Privacy & Cookie Policy

We treat your right to privacy very seriously and we are committed to ensuring your personal data is protected. Our Privacy Policy contains important information on how we comply with applicable UK data protection legislation. The General Data Protection Regulation (GDPR) sets out the rules about the data that we are permitted to collect, what we do with that information, who we may share it with, and your choices and rights relating to that data.

We have described below how we deal with your confidential information and who to contact if you have any questions. For details of the privacy policy that applies to the use of the YourCAM portal and app, please click here.

How to contact us

If you have any questions about our Privacy Policy or the information we collect and use about you, please contact:

Patsy Anang - Data Protection Officer
City Asset Management
7 Bishopsgate, London
EC2N 3AR

Email: CIS@city-asset.co.uk

What information do we collect on you?

In order to provide services to you, we will need to hold various types of data about you. We’ve described the type of information below, together with examples:

Information about who you are - name, date of birth and contact details.
Information connected to the service of your portfolio - bank account details, mandate, risk profile.
Information about your circumstances - your financial details, investment knowledge and objectives, employment, and other investments.
Information about your contact with us - meeting notes, phone calls, recordings of meetings held via Teams or Zoom, emails and letters.
Information that is automatically collected - cookies when you visit our website.
Information when you visit our office - visual images collected via closed circuit television (CCTV) or recordings of meetings.
Information collected as sensitive personal information - details relating to your health, marital or partnership status, and domestic arrangements. We are under the strictest possible obligations in relation to this type of information under GDPR and it would very rarely be shared with third parties.
Information you provide about other people - joint applicants or beneficiaries or authorities on your accounts.
Information on children and dependants - this will generally include name, age, gender, and current occupation.

How do we collect your information?

We mostly collect your personal information directly from you, including:

Application forms, Fact Finds and Risk Profiling.
Phone conversations.
Emails or letters you send to us.
Meetings with our team.
Our online services, such as the client portal and website.

If you have a financial adviser, the information we collect and use may have been provided by them on your behalf. We may also collect personal information about you from places such as directories or other publicly available sources to check or improve the information we hold, like your address, or to give better contact information if we are unable to contact you directly.

The data you have provided may be shared with fraud prevention agencies to prevent fraud, money laundering and to verify your identity. We may also share information with tax or regulatory authorities where we have a regulatory or legal obligation to do so.

How do we use your personal information?

We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary and lawful to do so. We will collect and use your information only where:

You have signed up to portfolio management services with us or have asked us to provide you with financial advice. This may include us making data available to our agents and our third-party custodian for the purpose of executing orders, settlement of transactions and holding investments and money for you. It may also include other related purposes, such as printing your quarterly. Valuations and annual tax packs. This is known as the ‘Contract’ purpose under GDPR).
It is necessary for us to meet our legal or regulatory obligations (the ‘Legal Obligation’ purpose). This can include telling you about changes to our terms and conditions, preventing financial crime, details required by regulatory or government agencies. Where we need to verify your identity so that we can comply with the regulations around fraud, money-laundering, and terrorist financing. If it is in your or our interest (‘Legitimate Interest’) to provide you with information or options about investments that may affect you or provide updates on policy changes that may impact you. This may include changes to tax or regulatory rules or to our operations and service. You have given us your permission (‘Consent’) to send you information about our products and services and/or selected third parties which may be of interest to you. For example, if you are discussing investing in a VCT or SIPP arrangement with us.

Please note that we only use details on children to manage portfolios where they may be the beneficiary and will only collect and use the information required to ensure the effective management of that portfolio. Where we collect sensitive personal data, we will only use this information where needed to provide our service to you or comply with our legal obligations. When providing data is optional, we will ask for your consent. However, if you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our services.

If we change the way we collect, use or store your information, we will provide you with an updated policy and details on the changes.

Marketing Preferences

We may use your name, address and email address for marketing to you when you have consented for us to do so. We will contact you according to your preferences and consent. You have the right to revoke consent at any time using the unsubscribe button on any email material or contacting us directly to remove you from our lists of marketing recipients.

Who may we share your information with?

We may share your information with third parties for the reasons detailed above. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure. This can include your financial adviser and companies we have chosen to support us in the delivery of services we offer to you, such as SIPP providers.

All companies that process your data in relation to our services must undergo a due diligence process to ensure their integrity and commitment to providing the agreed service and protection of data provided to them in that regard.

In addition, to comply with law and regulations, we may need to supply your data to the following organisations:

Our regulators, the Financial Conduct Authority (FCA) and the Information Commissioner’s Office for the UK (ICO).
Law enforcement, credit and identify check agencies for the prevention and detection of crime.
HM Revenue & Customs (HMRC) for the purpose of tax information for both UK tax requirement and/or other country obligations you may be liable for.

