Data Protection Policy Statement
OSMOSIS (HOLDINGS) LIMITED
OSMOSIS INVESTMENT MANAGEMENT UK LIMITED
OSMOSIS INVESTMENT MANAGEMENT US LLC
OSMOSIS INVESTMENT RESEARCH SOLUTIONS LIMITED
(together referred to as “Osmosis”)
Privacy Statement Introduction
The General Data Protection Regulation comes into force on 25th May 2018 and introduces significant changes to data privacy in the UK and the EU and is the most stringent data protection regulation in the world covering Personal Data. The regulations mean:
• An individual has greater control over his/her personal data,
• An individual can control who is permitted to contact him/her, how and what for,
• An individual can change your mind at any time.
Data protection is enhanced with strong financial penalties for breaches of data security. Personal Data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Identifiers include a wide range of information, reference numbers, online information and includes electronic and hard copy information and automated and manual systems.
Osmosis is committed to protecting your private information and we will keep your personal data confidential unless we are required to disclose it by law or regulation. Osmosis acts as Data Controller and Data Processor for this information. This privacy statement explains what information we collect from you, how we use any information, who we may share it with and why, your rights about the information you have given to us and the way we protect your privacy. We will review and update our policy within the regulations in force, from time to time, continued access to our service indicates your agreement to any changes.
Use of Personal Data
The law permits the use of personal data for restricted legal purposes as follows:
a) Contractual – to fulfil our contract with you – it is necessary to provide the product or service you have requested
b) Legal Duty – to meet our legal or regulatory obligations e.g. under the Financial Services and Markets Act and the rules of the Financial Conduct Authority
c) Legitimate Interests – when Osmosis has a business or commercial reason to use your information which does not unfairly use this information against your best interests
d) Consent – clear unambiguous and informed consent to holding your personal data
e) Vital Interest – to protect life
f) Public task
Osmosis uses Personal Data as permitted under the legal bases a – c above to provide services and comply with regulatory requirements and to ensure you are fully informed of Osmosis services and service developments. If Osmosis wants to hold Personal Data for other purposes it will seek your affirmative consent in advance and give an explanation of why it wants to hold the information and for what specific purpose. If you do not wish us to collect and use your personal information in this way, and inform us of your wishes we will not use your personal data but it may mean that we will be unable to provide you with our products and services. Currently Osmosis does not collect any such Personal Data from individuals (other than its employees) as its client base is restricted to institutional investors other than in relation to AML regulations where the personal data of individual directors/officers /employees/shareholders of clients may be required.
Whilst an individual’s business email address might be considered personal data, direct marketing to such email address is recognised as a legitimate interest (Recital 47 of the GDPR) and this is deemed a legal basis for holding and processing such data provided that as sender we identify ourselves and we provide a clear and easy way to opt-out.
Types of Personal Data collected by Osmosis
The information we may collect about an individual:
• Name, address, date of birth and contact details,
• Title, status and history,
• National Identifiers e.g. HMRC reference, National Insurance number,
• Documents in different formats or copies of them e.g. passport, bank,
• Contact details re meetings, phones calls, emails and letters,
• Transaction data.
Sources of Personal Data
We collect information directly from you and a variety of sources, including:
• Osmosis forms e.g. application forms,
• Phone conversations with us,
• Emails or letters that you send to us,
• Attending one of our events or webinars,
• Our online services such as websites, social media and mobile device application (Apps) ,
• Job applicants and our current and former employees,
• Via cookies when you visit our website,
• In customer surveys.
Disclosure of Personal Data
We may share your personal information with companies within the Osmosis Group of companies (Osmosis (Holdings) Limited is the parent undertaking of the Osmosis Group) and with a limited number of other organisations where necessary to provide Osmosis’s products and services to you and where required by regulation or law:
• Agents and advisers who we use to help run your accounts and services, e.g. Prescient Fund Services Ireland Limited,
• Our regulators e.g. Financial Conduct Authority (FCA), and the Information Commissioner’s Office for the UK (ICO),
• UK Financial Compensation Scheme,
• Law enforcement agencies, credit and identity check agencies for the prevention and detection of crime,
• Independent Financial Advisers,
• Organisations you ask us to share your data with,
• We never sell your details to other organisations or individuals.
