1. WHO ARE APEX?
Apex is a trading name of Apex Corporate Trustees (UK) Limited. Please refer to the “Legal and Regulatory Status” page on the Apex website (https://apexgroup.com/regulatory-status/) for more details on the trading companies in the Apex Group. All of the companies are wholly owned subsidiaries of Apex Group Limited (“Apex”). For more information on Apex, please visit https://apexgroup.com
2. WHAT IS THIS PRIVACY NOTICE?
At Apex where we collect personal information about you, we are committed to protecting this information and your privacy. Set out below is an explanation of how we use, collect and safeguard your personal information. This Privacy Notice applies where any company within Apex receives personal data in connection with any services that we are engaged to provide (“Services”).
3. WHAT PERSONAL INFORMATION DO WE COLLECT AND WHY DO WE COLLECT YOUR INFORMATION?
The principles of data protection are that only sufficient personal data should be collected and processed as is necessary for the purpose. Apex will collect and use only as much personal data from you as is necessary to be able to provide you with the Services.
We are required by law to obtain “know your client” information as detailed in our terms of engagement for our Services, and this includes certain personal information including information contained in a formal identification document or social security or other unique reference relating to you.
We may receive information about you from a third party source in connection with our Services. For example, we may carry out electronic verification checks or screening and/or may receive information about you from a public source or a third party in order to verify your identity or check whether you are a politically exposed person, or subject to any financial sanction or as may otherwise be required by law or regulation. Such electronic checks may involve making automatic decisions about you.
4. HOW DO WE USE YOUR PERSONAL INFORMATION AND WHAT IS THE LEGAL BASIS ASSOCIATED WITH THE MAIN PURPOSE?
We may process your personal information for a number of different purposes. We also need a lawful reason to use and process your personal information which is called ‘lawfulness of processing’. We will use the information we hold about you for the following purposes:
Where it is necessary to comply with a LEGAL OBLIGATION
We may use, store and share your information where we are under a legal obligation to do so. This may include use of your information:
- to verify your identity (including electronic checks or screening); and
- in connection with any legal obligation on us to report any fraud or other criminal activity (including money laundering or tax avoidance schemes).
In connection with this we may collect information about any criminal activity. We may use this information in the substantial public interest in the detection or prevention of unlawful acts or in protecting the public against dishonesty, or on suspicion of terrorist financing and money laundering. Any information of this type will be subject to appropriate safeguards with regards to security and to ensure your rights as a data subject are protected.
Where we have a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes.
- for the detection and prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as a client;
- to comply with a request from you in connection with the exercise of your rights; and
- assess and improve our service to customers through recordings of any calls.
5. WHO WE SHARE PERSONAL INFORMATION WITH?
We will only disclose your personal information in accordance with applicable laws and regulations applicable to the countries in which our businesses operate. We may disclose your information to the following third parties:
- any person with legal or regulatory power over us (such as the Financial Conduct Authority, HMRC, the police or the National Crime Agency or the Serious Fraud Office that may require disclosure on legal grounds, or other relevant Government departments where reasonably necessary for financial crime and sanction prevention purposes);
- service providers engaged by us to help us run our business and perform the Services. Such service providers may include, for example, cloud or archive storage providers (engaged by us to provide electronic or physical storage facilities for our business data and your information). Other service providers may include IT system suppliers, auditors, lawyers, marketing agencies, document management providers, tax advisers or providers of software or other IT resources;
- your relatives, powers of attorney, guardians acting on your behalf or other people or organisations associated with you such as your financial advisor or your lawyer whenever you have given us permission to share your personal information with them;
- our third party service administrators;
- Identity and verification agencies;
- other parties in commercial relationships with Apex, including financial organisations and advisors where necessary to enable us to fulfil any Services to you; and
- any member of the Apex Group which means our subsidiaries, our ultimate holding company and its subsidiaries (from time to time) as necessary to perform any Services to you.
Some of these third parties (including Apex Group subsidiaries and service providers) may be outside of the European Economic Area (EEA). If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Notice. Such steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this Notice for more information about the protections that we put in place and to obtain a copy of the relevant documents. Transfers within the Apex Group will be covered by an agreement entered into by members of the Apex Group (an intra-group agreement) which contractually obliges each member to ensure that your Personal Data receives an adequate and consistent level of protection wherever it is transferred within the Group.
