“PrismFP Group” consists of three operating entities: Prism Financial Products LLP (“Prism LLP”), Prism Financial Products LP (“Prism LP”), and PrismFP Analytics Ltd (“PrismFP Analytics”). This Privacy Notice is issued on behalf of PrismFP Group; references to “PrismFP Group”, "we", "us" or "our" refer to the relevant operating entity(ies) within PrismFP Group responsible for processing your data.
PrismFP Group respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you about how we look after your personal data when you interact with PrismFP Group, including when you use our brokerage businesses, visit our website(s) and/or use any of our online services (regardless of the geographical location from where you visit them), or provide us with services. It tells you about your privacy rights and how the law protects you.
1. IMPORTANT INFORMATION, WHO WE ARE & CONTACT DETAILS
Purpose of this Privacy Notice
This Privacy Notice sets out how PrismFP Group collects and processes personal data from external contacts. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
Data Controllers, Joint Controllership and EU Representative
PrismFP Group has three operating entities:
3rd Floor, 248A Marylebone Road
London, NW1 6JZ
ICO reg: ZA062960
130 West 42nd Street, 23rd Floor
New York, NY
ICO reg: ZA377778*
3rd Floor, 248A Marylebone Road
London, NW1 6JZ
ICO reg: ZA269746
* Mr J Jerntorp (located in Sweden) has been designated as the EU representative for all three entities and can be contacted via email@example.com. Mr Jerntorp has been mandated by all three entities to be addressed in addition to (and not instead of) them and, accordingly, any correspondence sent to firstname.lastname@example.org will also be received by the relevant entity(ies).
References in this Privacy Notice to the “brokerage(s)” means Prism LLP and Prism LP, collectively or individually, as the circumstances require.
Generally speaking, we act as a data controller in all PrismFP Group’s relationships with clients, suppliers and other third parties. This includes where we provide you with brokerage/research services and/or direct electronic access to markets, exchanges and other trading venues (“Exchanges”) through our licensed-in third party platform(s) and technology (“DEA”).
Members of the PrismFP Group may sometimes (to the extent permitted under applicable laws, regulations and contracts) jointly determine the purposes and means of processing your personal data in relation to our business and, as such, we may sometimes share data and/or act as “joint controllers”. In essence, our respective responsibilities and roles in relation to compliance with applicable laws and, in particular, as regards providing you with information about how we use and look after your personal data and your privacy rights are: (i) centrally overseen by our Chief Information Security Officer (“CISO”) who, in turn, reports to senior management; (ii) governed by a data sharing arrangement between the PrismFP Group entities; and (iii) are further detailed in this Privacy Notice. Our CISO is your first point of contact for queries via: email@example.com. If these data sharing arrangements were ever to be terminated in respect of one of more of the PrismFP Group entities, personal data relating to you may be retained by or, as the case may be, transferred to the terminated entity(ies) or their successors and assignees.
Depending upon the service(s) in question, PrismFP Analytics may act as both data controller and data processor where your company/employer has an agreement with it to use any of the services it makes available through its licensed products (“Analytics Products”). If PrismFP Analytics acts as a data processor, it is generally only in respect of a limited amount of personal data used to provide the core element of the relevant Analytics Product(s) (normally just the personal data which we use for user registration and the processing of the main service inputs and outputs). PrismFP Analytics acts as a data controller for all other aspects of the relationship and uses personal data in that capacity as set out in this Privacy Notice. The exact basis upon which PrismFP Analytics may act as a data processor is set out in its subscription agreement with your company/employer.
Chief Information Security Officer (“CISO”)
Our CISO is responsible for overseeing PrismFP Group’s data privacy compliance and initiatives, and for answering questions in relation to this Privacy Notice.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our CISO: firstname.lastname@example.org or write to the CISO at one of the above addresses.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) and/or potentially your local competent authority (if different). We would, however, appreciate the chance to deal with your concerns before you approach them, so please contact us via: email@example.com in the first instance.
Changes to this Privacy Notice
When we update this Privacy Notice we will (amongst other things) update the versions available on our website(s) and via the links in our emails. Historic versions can be obtained by contacting us at firstname.lastname@example.org.
Informing us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Anyone else’s personal data that you provide to us
If for any reason you provide us with any personal data about someone else, please ensure that you are entitled to do so, and please also provide them with a copy of (or send them a link to) this Privacy Notice.