We will never sell your details to someone else or pass them to a third party outside of the financial service industry who is not directly connected to the service we provide to you.

How do we protect your information?

We take information and system security very seriously and we strive to meet the highest possible standards. Any personal information which is collected, recorded or used in any way, whether on paper, online or via any other media, will have appropriate safeguards applied in line with our data protection obligations.

Your information is protected by controls designed to minimise loss or damage through accident, negligence or criminal activity such as hacking, cyber attack and fraud. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and we deliver regular mandatory training to all staff, regardless of their role at CAM. Our high levels of protection extend to working from home practices..

Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.

Where is your information processed?

The majority of your information is processed in the UK and European Economic Area (EEA).

However, some of your information may be processed by us or third parties we may work with outside of the EEA, including countries such as the United States. Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws. We put in place legal agreements with our third-party suppliers and do regular checks to ensure they meet these obligations.

How long do we keep your information?

We will keep your personal information only where it is necessary to provide you with our products or services while you are a client.

We may also keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the specific obligations we need to meet.

What are your individual rights?

GDPR grants you important rights in relation to how we use your information. Please note that these rights do not apply in all circumstances, and we will discuss the details of these exceptions to you if you wish.

Right to be informed - You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with. We address this in this Privacy Policy and privacy notices and disclosures with you.
Right of access – You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold about you, you may make a data subject access request. For more information, please see the section below.
Right to request that your personal information be rectified - If your personal information is inaccurate or incomplete, you can request that it is corrected. Please note that, in order for us to provide you with our service, it is important that you keep us updated on any changes to your personal circumstances.
Right to request erasure - You can ask that your information be deleted or removed. However, we are under legal requirements to keep many details after you cease to be a client. This is because we need to meet our obligations to our regulator, tax authorities and government agencies and also to maintain system integrity. For example, the FCA requires that information on pension transfers must never be destroyed or deleted. In some cases, it may also be in your interest for us to continue to keep information so that we may assist you in queries about past services.
Right to request deletion of your data - We promise to look at your request and delete any data that may no longer be required or not related to our outstanding obligations or requirements where law and regulation permits us to do so. Access to your information is restricted and protected within our IT infrastructure at all times. Once you cease to be a client, this information is further restricted to protect data that isn’t required to be processed but only maintained. This will continue for any information that we are unable to delete at your request.
Right to restrict processing - You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information, but only to ensure we don’t use it in the future for those reasons you have restricted. In some cases, this could restrict our ability to continue our services and we will discuss the impact with you.
Right to data portability - You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may transfer some of the information we hold to another company in a safe and secure way, for example, if you were moving your portfolio to a new provider.
Right to object - You can object to us processing your personal information where: it’s based on our legitimate interests (including profiling); for direct marketing (including profiling); if we were using it for scientific/historical research and statistics; or we notify you of changes to the way we process or use your information. In some cases, this may limit the service we are able to provide to you and we will discuss any impact with you at the time of objection.

How can you access the data we hold about you?

You have the right to request the personal information that we hold about you and to obtain a copy of this information, or if you have any queries, please write to us or email to the following address:

Patsy Anang - The Data Protection Officer
City Asset Management Plc
7 Bishopsgate
London
EC2N 3AR

CIS@city-asset.co.uk

We will provide the information to you or, in the case of more complex requests, provide you with the date of when information will be available within 30 days of your request.

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. They can be contacted via their website at: https://ico.org.uk/

Cookies

A cookie is a small file of alphanumeric characters that is downloaded to your computer’s hard drive via your web browser, that enables the website you are accessing to recognise your device. They are widely used to help aid website efficiency as well as provide information to the website owners.

Our website currently uses cookies for two reasons. Firstly, to improve your personal user experience and secondly to understand how our website is being used. Most modern browsers allow you to decide whether to accept cookies, and how long to keep them, but, if you reject cookies, it may impair some of the functionality of this website. We undertake not to abuse the personal identification aspect of cookies.

This website is built on the Squarespace platform. Squarespace may use cookies which are necessary for the proper operation of their system, and to track the usage of this website. These cookies provide statistics to help the site owners understand how the site is being used and, ultimately, provide an improved user experience. These statistics do not include your personal details or any other information that identifies you.

Our website also uses Google Analytics, which are cookies designed to collect information on how visitors use our site. The cookies collect information in an anonymous form. For more information visit Google’s privacy overview.

You can opt out of being tracked by Google Analytics across all websites here.

How we use cookies

We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could improve. Google Analytics stores information about what pages are viewed, how long users are on the site, how they got here and what they have clicked on. We do not collect or store your personal information (e.g., your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data and Google’s privacy policy is available here.

The following cookies are used by Google Analytics:

Name: _utma