Tel: +44 (0) 20 3740 8350
Veritas Investment Management
We at Veritas Investment Management LLP and Veritas Investment Management AG (“Veritas”) know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This Privacy Notice (“Notice”) is meant to help you understand what personal information we collect, why we collect it and what we do with it. This includes how long personal information is retained for and how we ensure it remains secure. It also sets out your individual rights over your personal information, and how to contact us with any queries.
If we make changes we consider to be important or if we plan to use personal information for a new purpose, we will let you know by updating the Notice on our website and/or contacting you using other methods such as email. Your privacy matters to us so whether you are a new or existing client or partner, please do take the time to get to know our practices – and if you have any questions about our privacy practices or your personal information choices please contact us.
Controllers of Personal Information
Any personal information provided to or gathered by us is controlled by Veritas. As controllers of personal information, we are responsible for the accuracy and security of this information. We will only collect the information we require and are lawfully permitted to collect, and we will use this information in the ways which you would reasonably expect us to.
The information we collect and how we use it
We collect personal information to aid us in delivering and continually improving the quality of our investment management service. We use the information to set up accounts, deliver investment solutions, update our records and report on portfolio performance. We also use this information to improve our service offering, prevent or detect fraud or abuses and enable third parties to carry out technical, logistical and/or other functions for our firm. We do not undertake automated decision making or profiling using your data, and we will notify you if this position changes. We will never sell your personal information on to any third parties.
The information we collect will vary depending on how you interact with us.
Information you give us:
As a prospective client we might ask you to provide contact details (for example your name, email address, postal address and telephone number) which we use to establish a relationship with you and provide information about our investment perspectives; we might ask you to provide financial information (for example, your financial circumstances, investment objectives or risk tolerance) which we use to tailor our marketing documentation to your needs and circumstances.
When entering an investment management agreement with us we might ask you to provide personal information (for example your date of birth, nationality and/or tax identifiers) which we use to open your account and manage your portfolio. We will also ask for proof of your identity (for example passport and proof of address) so that we can verify your identity and perform regulatory-required screening for anti-money-laundering purposes. We ask you to provide your bank account details which we use to make payments to/from you.
If you provide a professional service (such as investment advice, tax or accounting services) to one or more of our clients, we might ask you to provide your contact details (for example your name, email address, postal address and telephone number) which we use to provide you with investment information as requested by our client.
When you submit an employment application with us, we receive information from either yourself or a recruitment agency including your education, work history and right to work. We might also ask you to provide contact details (for example your name, email address, postal address and telephone number) which we use to invite you to interview with us. If your application for employment is successful, you will receive further information from us regarding how we process personal information relating to employees. If your application is not successful, we will only keep your information for 6 months.
As a supplier, vendor or contractor working with us we might ask you to provide contact details (for example your name, email address, postal address and telephone number) which we use to establish a relationship with you and communicate about our service requirements. We will also gather financial information (for example, if you are a sole proprietor, your bank account details) which we use to make payments to you. If you work on site with us, we may also ask to you provide further information to help us ensure that we provide you a safe and secure working environment.
When you call us, telephone lines may be recorded. These recordings are stored securely and kept for a maximum of 12 months, unless otherwise required for legal or regulatory purposes.
Information from other sources
To comply with our legal and regulatory requirements to perform background checks (including sanction screening), we use data provided by credit and global reference agencies. Please see their privacy notices for more information about how personal data is used:
As a prospective client we might ask your professional service providers (e.g. investment consultants, accountants, lawyers) to provide contact details (for example your name, email address, postal address and telephone number) which we use to establish a relationship with you and provide information about our investment perspectives; we might ask them to provide financial information (for example, your financial circumstances, investment objectives or risk tolerance) which we use to tailor our marketing documentation to your needs and circumstances.
In limited instances, Veritas processes personal information for certain legitimate business interests, including to help us understand whether our products and services might be of interest to you; to provide communications about our investment perspectives which we think will be of interest to you; and to cultivate client or business partner relationships. Whenever we process personal information for these purposes, we will ensure that we hold your personal rights in high regard. You have the right to object to this processing by contacting us.
Sharing your data with third parties
We employ other companies and individuals (“third parties”) to perform certain functions on our behalf to provide a more robust service to you. Examples include IT support, cloud hosting services, legal services, accounting, audit, compliance monitoring, consulting and/or other professional services related to our business. We have agreements in place with all third parties which define how they can process your personal information and we impose stringent information security requirements on them to ensure your information is protected.
Transfers of data outside the European Economic Area (“EEA”)
Where your information is transferred outside the EEA to other countries in which applicable laws do not offer the same level of data privacy protection, your rights and protections remain with your data. Where we transfer data to the United States, this is done through data processors who are obliged to follow the requirements of the EU-US Privacy Shield, or with whom we have comparable contract clauses in place. We put measures in place to ensure that all transfers are managed lawfully.
How long do we keep your data for?
We retain personal information for as long as reasonably required for regulatory or business purposes. In determining data retention periods, we consider local laws, contractual obligations, and your expectations and requirements. Unless otherwise referenced in the notice, we will keep information for 7 years following the end of the contractual relationship period, as required by EU and UK regulations. Where we no longer have a requirement to retain or process your data, we shall stop processing that data and securely delete it or anonymise it.
Special protection for sensitive data
During your client relationship with us, you may choose to share sensitive personal information with us. This can be information relating to your health or to your children to help us better understand your financial circumstances and investment objectives. We will take special care to record this information only where necessary to fulfil our contractual obligations or legal requirements, and to keep this information secure. We do not record information on race or sexual orientation, nor do we process genetic or biometric data.
As a supplier, vendor or contractor working on site with us, if you share sensitive information about your health with us, this will also be protected as described above.
How secure is the information about me?
Your data is secured against unauthorised access or disclosure using industry best-practise information security practises such as email encryption, secure file transfer protocols (“SFTP”) and multi-factor authentication (“MFA”). We engage an external firm to test the robustness of our controls (this is called “penetration testing”) and provide us recommendations on how we can improve which are acted upon. In addition, we align ourselves to the UK Government’s Cyber Essentials standards which helps to guard against the most common cyber threats.
What are my personal information choices?
As discussed above, you can always request access to the personal information we hold about you and we will provide this to you subject to any regulatory requirements or exemptions. Before providing data to you, we will ask you for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data for you.
You may request access to or copies of the personal information that we hold about you by emailing us at GDPR@veritasinvestment.co.uk or contacting your investment manager.
If you believe that any of the personal information we have about you is incorrect or incomplete, please contact us as soon as possible. We will take steps to seek to correct or update the information.
You may request that your personal information be deleted however this may not always possible due to legal requirements and other obligations.
Where we are processing your personal information for the purposes of performing our contract with you, you have the right to request that the personal information we hold about you be transferred to a third-party data controller.
If you are unhappy with the way that we have handled your personal information, you can raise your concern to the Information Commissioners Office (ICO) in the UK; or the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland. Or alternatively please ask us for assistance.
CONTACT US: If you have any questions in relation to this Privacy Notice, or if you would like to contact us to exercise your rights as stated in this Privacy Notice, please contact us.