Third-party links and third party services
Our website(s) and online services (including the Analytics Products and DEA) may include links to third-party websites, plug-ins and applications. If you have a relationship with our brokerage business, you may also elect to communicate with us via messaging services such as Bloomberg. Clicking on those links, enabling those connections, or using those messaging services may allow the relevant third parties to collect or share data about you. We do not control these third-party websites, applications and services and we are not responsible for their privacy statements. When you leave our website(s) or use plug-ins, applications and other third party services, we encourage you to read their respective privacy notices.
Please be assured that any obligations of confidentiality we may have with you in respect of non-personal commercial data (such as details of trades), both under contract and, in the case of the brokerages, under their respective regulatory regimes, are not affected by this Privacy Notice.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information relating to an identified or identifiable natural person (a data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender. In very limited circumstances it may include a copy of your passport for our Know Your Client/Anti-Money Laundering compliance activities.
- Contact Data includes billing address, delivery address, email address, telephone numbers, trader, DEA and similar identifiers, and Bloomberg ID.
- Financial Data includes bank account details (where you supply us with services in your own name or you provide one of the brokerages with details of a family office account bearing a family name).
- Transaction Data includes details about our various commercial interactions, including your usage of Analytics Products, transactions that we may have executed for you as part of our brokerage business, DEA transactions, and services (including various types of research) that we have provided to you or (if you are a supplier) details about business you or your company has done with PrismFP Group.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s), the Analytics Products, DEA or our other online services.
- Profile Data includes your Analytics Products/DEA username(s) and password(s) and other online identifiers, credentials and personalisations.
- Usage Data includes information about how you use our products and services – this may overlap with/relate to the Transaction Data referred to above.
We also collect, use and share Aggregated Data relating to use of PrismFP Group services (including use of Analytics Products and DEA) for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal you or your company’s identity, nor can your specific trades or analysis habits be identified or attributed to you via reverse engineering or otherwise. For example, we may aggregate your Usage Data with that of other Analytics Products users to calculate the percentage of users accessing a specific website/service feature and to identify which, and to analyse why, services are over or under-used.
Other than in very limited circumstances where you provide us with a copy of your passport for our Know Your Client/Anti-Fraud and Anti-Money Laundering compliance activities, and from which your race, ethnicity or religious beliefs might be apparent, we do not collect any Special Categories of Personal Data about you such as sexual orientation, political beliefs, health, genetic or biometric data.
If at any time we collect any information about your criminal convictions and offences, it will be disclosed by you (or at your request), or it will be obtained from the public domain and we will use it only in relation to our Know Your Client/Anti-Fraud/Anti-Money Laundering compliance activities.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you or your company/employer, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into (for example, to provide brokerage services). In this case, we may have to cancel or refuse to provide a service, but we will notify you if this is the case at the time.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you, including:
- Direct interactions. You may give us your Identity, Contact, Profile, Transaction, Usage and Financial Data by filling in forms or by corresponding with us by post, phone, email, Bloomberg, through our website(s) and online services, via text, messaging services, LinkedIn, social media or otherwise. This includes personal data you provide when you:
- undertake our client/DEA initial onboarding and subsequent review processes (which includes our Know Your Client/Anti-Money Laundering compliance activities);
- interact with our brokerage(s) in relation to trading strategies and opportunities;
- receive/request research and analysis from us;
- ask us to execute trades;
- apply/register for, or request a trial of or information about, any of our products or services;
- request/receive support services;
- register and log-in to the Analytics Products, DEA or create an account on our website(s);
- use the Analytics Products/DEA and/or any other online services we offer;
- contact us or visit us in the normal course;
- provide us with references or other information in relation to job applicants;
- provide us with, or contact/negotiate with us about, goods or services (including in relation to our recruitment activities); or
- provide us with feedback of any sort.
Automated technologies or interactions. As you interact with our website(s) and online services (including the Analytics Products/DEA), we (and/or our service providers) may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see paragraph 4 below for further details. We will also collect Usage and Transaction Data to generate Aggregated Data, to provide user/technical support, and to provide enhanced analysis where you or your company/employer have requested it.
PLEASE NOTE: to ensure that PrismFP Group meets its legal and regulatory obligations, communications and interactions of any sort, including email, Bloomberg messages, transactional data feeds and telephone calls, may be recorded/monitored.
- Third parties or publicly available sources. We may receive personal data about you from your company/employer/colleagues and various other third parties and public sources, including as set out below:
- Identity, Contact and Transaction Data from your employer or your colleagues in the normal course of their creation and pursuit of a commercial relationship with us.
