The CAMG LLP (CAMG) is committed to protecting your personal information in accordance with the General Data Protection Regulation (GDPR) and any successor Data Protection laws and regulations as applicable in the United Kingdom, in line with the highest standards of ethical conduct.
This policy sets forth important information about the expected behaviours of CAMG Employees and Third Parties in relation to the consent, collection, use, retention, transfer, disclosure, and destruction of any Personal Data belonging to a CAMG client (i.e. the Data Subject). CAMG, as a Data Controller- i.e. any organisation that handles Personal Data, is responsible for ensuring compliance with the Data Protection requirements outlined in this policy.
How to contact us
FAO Data Protection Officer- Ian Ruddock
WeWork Southbank Central
30 Stamford Street
Information we collect and use
Information about you that we collect and use includes:
- Information about who you are e.g. your name, date of birth and contact details
- Information connected to your product or service with us e.g. your bank account details
- Information about your contact with us e.g. meetings, phone calls, emails/letters
- Information that is automatically collected e.g. via cookies when you visit one of our websites
- Information if you visit one of our offices e.g. visual images collected via closed-circuit television (CCTV)
- Information classified as ‘sensitive’ personal information e.g. relating to your health, marital or civil partnership status. This information will only be collected and used where it’s needed to provide the product or service you have requested or to comply with our legal obligations
- The information you may provide us about other people e.g. joint applicants or beneficiaries for products you have with us
- Information on children e.g. where a child is named as a beneficiary on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender)
What are cookies?
A cookie is a small file – it’s saved onto your computer or other devices when you visit our website.
Cookies store small pieces of information. For example – they will remember you’ve visited our website or performed a certain action.
Cookies also let us know which pages of our website you visited; they help us develop and market our products and services. They also help us track sales.
- Persistent cookies – these stay valid, and will work until their expiry date (unless you delete them before they expire)
- Session cookies – these expire when you close your web browser
Where we collect your information
We may collect your personal information directly from you, from a variety of sources, including:
- an application form for a product or service
- phone conversations with us
- emails or letters you send to us
- meetings with one of our advisers
- registering for one of our events e.g. an AGM event or webinars
- carrying out suitability reviews to help us understand you better and improve our products and services
- our online services such as websites, social media
If you have a financial adviser, accountant, lawyer, trustee and/or are a member of a pension scheme or are a beneficiary of a trust, the information we collect and use will most likely have been provided by them on your behalf.
Where appropriate, we may also need to collect personal information on you from places such as business directories and other commercially or publicly available sources such as the Electoral Register e.g. to check or improve the information we hold (like your address) or to obtain better contact information if we are unable to contact you directly.
What we collect and use your information for
We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only where:
- you have given us your permission (consent) to send you information about products and services offered by members of the CAMG
- it’s necessary to provide the product or service you have requested e.g. if you wish to invest in one of CAMG’s funds, we will require some personal information including your name, address, date of birth, bank account details
- it’s necessary for us to meet our legal or regulatory obligations e.g. to send you Annual Statements, carry out suitability reviews, perform anti-money laundering background checks, tell you about changes to our Terms and Conditions or for the detection and prevention of fraud to protect your investments
- it’s in the legitimate interests of CAMG e.g. to deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your investment; where we need to process your information to better understand you and your needs so we can send you more relevant communications about the service you have with us
- it’s in the legitimate interests of a third party you have nominated e.g. sharing information with your financial adviser, accountant, lawyer, trustee or pension scheme for the governance of your investments
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our services.
Who we may share your information with
We may share your information with third parties for the reasons outlined in ‘What we collect and use your information for.’
These third parties include:
- Third parties you have instructed us to share information with
- Companies we have chosen to support us in the delivery of the products and services we offer to you and other clients e.g. fund administrators
- Our regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO)
- Law enforcement, credit, and identity check agencies for the prevention and detection of crime
- HM Revenue & Customs (HMRC) e.g. for the processing of tax relief on pension payments or the prevention of tax avoidance
We will never sell your personal information to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Where your information is processed
We process your personal information in the UK. Where information is processed by our fund administrator, we will ensure your information is protected under UK / EEA data privacy laws e.g. we will put in place legal agreements with our fund administrator and do regular checks to ensure they continue to meet these obligations.
How we protect your information
We take information and system security very seriously and we will aim to comply with our obligations always. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other medium, will have appropriate safeguards applied in line with our data protection obligations.
Your personal information is protected by systems and controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and are subject to ongoing training and monitoring to ensure these standards are maintained.
Our security controls are aligned with current industry standards and guidelines and are constantly under review; providing a controlled environment that effectively manages risks to the confidentiality, integrity, and availability of your information.
How long we keep your information
We keep your personal information for the duration you are a client of ours in order that we may provide you with our services. In the event you are no longer a client, we may also keep your information after this period but only where we are required to meet our legal and or regulatory obligations. As a regulated firm, we are obliged under the Financial Services and Markets Act (FSMA) to retain personal information. The length of time we keep your personal information for these purposes will vary depending on the legal obligations we need to meet.
Your individual rights
Under the GDPR you have several rights in relation to how CAMG uses your personal information. They are:
Right to be informed
You have the right to be informed about the collection and use of your personal data. This will include the purpose of processing your personal data, retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’. We will provide you with this privacy information at the time we collect your personal data from you.
Right of access
You have the right to access your personal data and supplementary information, we hold on you. This right of access allows you to be aware of and verify the lawfulness of the processing of the personal data we hold for you, you may make a data subject access request (DSAR).
Right to rectification
If the personal information we hold on you is incorrect or inaccurate you have the right to have your personal data rectified or completed if it is incomplete. You may make this request for rectification verbally or in writing.
Right to request erasure
You can ask for your information to be deleted or removed if there is not a compelling reason for CAMG to continue to have it.
Right to erasure
Subject to our regulatory and legal obligations you have a right to have personal data erased. This right is also known as ‘the right to be forgotten’ you can make this request verbally or in writing.
Right to restrict processing
You have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store your personal data, but not use it contrary to your instruction. You can make a request for restriction verbally or in writing.
Right to data portability
You have the right to data portability this allows you to obtain and reuse your personal data for your own purposes across different services. The right allows you to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. The right only applies to information you have provided to the data controller.
Right to object
You have the right to object to the processing of your personal data on the following grounds: where it is based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); for direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
CAMG can confirm that it will not process your personal data under any of the above grounds.
Rights related to automatic decision making including profiling
You have the right to ask for information about the processing of your personal information and request our intervention or challenge a decision where processing is done solely by automated processes and carry out regular checks to make sure that where automated decision making and profiling processes are used are working as they should.
CAMG can confirm that it does not use automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). As part of its decision-making process.
How to make a complaint
If you are still unhappy, you can report your concerns to the Information Commissioner’s Office. You can report your concerns at:
NB this policy is constantly under review, so please check our website for the most recent version.