Feoh Investments UK LLP (the “Firm”) is a limited liability partnership incorporated under the laws of England and Wales authorised and regulated by the UK Financial Conduct Authority (“FCA”).
For the purposes of the General Data Protection Regulation (“GDPR”), the Firm will be the “controller” of the personal data you provide. Please review the following information to understand the Firm’s practices in relation to the treatment of your personal data.
The Firm will adhere to the following data privacy principles:
- The Firm will process all personal data in a lawfully, fair and transparent manner;
- The
Firm will only collect personal data where it is necessary;
- For the Firm to provide a service to you;
- For you to provide a service to the Firm;
- For the Firm to keep you informed of its products and services; or
- For the Firm to comply with its legal and regulatory obligations.
- The personal data collected by the Firm will be adequate, relevant and limited to what is necessary in relation to the specific purpose for which your data will be processed;
- The Firm will take all reasonable steps to ensure that personal data is accurate and, were necessary, kept up-to-date;
- The Firm will maintain personal data in a form that permits identification no longer than is necessary for the purposes for which the personal data has been collected for processing, in accordance with the Firm’s record retention requirements as mandated by the Financial Conduct Authority;
- The Firm will hold and process person data in a manner that ensures appropriate security;
- The Firm will only share personal data where it is necessary to provide the agreed service or where it is necessary for the Firm to comply with its legal and regulatory requirements.
- The Firm will only utilise a service provider based outside of the EEA for the processing of personal data where this is strictly necessary to facilitate services to you. In all cases, the Firm will ensure service providers are fully compliant with GDPR ahead of transferring any personal data.
In the course of providing products/services to you, the Firm may collect information that is considered personal information (e.g. name, contact details, address, passport number, driving licence information). The Firm may require some personal information from you, whether you are a client, contact or employee of the Firm, to verify your identity or to enter into or maintain the applicable relationship with you. Some of this information may be required to satisfy legal obligations (e.g. to comply with obligations arising under the money laundering regulations) whereas other information may be required in connection with the provision of services to you. The information collected will vary depending on the service the Firm provides to you or you provide to the Firm, but may include:
- Personal information: E.g. your name, date of birth, passport number or national insurance number;
- Contact information: E.g. your address, telephone number and email address.
The Firm has policies and procedures in place to ensure your personal data is kept safe and secure. These may at any time include:
- Data encryption;
- Firewalls;
- Intrusion detection;
- Background checks for personnel that access physical facilities; and
- Security procedures across all service operations.
Additionally, third-party facilities where some of your data may be stored or backed up, including facilities supporting the cloud infrastructures of major US technology companies such as Alphabet and Microsoft, are subject to additional protection provided by the owners and operators of those facilities.
As a regulated entity, the Firm is required to maintain its books and records for a prescribed period (five years from either the ceasing of a business relationship, or, in the case of non-clients, from the making of a record – or alternatively, for seven years, where specifically requested to do so by the Financial Conduct Authority). As such, information that falls in scope of either of these requirements is retained in line with the mandated timeframe. Any information outside the scope of this requirement will be retained whilst relevant and useful, and destroyed where this ceases to be the case or where the data subject specifically requests this.
The GDPR requires the Firm to inform you of the legal basis on which it maintains your personal data. The Firm may reach out to you personally to confirm this; however, as a general rule the following is applicable:
- Clients – Information is maintained on the basis of contractual obligation and/or legitimate interests (where relevant);
- Service providers – Information is maintained on the basis of contractual obligation; and
- Database/marketing contacts – Information is maintained on the basis of legitimate interest.
Once you have provided your details to the Firm, you have certain rights which apply, depending on your relationship with the Firm, the information you have shared with the Firm and the Firm’s legal and regulatory obligations.
- You have the right to request a copy of the information the Firm holds about you. The Firm will endeavour provide this information to you within one month (with the ability to extend this by an additional two months where necessary) free of charge.
- You have the right to request that the information the Firm holds about you is erased under certain circumstances, including where there is no additional legal and/or regulatory requirement for the Firm to retain this information.
- As a client, you have the right to request that any information the Firm holds about you be provided to another company in a commonly used and machine-readable format, otherwise known as “data portability”.
- You have the right to ensure that your personal information is accurate, up to date and rectified where necessary.
- You have the right to object to your information being processed, for example for direct marketing purposes.
- You have the right to restrict the processing of your information, for example limiting the material that you receive or where your information is transferred.
- You have the right to object to any decisions based on the automated processing of your personal data, including profiling.
- You have the right to lodge a complaint with the Information Commissioner’s Office if you feel that the Firm has not processed your data in accordance with GDPR, any contractual agreements or this privacy notice.
The Firm may, from time to time, review and update this policy. The Firm will maintain the latest version of this policy on the Firm’s systems and it is available from the Firm on request. Where material changes are made, the Firm may be obliged to make you aware of these. Should you have any questions, concerns or complaints about the manner in which the Firm proposes to handle or has handled your data, you may contact the Firm at dataprotection@feohinvestments.com.