Last Updated:  May 2017
This Policy explains when and why we collect personal information about people who enquire about or make an investment using the services of Fiduciary Wealth Management. The policy also explains how we use that information, the conditions under which we may disclose information to others and how we keep personal information secure.
Navigating this policy
If you are viewing this policy online, you can click on the below links to jump to the relevant section:
Who we are and how to contact us
Fiduciary Wealth Management Limited is regulated and authorised by the Gibraltar Financial Services Commission under Licence No. FSC00962B. It is the data controller of any personal data you provide for the purposes of relevant legislation.
Our business is to help clients protect the financial assets they already have and advise them on how to manage and grow them for the long term. We ensure clients preserve their legacy for their future and for the futures of those who depend on them. We focus solely on helping clients to build, maintain and preserve their wealth.
Fiduciary Wealth Management Ltd
Gibraltar GX11 1AA.
Questions can also be sent by email to: firstname.lastname@example.org
How we collect information from you
We collect information about you when you:
- use our website ‘contact us’ form to enquire about products and services
- meet with an independent financial adviser (IFA) of Fiduciary Wealth Management
- register to receive one of our newsletters
- call our office to enquire about our services
- download one of our ‘Guides’
- enter into a formal business relationship with Fiduciary Wealth Management
Please note that if you communicate with us electronically, including by e-mail, telephone or fax, this communication may be monitored and/or recorded to protect the interests of our business and our customers. This includes for the purposes of maintaining customer/service quality standards, detection of and/or prevention of crime and to ensure that Fiduciary Wealth Management employees comply with legal obligations.
What type of information is collected?
The personal information we collect might include your name, address and email address, and information about your health, lifestyle and finances to provide you the most appropriate advice and wealth management solution.
We may also ask you to provide evidence of your identity such as asking for a copy of your passport, driving licence, proof of residence or income. We are required to ask for this information to comply with anti-money laundering (AML) legislation such as the Proceeds of Crime Act 2015, to ensure we safeguard against and report any suspicious activity.
How we use your personal information
We use personal information about you in connection with the following purposes:
Provision of services and account management:
- to provide you with the information, products and services that you have requested from us.
- to complete any transaction you are undertaking with us;
- to manage and operate your account with the chosen platform provider, including sending you information relating to your account;
- to meet a legal or regulatory obligation.
- to ensure that content from our site is presented in the most effective manner for you;
- to administer our site and for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to notify you about changes to our service;
- as part of our efforts to keep our site safe and secure;
- to provide you with information about other services we offer that are similar to those that you already have or have enquired about;
- to provide you with other marketing material such as our Newsletter.
If you do not want your personal information to be used for marketing purposes, please contact us on the above details.
Where you are an existing client, we will rely on our legitimate interests as the lawful basis for processing your personal information. To this end, it may be necessary to process your information so we can directly market in our legitimate interest. In addition, we consider it reasonable for you to expect you may receive marketing material from us in the same methods we normally communicate with you (e.g. via email) and that there is no disproportionate impact to your individual privacy rights in this case
We do not use automated-decision making methods (including profiling), save that we may risk profile our clients in compliance with applicable anti-money laundering legislation.
How long we keep your information for
Retention periods are determined based on the type of record, the nature of the record and activity and the legal or regulatory requirements that apply to those records.
However, we may retain your personal data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person or where we have a legitimate interest to do so for example, to manage your pension, tax and social security obligations etc.
Your individual rights
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.
Right Information and access
Right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information.
Right to erasure (right to be ‘forgotten’)
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information; and
- erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defence of legal claims.
Right to restrict processing and right to object to processing
You have a right to restrict processing of your personal information, such as where:
- you contest the accuracy of the personal information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defence of legal claims.
You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
As explained above, we do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us.
We will not contact you for marketing purposes unless:
- you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above)
- you have otherwise given your prior consent (such as when you download one of our guides)
You can change your marketing preferences at any time by contacting us on the above details. On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. You may also opt-out at any time by contacting us on the below details.
