows:
- to other affiliates in the Investec Group. Investec Group consists of Investec Bank plc (a company registered in the UK) and Investec Limited (a company registered in South Africa) and any of their direct or indirect subsidiaries and/or holding companies;
- to our professional advisors, receivers and administrators (where applicable), and service providers (including for example, information technology systems providers) who may help us provide products or services;
- to courts, governmental and non-governmental agencies, regulators and ombudsmen;
- law enforcement agencies;
- relevant tax authorities;
- to any relevant third party in the course of an acquisition, sale, transfer, reorganisation or merger of parts of our business or our assets;
- as required or permitted by law or regulation, where we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of the Investec Group, our clients, or others;
- where you have been introduced to us by an introducer (e.g. an independent financial adviser), unless you have told us not to, we will inform the introducer of the outcome of the enquiry including whether we have agreed to provide you with the relevant product or service;
- to credit reference agencies (CRAs). See CRA section below;
- to fraud prevention agencies (FPAs). See FPA section below.
You may also ask us for details of the CRAs and FPAs we have used for your searches. If there are any errors in the information we hold about you, please tell us so we can correct the information we hold about you.
Credit Reference Agencies (CRAs)
In order to process your application, we may perform credit checks (where applicable) and identity checks on you with one or more credit reference agencies (“CRAs”).
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history (where applicable). CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- verify the accuracy of the data you have provided to us;
- assist in the prevention of criminal activity, fraud and money laundering;
- manage your account(s)
- trace and recover debts
We may continue to exchange information about you with CRAs while you have a relationship with us.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other firms.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites – visiting any of these three links will take you to the Credit Reference Agency Information Notice (CRAIN document):
- Call credit www.callcredit.co.uk/crain
- Equifax www.equifax.co.uk/crain
- Experian www.experian.co.uk/crain
Fraud Prevention Agencies
FPAs use your personal data to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.
Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be viewed at https://www.investec.com/en_gb/legal/UK/fraud-prevention-notice.html
Transfer of Personal Data Outside the European Economic Area (“EEA”)
We may transfer your personal data to recipients who may carry out services on our behalf (including affiliates in the Investec Group) located in countries outside of the EEA, including South Africa. If we transfer your personal data to such a country, we will take all necessary steps to ensure your data is protected to an equivalent standard as within the EEA.
You have the right to:
- request access to your data and information and about how it is being used;
- request rectification or erasure of your personal data;
- request restriction of processing or to object to processing of your personal data; and
- request data portability (i.e. to request the transfer of personal data from one data controller to another
If you wish to exercise any of these rights or withdraw consent to use your personal data you should contact the Data Protection Officer as described below. You also have the right to lodge a complaint about the processing of your personal data with your local data protection supervisory authority (in the UK, the Information Commissioner’s Office).
We may contact you periodically to provide information regarding events, products, services and content that may be of interest to you and to invite you to participate in market research. If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. Where this information is provided electronically we may track your response, for example which emails you open.
If you wish to stop receiving marketing or market research communications from Investec Wealth & Investment Limited you can click on the unsubscribe link in the marketing communication or contact the Data Protection Officer as described below.
Security and Data Retention
We will take steps to protect your personal data against loss or theft, as well as from unauthorised access, disclosure, copying, use or modification, regardless of the format in which it is held. Subject at all times to applicable laws, we will retain your personal data for a period of at least 7 years from the end of the relationship to enable us to fulfil our record keeping obligations.
Please contact the Data Protection Officer using the details below for further information regarding data retention periods.
Changes to this Data Protection Notice
We may revise or supplement our Data Protection Notice from time to time to reflect for example, any changes in our business, law, markets, or the introduction of any new technology. We will publish the updated Data Protection Notice on our website at: www.investecwin.co.uk/data-protection-notice
Enquiries, Requests or Concerns
All enquiries, requests or concerns regarding this Notice or relating to the processing of personal data, should be sent to the Data Protection Officer using the following contact details: Investec Wealth & Investment Limited, 30 Gresham Street, London, EC2V 7QN, United Kingdom or email [email protected]