GDPR Privacy Notice

Data Controller
Artis Partners LLP (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data in compliance with the General Data Protection Regulation (GDPR) and relevant local data protection laws. This Privacy Notice explains how we collect, use, and protect your personal information, as well as your rights regarding that data.

What Information Do We Collect?

We collect and process various types of personal data depending on your interactions with us. This may include:

• Personal Identification Information: Full name, contact details (address, email, phone number), date of birth, and nationality.
• Professional Information: Details of your qualifications, employment history, skills, and references.
• Financial Information: Banking details for payroll (employees only) or invoices (contractors).
• Identification Documents: Passport, driver’s license, or other legal identification to verify identity or right to work.
• Background Check Data: Criminal records, credit checks, or other data required for regulatory compliance.
• Sensitive Data: Information on disabilities or health conditions to facilitate reasonable adjustments, where necessary.

We may collect this data directly from you through application forms, resumes, contracts, or interviews. Additionally, we may collect information from third-party sources such as background check agencies, public databases, or references provided by you.

Why We Process Your Data

We process personal data for the following purposes:

• Client Onboarding and Relationship Management
  To assess suitability for financial services, establish client relationships, manage portfolios, and provide ongoing financial advice or services. This includes complying with KYC and AML regulations to ensure you are eligible to invest or receive advisory services.
• Financial Transactions
  To execute, process, and settle financial transactions, including payments, investments, trades, and any associated advisory or wealth management services.
• Regulatory Compliance: We process your data to comply with relevant financial regulations, including but not limited to:
  • Anti-Money Laundering (AML) requirements.
  • Know Your Customer (KYC) checks.
  • Reporting obligations to tax authorities.
  • Compliance with relevant financial industry regulations (e.g., MiFID II, SEC regulations).
  • Record-keeping for audit and financial compliance purposes.
• Risk Management and Fraud Prevention
  To assess, monitor, and mitigate financial risks, prevent fraud, and ensure the security of financial transactions and client data.
• Legal Obligations and Contractual Requirements
  To fulfill our contractual obligations to clients, service providers, and partners, and ensure compliance with applicable laws, including the handling of disputes or legal proceedings.
• Operational Efficiency and Client Service
  To improve our internal processes, enhance client experiences, and provide tailored financial advice or services. This includes optimising investment strategies based on your financial data.

How We Share Your Data

Your personal data is shared within our organisation on a need-to-know basis and is strictly limited to the following parties:

Internal Teams
Employees and contractors who are directly involved in providing services, processing transactions, or ensuring compliance with financial regulations, including legal, compliance, and risk management teams.

• Third-Party Service Providers
  We may share your data with trusted third-party vendors, service providers, or business partners who perform services on our behalf. These third parties may include:
  • Financial institutions and banks.
  • Auditors and accountants.
  • Legal advisors.
  • Background check agencies.
  • IT and cybersecurity service providers.
• Regulatory Authorities
  We may share your data with financial regulators, government agencies, tax authorities, and other legal entities to comply with mandatory reporting requirements, anti-money laundering (AML) checks, tax obligations, and other legal or regulatory purposes.
• Affiliates and Subsidiaries
  We may share your data with affiliated companies or subsidiaries for cross-border financial services and compliance purposes, subject to appropriate safeguards.

Data Security

We take the protection of your personal data seriously and have implemented robust security measures to safeguard your information against unauthorised access, loss, or alteration. These measures include:

• Encryption
  We use encryption protocols to protect your data when it is transmitted electronically.
• Access Controls
  We have implemented strict access controls to ensure that only authorised personnel have access to sensitive data.
• Regular Audits and Monitoring
  We conduct regular security audits and monitor our systems to identify and address potential vulnerabilities.
• Employee Training
  All staff members are trained on data protection practices to ensure they understand the importance of safeguarding personal data.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Specifically:

• Client Data
  We retain financial and transactional data for a period required by law, typically for at least 5-7 years, in accordance with financial regulatory requirements.
• Unsuccessful Transactions or Applications
  Personal data related to unsuccessful investment applications or transactions may be retained for a period of 12 months, after which it will be securely deleted or anonymized.
• Audit and Compliance Records
  Certain data may be retained for extended periods due to legal or regulatory requirements related to audit, taxation, and financial compliance.

Your Rights Under GDPR

Under GDPR, you have the following rights in relation to your personal data:

• Right of Access
  You can request access to the personal data we hold about you and obtain a copy.
• Right to Rectification
  You can request corrections to inaccurate or incomplete data.
• Right to Erasure
  You can request the deletion of your data when it is no longer necessary for the purposes it was collected.
• Right to Restriction of Processing
  You can request the restriction of processing of your personal data under certain conditions.
• Right to Portability
  You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to Object
  You can object to the processing of your personal data based on legitimate interests or direct marketing.
• Right to Withdraw Consent
  If processing is based on your consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact our Data Protection Officer at the contact details below. We will respond to your request within one month.

Automated Decision-Making

We do not engage in automated decision-making that affects you in a significant way, including profiling for financial transactions or service provision. Any decisions related to your financial services or transactions are reviewed and confirmed by authorised personnel.

International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs)
  Approved by the European Commission for the transfer of personal data to non-EEA countries.
• Binding Corporate Rules (BCRs)
  Where applicable, we ensure that inter-company data transfers are governed by appropriate binding corporate rules to protect your privacy rights.

Changes to This Privacy Notice

We regularly review and update our Privacy Notice to reflect changes in legislation, business practices, or new service offerings. The most recent version of this Privacy Notice will be made available on our website.

Contact Information

If you have any questions or concerns regarding this Privacy Notice or our data practices, please contact:

DataProtectionofficer@artispartners