PRIVACY NOTICE

INTRODUCTION

We respect privacy and your rights to control your personal data. Our principle guidelines are simple. We will be clear about the data we collect and why. We do not and will not sell your data to Third Parties. This Privacy Notice describes why and how we collect and use your personal data and provides information about your rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this Privacy Notice, or as otherwise stated at the point of collection.

In this Privacy Notice, your information is sometimes called “personal data” or “personal information”, and is any information relating to an identified or identifiable living person. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as “processing” such personal information. We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this Notice.

 
WHO WE ARE

This Privacy Notice is issued by STM Group plc (collectively referred to as “we”, “us” and “our” in this Privacy Notice), and relates to itself and one or more of its subsidiary firms that may process your personal information. The data controllers are one or more of the Subsidiary Firms listed here. Each subsidiary firm in the PLC is a separate legal entity. For further details, please see http://info.stmgroupplc.com/.

We gather and process your personal information in accordance with this Privacy Notice and in compliance with the relevant data protection Regulation and Laws. This Notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

 
 
INFORMATION THAT WE COLLECT

We process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this Notice.

We may collect and use some or all of the following types of personal data about you and, in some circumstances, your spouse, civil partner, partner or dependents:
• Your full name, address and contact details;
• Your date of birth;
• Your gender;
• Your marital (or relationship) status;
• Your National Insurance Number / Tax Identification Number;
• Your passport number;
• Details of your bank account;
• The source of your wealth;
• Information about your health.

You may also need to provide us with personal data relating to other people. When you do so, you will need to check with them that they are comfortable for you to share their personal data with us, and for us to use it in accordance with this Privacy Notice.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.

We may collect information in the below ways:
• You may provide information directly to us;
• Third Parties may provide personal information to us; and
• We may also capture certain personal data to meet our legal, statutory and contractual obligations.

 
HOW WE USE YOUR PERSONAL DATA

We take your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by Law. We only retain your data for as long as is necessary and for the purpose(s) specified in this Notice. Most commonly, we will use your personal data in the following circumstances, and on the following legal basis:
• In the performance of the contract we have entered into with you;
• It is in our legitimate interest to process your personal data;
• When we collect and use certain special categories of personal data with your express consent; and
• Where we need to comply with a legal obligation.

We may less often also need to use your information to establish, exercise or defend our legal rights.

YOUR RIGHTS

You have the right to access any personal information that we process about you, and to request information about:
• What personal data we hold about you (commonly known a “data subject access request”);
• The purposes of the processing;
• The recipients to whom the personal data has/will be disclosed;
• How long we intend to store your personal data for; and
• If we did not collect the data directly from you, information about the source.

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object on those grounds. In addition, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request. This is to ensure that your data is protected and kept secure. If your request is made by electronic means, we will respond using the commonly used electronic form unless you specifically requests otherwise. When requested, and provided that it is practical and commercially feasible to comply with the request and there is no legal or regulatory need for us to keep the information, we will delete identifying information from current operational systems.

 
SHARING & DISCLOSING YOUR PERSONAL INFORMATION

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this Notice or where there is a legal requirement. We use third-parties to provide the below services and business functions. Any processors we may use to act on our behalf will only process your data in accordance with instructions from us and comply fully with this Privacy Notice, the data protection laws and any other appropriate confidentiality and security measures.

Touchstone (C.I.) Limited
Provide wealth management software and consultancy services.
http://www.touchstoneone.com/privacy-policy/

Software Automation International Limited
Providing project based services and solutions for Aurora IT’s suite of compliant cloud solutions.
http://www.sailsolutions.co.uk/privacy-policy/

MailChimp, which is owned and operated by The Rocket Science Group
Providing marketing automation.
https://mailchimp.com/legal/privacy/

Betley Whitehorne Image
Providing online website hosting and development
https://wearebwi.com/index.php/privacy-statement

TRANSFERS OUTSIDE THE EEA

We utilise specific Information Technology services that are hosted/stored in Jersey and the USA, which means that we may transfer some information which is submitted by you to us outside the European Economic Area ("EEA") for the below purposes:
• MailChimp for marketing automation.
• Box for secure file transfers.
• iConnect Logicalis as hosted portal providers.

Therefore, when you use our website, send us an email, sign up to our newsletter, etc., the personal information you submit may be stored on servers which are hosted in Jersey. In the case of Jersey, GDPR allows us to transfer your personal data as the country is declared 'adequate'; and with the USA we verify that the provider adheres to the EU-U.S. Privacy Shield Framework.

 
HOW LONG WE KEEP YOUR DATA

We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. To determine the retention periods, we will take into consideration what is reasonably and to comply with our legal obligations.

LODGING A COMPLAINT

We only process your personal information in compliance with this Privacy Notice and in accordance with the relevant data protection laws. We hope that you won’t ever need to, but if you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, please contact our Data Protection Officer in the first instance:

STM Group PLC
David Corbin
c/o London & Colonial
Rockwood House, 9-17 Perrymount Road,
Haywards Heath, West Sussex RH16 3TW
dataprotection.office@stmgroupplc.com

You also have the right to lodge a complaint with the relevant Local Supervisory Authority. For further information on your rights and how to complain to the relevant local supervisory authorities, please refer to their respective websites.

CHANGES TO OUR PRIVACY NOTICE

This statement is subject to regular review and may be updated from time to time. We will inform you if we make any substantial changes to how we use with your personal data.

COOKIES POLICY

Please see our Cookies Policy

This policy was last updated on 07 May 2018.

 

Privacy Preference Center

Close your account?

Your account will be closed and all data will be permanently deleted and cannot be recovered. Are you sure?