- Identity, Contact, Usage and Transaction Data from regulators, relevant authorities, clearers, Exchanges and service providers in the normal course of our brokerage/research relationship with you and your company.
- Identity, Contact, Usage, Profile, Technical and Transaction Data from the third parties we use to help us provide (and any third parties you use to access) our products and services, such as the Analytics Products, DEA, our trading platform(s) and helpdesk providers. In particular, we will receive various personal data via any supported order management system which you or your employer uses to access our DEA platform.
- Technical Data from analytics providers and search information providers such as Google.
- Identity and Contact Data from publicly availably sources such as Google, LinkedIn, Facebook, Twitter, Companies House and the Electoral Register.
- Identity and Contact Data from people and companies who have a current or proposed relationship with you and who introduce us, including recruitment firms.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data as a data controller when the law allows us to and in accordance with this Privacy Notice. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) – normally where a PrismFP Group entity has a current or prospective business relationship with you and/or your company/employer.
- Where we need to comply with a legal or regulatory obligation – this is particularly relevant in relation to our brokerages, which are both regulated entities and this includes using and testing various monitoring services.
- Where we need to perform the contract we are about to enter into or have entered into with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person as we do not have individual persons as clients).
Generally, we do not rely on consent as a legal basis for processing your personal data.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use personal data, and on which of the legal bases we rely to do so. We have also identified what our legitimate interests are, where appropriate.
For these purposes, “legitimate interest” means the interest of PrismFP Group in conducting and managing our business to enable us (if you are a client) to give you the best service/product and the best and most secure and compliant experience/interaction; and (if you are a supplier/service provider or other external contact) to manage our relationship in an efficient, mutually beneficial and legally compliant manner. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
Note that we may process personal data for more than one lawful ground depending on the specific purpose for which we are using it.
Type of data
Lawful basis for processing including basis of legitimate interest
Corresponding with you about our actual/ potential relationship, to onboard you/your company as a new client or as a new supplier/service provider to one or more PrismFP Group entities, and ongoing in relation to our compliance-related activities and obligations.
(a) Necessary for our legitimate interests (to negotiate, implement and perform our contract/pursue our commercial relationship with you/your employer/company)
(b) Necessary to comply with a legal obligation. For example, we have Know Your Client and Anti-Money Laundering obligations to fulfil as part of our onboarding processes for the brokerages and periodically thereafter
(c) Performance of a contract with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person, we do not have individual persons as clients)
Where you are (or interact with us on behalf of) a client, to manage our ongoing relationship with you and/or your company/employer.
This will include (but not be limited to) PrismFP Group entities interacting and using/sharing personal data between themselves and with their respective service providers for the purposes of that relationship.
In the case of the brokerages, PrismFP Group will use personal data to:
(a) contact and interact with you both proactively and reactively about the markets, trading strategies and opportunities
(b) provide research and analysis
(c) execute trades
(d) report, record, reconcile and charge for business that has been undertaken, including reporting to the relevant Exchanges and regulators
(e) answer enquiries and provide updates about our services
(f) collect, use and share Aggregated Data
(g) comply with our regulatory obligations
(h) manage the ongoing relationship
(i) undertake backups and archiving
In the case of PrismFP Analytics/the Analytics Products, PrismFP Group will use personal data to:
(a) onboard you
(b) to contact and interact with you both proactively and reactively about our services and to provide you with user and technical support
(c) provide you with technical support. You will need to give your name and to telephone number and other relevant information when requesting technical support. We may elect to track your usage in order to diagnose and fix the issues you report. This may require a more detailed look into the specific data/trades which you are looking at
(d) provide you with user and technical support. PrismFP Group staff will provide you with both ad hoc and pro-active support and engagement in relation to your use of Analytics Products and your analysis of trading strategies more generally. This will vary according to circumstances but can include (amongst other things):
(e) provide you with, and update you about, the relevant services and potentially, as the services mature, building your user profile and preferences with you
(f) manage your account(s) and your relationship with us more generally including potentially, as the services matures, by personalising the service to provide a richer user experience
(g) provide you with “enhanced analysis” (but only where you or your company/employer have specifically requested it). This is where your company/employer has a market analysis (or similar) agreement with another PrismFP Group entity and we share Analytics Products inputs, outputs, analysis trends and habits, and other relevant information relating to use of the Analytics Products with other entity(ies) with a view to them suggesting other analysis, trades or strategies for your company/employer and its Analytics Products users to consider, and how the users might better optimise their Analytics Products outputs