We will process your information lawfully and keep your information safe and secure. We may also share your information if the corporate structure of Osmosis changes in the future, for example:
• We may choose to sell, transfer or merge parts of our business, or our assets,
• We may seek to acquire other businesses or merge with them,
• During such process, we may share your data with other parties,
We will only do this if they agree to keep your data safe and protected and are subject to UK Privacy regulation or overseas equivalent. If such changes to Osmosis happens, then other parties may use your data in the same way as set out in this statement.
Processing Personal Data
All your information is processed within the UK and the European Economic Area (EEA). We will only send your data outside the EEA to:
• Follow your instructions,
• Comply with legal requirements,
• Work with our agents and advisers used to provide our services to you.
If the data is transferred outside the UK and the EEA it will only be to countries that provide equivalent data privacy laws or are part of international privacy standards organisations to enforce equivalent privacy standards e.g. the Privacy Shield framework between the EEA and USA.
Protection of Personal Data
Osmosis complies with its obligations in taking information and system security seriously at all times. We have stringent controls in place to help protect Personal Data and to minimise loss or damage through accident, negligence of deliberate actions. Our employees receive annual training to help protect sensitive or confidential information. Our security controls are in line with industry standards, which, together with its internal data security policies and procedures, enables Osmosis to maintain all required confidentiality, integrity and availability of your information.
Personal Data Retention
We will keep your personal information for as long as you are a client of Osmosis. After our relationship with you has ceased, we may keep your data for up to 7 years to meet our legal or regulatory obligations or if we have a technical issue. Your Rights Under GDPR, Data Subjects (i.e. you) have the following rights in relation to how Osmosis uses your information. They are:
• Right to be informed. You have the right to be informed about the collection and use of your data, why and who we share it with – we do this in our Privacy Statement,
• Right of access. You have a right of access to your personal information, if you would like to receive a copy of the personal information we hold for you, you make a data subject access request to our Privacy Officer – details below,
• Right to rectification. You have the right to have your personal data rectified if it is inaccurate or incomplete,
• You can ask for your information to be deleted or removed if there is not a compelling reason for Osmosis to continue to have it,
• Right to restrict processing. You have the right to request to block or suppress the processing of personal information for certain reasons. If your request meets the necessary conditions for restriction it means that we are still permitted to keep your personal data – but only to ensure that we don’t use it in the future for those reasons you have restricted,
• Right to data portability. You have the right to ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy to transfer the personal information we hold to another company in a safe and secure way. E.g. if you were moving your account to a different investment manager,
• Right to object. You have the right to object to Osmosis processing your personal information where: it’s based on legitimate interest of the performance of a task in the public interest/exercise of official authority (including profiling), if we did direct marketing and if we were using scientific/historical research and statistics,
• Rights related to automatic decision making including profiling. Osmosis does not currently use any automatic decision making or profiling processes.
Cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. When someone visits www.Osmosisim.com we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way, which does not identify anyone. We do not attempt to find out the identities of those visiting our website (www.Osmosisim.com). We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Website
This privacy statement applies to the Personal Data held by Osmosis and the Osmosis website (www.Osmosisim.com). It does not cover links to other sites. Once you have accessed another website via one of our links you will be subject to the security and privacy policy of that site.
Telephone Calls
Telephone calls to and from Osmosis are not automatically recorded, but if recorded in accordance with regulatory requirements then the call records are subject to the requirements of this Privacy policy.
Changes to our Privacy Policy
We regularly review our Privacy Policy. The last review was in April 2018.
If our Privacy Policy changes in any way, we will place an updated version on this page of our website.
Complaints
Protecting and keeping safe your personal information is line with data protection laws is important to us. If you do not believe that we have handled your information as set out in our Privacy statement, please visit our how to make a complaint page. We will do our best in making things right. If you are still unhappy, you can complain to the ICO. Their contact details can be found on their website www.ico.org.uk
Privacy Officer
The Osmosis Privacy Officer is:
Graeme Stephen
Privacy Officer
Osmosis (Holdings) Limited
8-9 Well Court
London EC4M 9DN
United Kingdom
Tel: 0207 653 1868
Email: [email protected]