1. Introduction or Background
Hermes GPE LLP (Hermes GPE) by nature of its business will need to collect information about individual persons that it deals with, employs, receives information from, and sends information to.
Hermes GPE is committed to maintaining the privacy and confidentiality of information provided to us. The term “Personal Data” refers to personally identifiable information about you, such as your name, job description, health related data, date of birth, e-mail address or mailing address.
2. Definition and purpose
Personal data may be defined in regulations applying to the jurisdictions that the company operates in.
In the UK the Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. In practice it provides a way in which individuals can control information about themselves.
In the United States the Commonwealth of Massachusetts has introduced Standards for the Protection of Personal Information, which define personal information as a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. It is likely that other states will produce similar regulations.
If Hermes GPE operates in other jurisdictions, or under other regulatory bodies it will ensure that it complies with or exceeds local regulatory requirements.
To define how Hermes GPE will gather, use, and protect Personal Data in accordance with the following key principles:
- Data may only be used for the specific purposes for which it was collected.
- Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime).
- Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
- Personal information may be kept for no longer than is necessary and must be kept up to date.
- Personal information may not be sent to other jurisdictions unless the individual whom it is about has consented or adequate protection is in place.
- Adequate security measures should in place to protect the information. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
- Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion).
In the UK, a number of companies in the Hermes group are registered with the Information Commissioner's Office.
4. Use of Data
4.1 Collection of Data
You may provide us with your Personal Data in order to receive information, advice, products or services from us or in connection with your job application or employment by us. We may request personal information about you such as your name, postal address, email address, and telephone numbers and we may ask for information which enables us to provide a personalised service to you. We ask only for data that is adequate, relevant and not excessive for those purposes.
To comply with money laundering regulations, we may need to request additional evidence of identity from you, and may use a credit reference agency for this purpose (which will record that an enquiry has been made).
If you provide us with the Personal Data of a third party pursuant to a power of attorney, we may process such Personal Data (including information about the third party’s mental health) in order to provide information, goods or services to the third party for whom you act as attorney. In addition, we may hold information about your position as attorney for the purpose of administering products or services to the third party for whom you act as attorney.
4.2 Data collected through our websites
In addition to the information we collect as described above, we use technology to collect anonymous information about the use of our websites. This technology does not identify you personally. This data enables us to compile statistics about the use of our websites, so that we can improve the contents and functionality of our websites and to improve the services we offer.
However, if you access any password protected areas of our websites, then once you submit your password, the website will recognise you and the anonymous information may be combined with other identifying information that we have about you.
In order to collect the anonymous data described in the preceding paragraph, we may use temporary “cookies” that remain in the cookies file of your browser until the browser is closed.
You can set your browser settings to accept or decline cookies. If you choose not to accept cookies from our websites you may not be able to access and use all of part of such websites or benefit from the information and services they offer. The IAB website at www.allaboutcookies.org tells you how to remove cookies from your browser.
We also use your IP address to help diagnose problems with our server and to administer our websites. An IP address is a numeric code that identifies your computer on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information, such as determining how many of our visitors are from outside of the UK.
We may also perform IP lookups to determine which domain you are coming from (i.e. aol.com, yourcompany.com) to more accurately gauge our users' demographics.
4.3 Processing of Data
We process your Personal Data, and share your Personal Data with others, only for specific and limited purposes. Some of these purposes may include, but not be limited to the following:
- To send you newsletters, update emails and other information you request.
- To process and respond to your enquiries and requests for information and/or advice.
- To contact you occasionally to inform you of products and services provided by us or third parties whose products and/or services we think you may be interested in. We may contact you by letter, telephone or email for this purpose.
- To process your customer application form(s) and associated documentation.
- To carry out credit checks, money laundering checks, identification authentication or verification checks.
- To provide the financial and investment services you specified (including but not limited to providing investment advice and research, execution of sales and trading, and corporate access services).
- For the purposes of processing, servicing and maintaining accounts and transaction records.
- To monitor and archive communications with you.
- To comply with legal and regulatory requirements and to resolve disputes.
We sometimes supplement the information that you provide with information that is received from third parties. For instance, if inaccurate post codes are received, we will use third party software to fix them.
We may share or transfer the information in our databases to comply with a legal or regulatory requirement, for the administration of justice, interacting with anti-fraud databases, to protect your vital interests, to protect the security or integrity of our databases or this website, to take precautions against legal liability, or in the event of our sale, merger, reorganisation, transfer of business, dissolution or similar event.
