PRIVACY NOTICE FOR CLIENTS OF HOGG CAPITAL INVESTMENTS LIMITED & FOR ITS TIER1FX ONLINE BROKERAGE DIVISION
Dated: 25th May 2018
This privacy notice explains how Hogg Capital Investments Limited and Tier1FX, (hereafter collectively referred to as “the Company”, “us”, “we”, “our”) uses any personal information we collect about you.
The Company complies with the General Data Protection Regulation (“GDPR”) (EU) 2016/679 of the European Parliament and of the Council on 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Enforceable from 25 May 2018 GDPR represents the basis upon which this Privacy Notice is prepared. Because GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable. There is therefore one set of rules for all companies processing data in the European Union.
The Company will collect and use personal data in order to comply with its legal duties to you as an investing client, for example to keep records of transactions and to provide one or more services as may be detailed within the Company’s Terms of Business. As such, we are classified as a “data controller” of the personal information we process. This means that we decide why and how personal information is used. The Company does not process data for other companies.
The data we hold is collected via our account application process and throughout our relationship with you. This includes your name, your address and other contact details including phone and mobile numbers, email addresses, your date of birth, your gender, your title, your passport or other visual, including government, identification details. In terms of our regulatory obligations as a licenced investment intermediary, investment advisor and portfolio manager, the information we will hold may additionally include details of your education, your investment experience, your financial situation including information regarding your net worth, your financial details including bank accounts, audio and/or video recordings (calls may be recorded for regulatory purposes), contractual information relating to your account(s) with us detailing your investment choices and/or objectives, and importantly your tolerance to risk, along with (as applicable) third party information where there may be an executor or a power of attorney connected to your account(s).
The data we collect from and about you is primarily for the purposes of the Company to provide a suitable and appropriate service to you and to comply with its regulatory obligations.
It nevertheless represents sensitive data about you which has been collected with your explicit consent, and the use of this information for any other purposes, for example for marketing purposes, is voluntary.
We will not lend or sell your information to third parties.
Will we share your data?
The Company’s employees will access your records in the ordinary course of our professional undertakings to you. However, access is granted only to those employees permissioned to review this information. We regularly check who has access to our systems.
The Company will share your personal data with certain third parties solely on a need to know basis. This would include service providers tasked with executing your investment transactions and where necessary with settling and administering these transactions. They would also include the Company’s appointed auditors, accountants, lawyers and other professional advisors (including your own financial advisors and asset managers), to the extent that they will require access to your information to provide advice; fraud prevention agencies and other organisations to enable the Company to undertake relevant checks; providers of investments or services which we may recommend, ranging from direct securities, collective investment schemes, including Exchange Traded Funds, and selected financial instruments including Contracts for Differences, alongside investment platforms, discretionary management services, custodians and other such products or services.
We may also be required to share your information with the Malta Financial Services Authority, the Financial Intelligence Analysis Unit, the Arbiter for Financial Services, the Malta Investor Compensation Scheme, the Information and Data Protection Commissioner or any other regulatory or competent authority entitled to require disclosure. This could include the order of a Court, or the order of authorities tasked with the investigation and prevention of fraud or other activities believed to be illegal or otherwise in breach of applicable law. It would similarly apply to tax regulations where we may be obliged to share information about your account with the relevant tax authority, who may in turn forward this to tax authorities in other jurisdictions.
The Company may need to share your personal information with service providers operating in countries outside the European Economic Area. Where we will be required to do so, we shall ensure that this process will be in accordance with current data protection legislation.
We will undertake at all times and to the very best of our professional abilities to protect your personal information. As you are aware however internet communication, including email, is not secure. We cannot accept any responsibility for unauthorised access by a third party or for the loss, theft or modification of data while it is being transmitted to us by email.
How long will we hold your data?
We will retain your personal information for as long as the Company considers it necessary to do so and specifically for the purpose(s) for which it was collected, and to comply with our legal and regulatory requirements. This will involve keeping your information for a reasonable period of time after your investment or your relationship with us has ended.
As a former client of the Company, we will keep most of your information for 5 years following the closure of your account, or longer as law or regulation may require. As an existing client, we are also required to retain recordings of telephone conversations with you for five years after they took place, or longer as directed by a competent authority.
If you are not a client of ours, having previously registered your interest to receive information from us, we will retain your information for one year after we last heard from you, unless you ask us to remove you from our database beforehand.
Subject to your agreement, the Company may send you information about our products and services and those of other companies in our group which it considers may be of interest to you, including invitations to events. The Company may do this via email or by post.
You have the right at any time to stop receiving marketing material from us. You can email us at firstname.lastname@example.org or update your “Email Notification” settings in the Profile section of your Client Portal at www.portal.tier1fx.com.
Details of these rights can also be found on the Information and Data Protection Commissioner (“IDPC”) website: https://idpc.org.mt.
* You have the right to access your personal data and require that we rectify any errors in the data that we hold.
* You have the right to request that we erase your personal data.
* In certain circumstances you may also require us to restrict the way we process your personal data.
* You may moreover object to its processing.
* You may request a copy of your personal data for the purposes of transmitting it elsewhere.
* Where we have requested and obtained your consent to process particular information about you, you may withdraw that consent at any time.
* Where we are relying on your consent to process your sensitive data you can withdraw it at any time.
Please note however that the application of these rights will vary according to the legal basis used to process your data. As detailed above, financial services and related regulations will require the Company to retain at least most of your personal data relating to the operation and where relevant the management of your investment account(s), and where applicable for a number of years following the closure of your account(s). Under such circumstances, we will not be able to erase or modify the data.
We will undertake to keep your personal information accurate. This will require us to contact you at regular intervals in order to update the data we hold in relation to the account(s) we hold for you. If at any time the information you have provided the Company becomes out of date, we ask you to notify us directly and we shall remove or amend the information, and in accordance with regulatory and legislative requirements.
If you have any concerns or complaints about the Company’s use of your personal information, please contact the Data Protection Officer at the address detailed below. if you are not satisfied with our response or believe that the manner in which we have processed your personal information does not comply with data protection law, you can also contact IDPC in its capacity as the Company’s supervisory body (“Contact Us” section on https://idpc.org.mt).
Changes to our Privacy Notice
The Company undertakes to keep this privacy notice under regular review. We reserve the right to update this privacy notice at any time and we will advise you when we make any substantial update to it.
A cookie is a text file that a website can send to your browser, which may then be stored on your hard drive for a more efficient access and online experience. A cookie will enable the Company to gather information on how visitors are using the website. It does this specifically to make improvements to the website.
The data collected will be used solely for statistical analysis relating to your browsing behavior on our website, including the number of visitors, the pages viewed, time spent on particular pages and so on. We will not know who you are (unless you visit our secure client pages). We will not store any personal or confidential information about you and the Company will not attempt to identify individual visitors via their IP address unless required to do so by law or regulation.
The Company does not have a Data Privacy Officer, as this is not a legal requirement given the nature and extent of its business interests. Our Compliance Officer will instead be responsible for the day to day compliance with GDPR and its requirements.
How to contact us
By email on email@example.com
By post to:
Hogg Capital Investments Limited,
Nu Bis Centre