EBI Portfolios Ltd is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It also sets out the condition under which any personal data may be disclosed to others and how it is kept secure.
We will collect, store and use Personal Information in accordance with all applicable laws relating to the protection of Personal Information. The data controller will be EBI Portfolios Ltd (EBI), incorporated and registered under company registration number 07473221, the registered office of which is Suite 7, Beecham House, Beecham Business Park, Northgate, Aldridge, West Midlands, WS9 8TZ.
Who in the firm is responsible for ensuring that adequate data protection is in place?
Employees of EBI complete training to ensure adherence to data protection regulations. Our Data Protection Officer, takes ultimate responsibility to ensure adequate procedures are in place and regularly reviews policies to ensure adherence.
Any questions regarding this policy and our privacy practices should be sent by email to email@example.com or in writing to EBI Portfolios Ltd, Suite 7, Beecham House, Beecham Business Park, Northgate, Aldridge, West Midlands, WS9 8TZ. Alternatively, you can telephone 01922 472226.
What personal data does EBI hold?
The Personal Information we hold and process will differ depending upon the contractual arrangement advisory firms choose to operate under when subscribing to EBI’s services.
The Personal Information we hold includes;
General data – name, date of birth and country of residence
Contact data – address, telephone number, e-mail address and IP address
Identification data – government issued identification and national insurance number
Fraud and sanctions related data – information obtained as result of our investigations, i.e. sanctions screening
Financial data – payment information (if applicable), investment details such as portfolio numbers, balances, transaction history etc
Telephone recordings and online chat transcripts – information obtained during recording of telephone calls or online chats with EBI staff members.
EBI will also hold data relating to third parties that we currently have or previously have had commercial relationships with as well as holding data relating to EBI current or previous employees.
Where has the Personal Information come from?
We obtain Personal Information directly from the advisory firm when they subscribe to use our services. Investors that wish to contract with EBI under Reliance on Others will also provide us with the Personal Information collected via an application form.
We may be provided with data by third parties where there is a genuine need for the information.
We may collect our own data directly from websites and registers such as the Financial Conduct Authority (FCA) register.
Who is the Personal Information shared with?
We may pass your information to third party service providers, agents and other associated organisations for the purpose of completing tasks and providing services to you on our behalf.
However, when we use third party service providers, only the Personal Information that is necessary to deliver the service is shared. Please be assured that we will not release your Personal Information to third parties beyond the firm for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crimes.
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
If you would like further details of the strategic partners we may share your Personal Information with, please contact us.
What does EBI do with Personal Information?
Information collected is used for future communications and to ensure EBI can provide our services to the data subject.
We may use client data for Management Information purposes, account management and adherence to the terms specified within EBI agreements.
The main purposes for which we use Personal Information are to;
- Communicate with you
- Process payments for services we have provided
- Provide our ongoing services
- Perform any legal obligations required of us
- Carry out our obligations arising from any contract entered by you and EBI
- Provide information to platforms for the purpose of arranging investment solutions
- Meet regulatory obligations
The EBI website may collect and use your personal information in order to operate and improve the services it provides. These uses include making the website or service easier to use by eliminating the need for you to repeatedly enter the same information and performing research and analysis aimed at improving our products, services and technologies.
We may also capture non-personal information, which is defined as data in a form that does not hold a direct association with any specific individual user. We may capture, use, transfer, and disclose non-personal information for any purpose.
We may collect information such as language, unique device identifier, IP address, geo-location, and the time zone where our website is used so that we can better understand usage habits and improve our products, services, and advertising. This information will always be used in an aggregated form and be used to help us provide more useful information to our users and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non-personal information.
If for any reason we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined and as such be applicable to the terms describing our handling of personal information.
EBI will make appropriate contact with you to provide the agreed services. EBI will not contact you for marketing purposes by post, email, phone or text message unless you have given your prior consent. Subscribed members can change marketing preferences at any time by contacting firstname.lastname@example.org.
What is the legal basis for holding the data?
Data protection law requires us to only collect Personal Information where we have a legitimate reason to do so, known as a lawful basis.
In order to use your Personal Information for the purposes described in the policy, our lawful basis will be one or more of the following:
a. To fulfil our contractual obligations to you; to provide you with our products and services in accordance with their terms
b. Where the processing is necessary for legitimate interests; to operate and improve our products and services and keep you informed about our products and services or for any other purposes we identify as appropriate to our business needs, or those business needs of a third party
c. When we have received your consent; where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose
How is data stored and how is this protected?
We do not retain any paper files. All paper records are scanned and stored on our internal systems. The paper records are then destroyed.
Data is stored on-site on servers we own. Access to these servers is physically restricted by a locked door. Data on these servers is available to workstations in our office, as well as to employees working outside of our office via an encrypted VPN tunnel. This data is only shared to authenticated users of our network domain.