Although we do not currently have any arrangements in place, Hermes GPE reserves the right to disclose all of the personal information that we collect (as described above) to other financial institutions with whom we may, from time to time, establish joint marketing arrangements. Any such agreement will maintain the confidentiality of your personal information.
If you ask us to, we may share your personal information with your designated agent, advisor, or other parties.
4.4 Unsubscribing from services
We will provide you with a convenient method to discontinue electronic communication at your discretion via an "unsubscribe" option on emails, or by contacting Hermes GPE at the address listed in Data Access below.
4.5 Data Integrity and Security
We strive to maintain the reliability, accuracy, completeness and currency of Personal Data in our databases and to protect the privacy and security of our databases. The security measures in place on our website and computer systems aim to prevent the loss, misuse or alteration of the information you provide to us.
We encourage you to ensure that your Personal Data is accurate and kept up to date so please update any information you have provided, or write to us at the address listed under Data Access. We will correct, amend or delete any Personal Data that you notify us is inaccurate and notify any third party recipients of necessary changes.
We reserve the right to monitor, intercept and/or record your communication with us by mail, voice, email or any other form of transmission for the purposes of quality control, security, regulatory and other business needs. We may reject, restrict, delay or remove communications traffic which have a nature, content or attachments which may disrupt our system or because they may pose security risks. We may also filter out emails which contain certain content which is deemed offensive or unwanted spam. Unavoidably such filtering may affect the delivery of some “innocent” emails.
4.7 Data Access
Upon receipt of your written request and enough information to permit us to identify your Personal Data, we will (subject to legal and regulatory requirements) disclose to you the Personal Data we hold about you, for which we may make a small charge.
Requests to delete Personal Data are subject to any applicable legal and regulatory requirements or document retention obligations and any of our current contracts which are still in force.
If you wish to make a subject access request relating to Personal Data held about you by Hermes GPE, please write to:
The Company Secretary,
Hermes GPE LLP,
1 Portsoken Street, London
4.8 Links from our websites to third-party websites
Our websites contain links to other pages on our websites. We may use technology to track how often these links are used and which pages on our websites our visitors choose to view. Again this technology does not identify you personally – it simply enables us to compile statistics about the use of these links.
4.9 Transfer of Data Abroad
We may transfer data between our offices and third party processors which may be located outside the country the data originated in (including, for the avoidance of doubt, the United States of America). Where your Personal Data is transferred abroad we will ensure that the recipient agrees to keep your information confidential and hold it securely in accordance with regulatory requirements.
If you visit our websites from a country other than the country in which our servers are located (currently the UK), the various communications will necessarily result in the transfer of information across international boundaries.
BY PROVIDING US WITH YOUR PERSONAL DATA, YOU CONSENT TO THE PROCESSING AND TRANSFER OF YOUR PERSONAL DATA AS SET OUT IN THIS SECTION.
5.Roles and responsibilities
5.1 The Data Protection Officer
This role is held by the Company Secretary who ensures that registrations are appropriate and current. The board of the relevant registered Hermes GPE entity, in its capacity as Data Controller, ensures that data is gathered for specific purposes as permitted by regulation and may only be used as such.
The purposes for which data has been gathered are confirmed by the executives of each entity at regular intervals.
Senior executives of each registered Hermes GPE entity are required to confirm that data is gathered and used in accordance with the appropriate registration.
5.2 The Information Security Manager
Hermes GPE will ensure that suitable protection of systems and data is in place. Responsibility for the security framework resides with a senior executive.
5.3 The Information Security Officer
The Information Security Officer (ISO) has primary responsibility for the execution of the Information Security Policy at Hermes GPE. The ISO acts as a focal point for IT related security matters, including supporting the development and implementation of systems and business services in accordance with the Information Security Policy, Controls, and Procedures.
Hermes GPE will conduct the firm's business in accordance with the highest ethical standards, respecting the firm's customers, suppliers, and other business counterparties, dealing responsibly with the firm's assets, and complying with applicable legal and regulatory requirements.
Personal Data will be gathered for the following purposes:
- Staff administration
- Advertising, Marketing, and Public Relations
- Accounts and records
- Legal and regulatory requirements
- The operations of Hermes GPE business
Hermes GPE does not sell personal information that is collected from customers.