Right to request access
You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Information that we hold or process. To protect our customers' personal information, we follow strict storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the above details.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us on the above details.
Raising a complaint about how we have handled your personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact us as set out above and we will then investigate the matter.
Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner under the Data Protection Act, which is presently the Gibraltar Regulatory Authority (GRA). You may contact the GRA on the below details:
Gibraltar Data Protection Commissioner
Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4
1 Europort Road
Phone:(+350) 200 74636
Fax: (+350) 200 72166
You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA.
Sharing your personal information
We may pass your information to our Business Partners, administration centres, third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, or to enable us to obtain a quote for you or provide you with other related services.
These third parties may include:
- Fund managers, insurers, insurance brokers, or credit brokers.
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.
Transferring your information outside of the European Economic Area
There may be instances where as part of the services offered to you by Fiduciary Wealth Management, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). The EEA includes the European Union countries as well as Iceland, Liechtenstein and Norway. Transfers outside of the EEA are sometimes referred to as ‘third country transfers’.
This may happen if any of our Platform providers are located in a ‘third country’ outside of the EEA. If we transfer your information outside of the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Policy. This may require us to take certain additional steps to ensure that appropriate safeguards are in place if that third country is not deemed by the European Commission to offer an adequate level of protection for your privacy rights, which may include use of contractual safeguards to allow you to be able to enforce your rights and ensure these are preserved. In certain circumstances, we may need to ask you for your explicit consent to such third country transfers, and will always do so in writing and giving you full information about why we need your consent and your right to withdraw that consent at any time (together with the consequences of withdrawal).
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
Keeping your information safe
At Fiduciary Wealth Management, we take our responsibility to look after your personal information and privacy seriously. In today’s world, we have all seen a growing trend in cybercrime and security breaches. We have a number of security measures in place to help prevent fraud and cybercrime.
If we become aware that a personal data breach has occurred and is likely to result in a high risk to the rights and freedoms of our clients, Partners or employees, we will inform them without undue delay.
We educate and train our employees on our information security, fraud prevention and privacy obligations annually. Information Security awareness also forms part of our new employee induction program.
We also educate our employees in identifying potential financial crime and internal fraud; any suspicious activity is reported to the Gibraltar Financial Intelligence Unit.
We will always interact with you in a safe, secure and consistent manner
To keep your information secure and to protect our clients from fraud, Fiduciary Wealth Management will only interact with you in the following ways. If in doubt, call our office or email us at email@example.com.
When interacting with you, we will:
- Post information electronically to your Client Portal
- Verify who you are when speaking to you on the phone, by asking you security questions.
We will not:
- Ask you for any password over the phone.
- Send you an unsolicited email with a link to our login page asking you to enter your Client Portal credentials.
- Ask you for payment or credit card details by email or telephone.
Physical controls – As well as protecting your digital information, Fiduciary Wealth Management also protects its office where personal data may be used and stored. This includes secure disposal of confidential waste and hardware, personal card access and locks on doors and file storage cabinets, with a ‘clear desk’ policy to ensure all information is locked away and protected.
Logical controls – Fiduciary Wealth uses technical security measures to make sure our systems where we store and use personal information are protected from unauthorised access. Tools such as authentication controls, antivirus, firewalls, malware detection and back-up procedures are used across the business.
We have a business continuity plan.
The key drivers in developing the business continuity plans are;
- To mitigate the risks that could lead to the significant disruption of our services to our clients.
- To provide a recovery plan that supports a timely and full restoration of our services for our clients
Whilst we take appropriate technical and organisational measures to safeguard your Personal Information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.
Privacy Protections for Children Using the Internet
Protecting children's privacy is important to us. For that reason, we do not collect or maintain information on our website from those we actually know are under the age of 16, nor is any part of our website targeted to attract anyone under 16. We request that all visitors to our website who are under 16 not disclose or provide any personal data and discontinue use of our website.