6. HOW WE KEEP YOUR INFORMATION SECURE?
We store the information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorised access.
We take protection of your personal information and our system security very seriously.
Any personal information which is collected, recorded or used in any way will have appropriate safeguards applied in line with our data protection obligations.
We implement Internal and external audits and regular, independent assurance exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions.
Our employees also protect your personal and confidential information whenever they are processing it and must undertake annual training on this.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.
Where we make available to you any online portal or web-hosted platform to provide any Services to you, all exchanges of information between you and any such portal or platform go through encrypted channels in order to prevent interception of your information. Public access to your information via and any portal or platform is protected by a login using your user ID and password. You should ensure that these are kept secret and not divulged to other people.
You recognise that that your use of our website is entirely at your own risk. As Apex websites operate on the internet, which is inherently insecure, Apex cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, Apex has no responsibility or liability for the security of personal information transmitted by you via our website.
7. HOW LONG WE WILL STORE YOUR INFORMATION FOR?
We generally hold your personal data on our systems for as long is necessary to provide our Services and for regulatory compliance.
We must keep “Know your Client” information for 7 years after completion of our Services.
The time period we retain your personal information for may differ depending on the nature of the personal information and what we do with it. How long we keep personal information is primarily determined by our regulatory obligations.
In some cases where there may be a dispute or a legal action we may be required to keep personal information for longer.
If we anonymise your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.
8. YOUR RIGHTS
You have the following rights in relation to how we use your information. If you’d like to exercise these rights please contact us using the contact details listed at section 14 “Who can you speak to at Apex about this Privacy Policy?”
Right to lodge a complaint - You have a right to complain to the Information Commissioner’s Office (the “ICO”) at any time if you object to the way in which we use your personal information. More information can be found on the ICO website: https://ico.org.uk/
Right of access – you have the right to know if we are using your information and, if so, the right to access it and information about how we are using it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. Where you have made the request by electronic means the information will be provided to you by electronic means where possible.
Right of rectification – We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.
Right to erasure – you have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restrict processing - in some circumstances, although you may not be entitled to require us to erase your information, but may be entitled to limit the purposes for which we can use your information. Right of data portability – you have the right to require us to provide you with a copy of the personal information that you have supplied to us in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours). Once transferred, the other party will be responsible for looking after your personal information.
Right to object to direct marketing - You can ask us to stop sending you marketing messages at any time. Please see below.
If you wish to unsubscribe from any emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in the email. Otherwise you can always contact us using the details set out in this Privacy Notice to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.
Right not to be subject to automated-decision making - Apex do not make decisions about you using automated decision making or profiling of your personal data.
Right to withdraw consent - For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
In some circumstances exercising some of these rights will mean we are unable to continue providing you with your investment or maintaining a business relationship with you.
You can make any of the requests set out above using the contact details in this Privacy Notice. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can't comply with your request, we will tell you why.
9. FOLLOWING LINKS FROM OUR WEBSITES
Our website may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
10. CHANGES TO THIS PRIVACY NOTICE
Please note that this Notice will be reviewed and may be changed from time to time so please check the page on our website at https://apexgroup.com/wp-content/uploads/2019/06/London-Privacy-Notice-Corporate-Services.pdf occasionally to ensure that you are happy with any changes. This Notice was last updated on 18 April 2019.
11. WHO CAN YOU SPEAK TO AT APEX ABOUT THIS PRIVACY NOTICE?
Questions, comments and the exercise of your rights regarding this Privacy Notice and your information are welcomed and should be addressed to the Data Privacy Manager by post at 140 London Wall, London EC2Y 5DN. If you wish to make a complaint on how we have handled your personal information, you can contact our Data Privacy Manager. If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law, you have the right to complain to the supervisory authority in the UK responsible for the implementation and enforcement of data protection law: the ICO. You can contact the ICO via their website – https://ico.org.uk/concerns/ - or by calling their helpline – 0303 123 1113.