Most data is only passed through a workstation as it is being used, and is never directly stored on the machines being used by our staff, however some work is saved locally for various reasons. Because of this, all workstations (on-site and remote) are protected by domain credentials known only to our employees. All workstations are protected by Microsoft anti-virus software. We also employ a staff policy of locking workstations upon leaving them unattended.
Further information on how we store personal information is available upon request.
Your rights in relation to your information
You have legal rights under data protection laws in relation to your Personal Information.
Your rights are as follows;
- You have the right in certain circumstances to have inaccurate Personal Information rectified.
- You have the right to ask us to erase your Personal Information in certain circumstances – This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information.
- You have the right to access and receive a copy of the Personal Information we hold on you, which is known as a subject access request (SAR).
- You have the right to ask that the processing of Personal Information is restricted in certain circumstances, however this may impact on the services we are able to provide to you and therefore we would review each case on an individual basis.
- You have the right to ask that we transfer your Personal Information to another organisation, or to you, in certain circumstances.
- You have the right to object to us processing your Personal Information in certain circumstances.
If you wish to exercise any of the rights noted above, please contact us. We may ask you for proof of identity when you make a request to ensure we only disclose information to the right individual.
We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.
Where we obtain your data other than directly from you, you will have the same or equivalent rights to those set out above.
You have the right to complain with respect to any processing of your data and any breach of the above rights to the relevant supervisory authority, who in the case of the United Kingdom is the Information Commissioner’s Office by means of the helpline 0303 123 1113 or online form.
Does EBI have a documented Data Retention Policy?
EBI will comply with Data Protection Law with respect to the data and, in particular, but without limitation, will review the data on a regular and frequent basis to ensure compliance with Data Protection Law, including, but not limited to, putting into effect any deletion or correction of erroneous data requested by you. In the course of any review we will:
- Delete any data which is trivial or transitory in nature, or which in our opinion is no longer required to be retained for the purposes set out above.
- Update the data to ensure that any errors or inaccuracies in the data are corrected.
- Archive the data.
- Securely delete data once the legal basis for processing that data has come to an end.
We may retain and process your data for the following periods, and if more than one period applies to the same data, to the last such period to expire:
- We will hold agreements (including the Terms and Conditions, Investment Agreement) between you and EBI for a period of six years from the termination or expiry of your subscription as an EBI member.
- We will process data related to our investment templates which we are managing during the full period of the term in which we are carrying out management of those portfolios and will continue to hold such data for a period of no more than six years following us ceasing to provide services to you.
- We will hold data required to be held for the purposes of any Regulator until the end of any limitation period imposed by the Regulator, which in the case of the Financial Conduct Authority is currently six years.
- We will hold data required to be held for the purposes of any relevant third party until the end of any period required by the relevant third party.
- We will hold data held for the purposes of any legal proceedings for a period of six years following the conclusion of any proceedings, unless a longer period is required pursuant to any court rule or enactment.
Use of ‘cookies’
A cookie is a small piece of data sent from a website and stored locally in a website visitor’s web browser. Cookies were designed to be a unified and reliable mechanism for websites to remember the state of the website, or any pertinent activity the user had taken in the past. This can include accessibility preferences, logging in, shopping cart items or a record of which pages were visited by the user etc.
To make full use of the personalised features of our website, your web enabled device will need to accept cookies, as we can only provide you with the personalised features of this website by using them.
EBI’s cookies do not store any sensitive information, they simply hold the ‘key’ that once you’re logged in, is associated with this information. However, if you would prefer to disable cookies, you can switch them off by setting your bowser preferences. Turning cookies off may result in a loss of functionality when using EBI’s website.
Google Ads Remarketing Advertising
EBI use remarketing audiences to advertise its services online. These audiences include past visitors to the EBI website.
Third party vendors, such as Google, may use this information to provide you with advertisements that are customised to your particular preferences, including for companies that are not affiliated with EBI. You may see these advertisements on EBI’s website and 3rd party Apps and websites, and across different devices you use.
You can revoke your consent to ad personalisation by Google here.
Links to other websites
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owner and operators of that third-party site and recommend that you check the policy of that third-party site.
Is data transferred outside of the European Economic Area (EEA)?
We do share data with FinaMetrica, a company based in Australia which is outside the EEA. The data provided to FinaMetrica includes names and email addresses of the subscribed member. Data is only shared once a client (typically a financial adviser) has given explicit authority by agreeing to the terms and conditions stated within EBI’s website. By agreeing to the terms and conditions, the individual is requesting to become a member of FinaMetrica. Individuals that do not wish to join FinaMetrica will not have their details shared.
EBI keep this policy under regular review and may amend the policy from time to time without providing notification. You are responsible for regularly reviewing the policy to confirm your continued agreement with its contents. Continued use of our website following any such changes constitutes your acceptance of those amendments and your agreement to be bound by them.
This Policy was last updated August 2022.