Privacy Notice
PRIVACY NOTICE
1. Important information and who we are
This Privacy Notice describes the types of personal data that the Smithson Investment Trust plc. (“we”, “our”, “us”, “Fund”), may obtain and process, how we may use this data, with whom we may share this data, how long we will retain this data, and your choices regarding our use of your data.
We also describe the measures we take to safeguard personal data and tell you how to contact us about our privacy practices as provided for under applicable data protection legislation and regulation to which we are subject, in particular, the UK’s retained EU law version of the General Data Protection Regulation 2016/679 (“UK GDPR”) and the Data Protection Act 2018.
For the purpose of UK GDPR, the Fund is the data controller responsible for your personal data.
The website www.smithson.co.uk (“Website”) is not intended for children and we do not knowingly collect data relating to children. The Website is operated by the Fund’s investment manager, Fundsmith LLP (“Investment Manager”).
2. The types of personal data we collect about you
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer the following categories of personal data:
- Identity Data includes first name, last name, or similar identifier, title, date of birth and gender;
- Contact Data includes address, email address and telephone numbers;
- Financial Data includes bank account details and information resulting from “know-your-client” and anti-money laundering checks;
- Transaction Data includes details about transactions you undertake when buying and selling shares in the Fund;
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this Website;
- Usage Data includes information about how you interact with and use our Website and the Fund;
- Profile Data includes, preferences, feedback and survey responses;
- Marketing Data includes your preferences in receiving marketing from us.
From time to time, we may aggregate personal data we hold about you such that the data no longer directly or indirectly reveals your identity (and therefore no longer constitutes personal data). For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our Website to help improve the Website and our service offering.
We may collect special categories of personal data, which include, but are not limited to, information revealing racial or ethnic origin, political opinions, religious or similar beliefs, physical or mental health conditions and sexual orientation. For example, if you are identified as a politically exposed person through client due diligence checks, we may receive information revealing your political opinions.
We may also be required, in connection with the fulfilment of our legal and/or regulatory obligations, to collect information regarding criminal offences or alleged criminal offences that have been committed by you.
3. How is your personal data collected?
We may collect your personal data, through a number of different methods including:
- Your interactions with us. For example, when you:
- invest in the Fund;
- communicate with us by phone, e-mail, writing or otherwise;
- elect to receive marketing communications from us.
- Websites. As you interact with our Websites, we may collect Technical Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.
- Third parties or publicly available sources. We may collect your personal data from various third parties and public sources, including when you:
- engage with an organisation that has a business relationship with Fundsmith, such as the Fund's registrar;
- are subject to money laundering and “know-your-client” checks;
- are the beneficiary of a trust, the assets of which have been invested in the Funds.
4. How we use your personal data
Legal basis
We rely on one or more of the following legal basis when collecting and processing your personal data:
Performance of a contract with you: We may process your personal data where we need to perform a contract we are about to or have entered into with you.
Legal obligation: We may process your personal data where it is necessary for compliance with a legal obligation that we are subject to (for example, where we conduct anti-money laundering / “know-your-client” checks to confirm your identity).
Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose (for example, if you subscribe to receive marketing material from us).
Legitimate interests: We may process your personal data where it is necessary to conduct our business and pursue our legitimate interests (for example, to enable us to give you the best and most secure customer experience and make improvements to our business). We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by your interests, fundamental rights or freedoms (unless we have your consent or are otherwise required or permitted to by law).
Substantial public interest: We may process your personal data where there is a substantial public interest in us doing so (for example, to prevent or detect unlawful acts or for the purposes of compliance with a regulatory requirement relating to unlawful acts and dishonesty).
Purposes for which we will use your personal data
We have set out below, in a table format, a description of the purposes for which we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so.
Purpose/Use | Legal Basis |
|
|
To manage our relationship with you we will respond to your queries, requests (including complaint handling) and all correlated communications including the provision of investor services. |
|
Undertaking anti-money laundering / “know your client” checks to confirm your identity in accordance with anti-money laundering and counter-terrorist financing obligations. |
|
To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). |
|
To deliver relevant Website content and online marketing to you and measure or understand the effectiveness of the marketing we serve to you. |
|
To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing. |
|
To send you relevant marketing communications that may be of interest to you based on your Profile Data. |
|
Reporting to and/or cooperating with supervisory and regulatory bodies, and/or other authorities pursuant to applicable laws and regulations and complying with general prudential duties. |
|
5. Disclosures of your personal data
Where it is necessary in connection with the purposes set out at section 4 above, we may share your personal data with certain third parties.
In particular, we may share your personal data with the following recipients, some of whom will be based outside the UK and/or use sub-processors based outside the UK:
- the depositary of the Fund;
- the Investment Manager and any of its affiliated entities;
- suppliers and service providers to our business, including IT and communication services providers, accountants, auditors, tax advisors, lawyers and “know-your-client” / client due diligence verification providers;
- your financial advisor, where you have provided details of their identity;
- banking establishments;
- governmental, judicial or administrative bodies;
- any public register to be used for ultimate beneficial owners’ declarations (as accessible online as the case may be).
We also may disclose information about you: (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena or for tax reporting purposes), (ii) in response to requests by government agencies, such as law enforcement or regulatory authorities, (iii) for the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights, or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We also reserve the right to transfer any information we have about you to potential third party acquirer(s) in the event we sell or transfer all or a portion of the Fund’s assets (including in the event of a reorganization, dissolution, liquidation or other corporate event.
6. International transfers
In case of transfers of personal data to entities outside the UK, such transfers will rely on appropriate safeguards as permitted or required under UK GDPR.
In these circumstances, we will take those steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice and UK GDPR. This means that we will transfer your personal data to third parties: (i) that are located in countries that have been confirmed by the UK Government to provide an adequate level of protection; (ii) that have agreed (by way of a contract or some other form of data transfer mechanism approved by the UK Information Commissioner's Office) to provide all protections to your personal data as required by UK GDPR; or (iii) where you have provided your express consent for us to do so.
7. Data security
We have put in place appropriate security measures intended to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those persons parties who have a business need to have such access and are, in each case, subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of any actual personal data breach where we are legally required to do so.
8. How long will you retain my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for (including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements) and in any event for no longer than is permitted pursuant to UK GDPR.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we collected your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see section 9 below for further information.
9. Your legal rights
Within the limits set out in the UK GDPR, you have the right to:
- know what personal data we process about you and access such personal data;
- request any incomplete or inaccurate personal data be corrected;
- require us to delete your personal data and/or otherwise restrict our processing of your personal data in some circumstances;
- object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data and which overrides your right to object;
- object to our processing of your personal data where we send you direct marketing;
- "data portability", which is a right to require us to transfer your personal data to you or to a new service provider in a structured, commonly used and machine-readable format.
If you wish to exercise any of the rights set out above, please contact us through the means outlined at section 10.
10. Contact details
If you have any questions about this Privacy Notice, our use of your personal data or you want to exercise your privacy rights, please contact us on the following:
E-mail: smithson@fundsmith.co.uk
Postal address:
Smithson Investment Trust plc.
c/o Apex Listed Companies Services (UK) Limited
4th Floor
140 Aldersgate St
London
EC1A 4HY
United Kingdom
Telephone: 020 3327 9720
11. Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection matters (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
12. Cookies
For more information about the cookies we use on our Website and how to change your cookie preferences, please see the Investment Manager’s Cookie Policy.
13. Changes to the Privacy Notice
This Privacy Notice may be updated periodically to reflect changes in our personal data practices. By continuing to use the Website, communicate with us, or otherwise provide us with your personal data, you agree to any updated version of this Privacy Notice.