(h) collect, use and share Aggregated Data. This will include collecting Aggregated Data across all aspects of the Analytics Products and our services to carry out statistical analysis, to help to understand feature popularity and generally to improve, develop and scale the Analytics Products
(i) help provide training and guidance to our staff
(j) undertake backups and archiving
In the case of DEA, PrismFP Group will (either itself or through its service providers/clearers) use personal data:
(a) to contact and interact with you both proactively and reactively about the service and the trades you execute via DEA and to provide you with user and technical support
(b) to provide you with, and update you about, the service including onboarding you and potentially, as the service matures, building your user profile and preferences with you
(c) to manage your user account(s) and your relationship with us more generally including potentially, as the service matures, by personalising the service to provide a richer user experience
(d) when systems send and receive pre-trade communications and trade execution data containing small amounts of personal data as necessary in the course of DEA. This data is part of standard protocols and is required to meet Exchange and/or other legal/regulatory requirements
(e) to collect, use and share Aggregated Data
(f) to undertake backups and archiving
Any and all PrismFP Group entities will use personal data:
(a) to notify you about changes to our terms or privacy practices
(b) for general business as usual correspondence and managing our relationship
(c) to ask you to provide feedback, leave a review or take a survey
(a) Necessary for our legitimate interests (to perform our contract/pursue and proactively manage all aspects of our commercial relationship with you/your employer/company; to keep our records updated and to study how our products/services are used; to prevent fraud; and to monitor, record and manage payments)
(b) Necessary to comply with a legal obligation – in particular, both of the brokerages are regulated
(c) Performance of a contract with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person, as we do not have individual clients)
Generally to administer and protect our business and our website(s), the Analytics Products, DEA and our other online services (including troubleshooting, collecting, using and sharing Aggregated Data, data analysis, testing/piloting of current, proposed and future systems and services, system maintenance, support, reporting (including, where required by the licensor, reporting usage of licensed-in third party data), hosting of data, backups and archiving, and compliance.
(a) Necessary for our legitimate interests (for understanding, running and improving our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with legal obligations
Where you are (or interact with us on behalf of) a supplier or service provider, to manage all aspects of our ongoing relationship with you and/or your company/employer.
This will include (but not be limited to) PrismFP Group entities interacting and using/sharing personal data between themselves and with service providers.
(a) Necessary for our legitimate interests (to perform our contract/pursue and proactively manage all aspects of our commercial relationship with you/your employer/company; to keep our records updated and to study how your products/services are used; to prevent fraud; and to monitor, record and manage payments)
(b) Necessary to comply with a legal obligation – in particular with regard to both of the brokerages, which are regulated entities
If you are providing us with a reference or other information in relation to a job applicant, to process and record the application. This may include sharing your Identity and Contact Data with the relevant regulator(s)/authority(ies) where the applicant is seeking a regulated role. For example, if an applicant is to be registered as a CF4 with the FCA, some or all of the personal data you provide will need be shared with the FCA as part of the registration process.
(a) Necessary for our legitimate interests (for ensuring that we recruit the best candidates and that the candidates are fit and proper persons to work for us and our clients)
(b) Necessary to comply with a legal obligation
To use data analytics and Aggregated Data to improve the Analytics Products, DEA and our website(s) and other PrismFP Group products/services, marketing, client relationships and experiences.
Necessary for our legitimate interests (to define types of customers for our products and services, to keep them updated and relevant, to develop our business and to inform our product/service development and other strategies)
Communications and interactions of any sort with PrismFP Group, including email, Bloomberg messages, transactional data feeds, systems usage and telephone calls, may be recorded/monitored.
Necessary to comply with a legal obligation – in particular with regard to both of the brokerages, which are regulated entities
Necessary for our legitimate interests (for understanding, running and improving our business and improving your interactions with us)
Where you have subscribed or agreed to receive research/analysis from us via one or more of our curated email groups (as opposed to via personalised email interactions with specific PrismFP Group staff) we may use MailChimp (or a similar service) to help us to record and analyse the extent to which the group emails are opened and/or their contents viewed/acted upon/consumed to enable us to record/report consumption, improve/tailor the service and make it more relevant for you and/or other recipients more generally. Each such email you receive will give you the option to opt-out of receiving further emails in the relevant group.
Necessary for our legitimate interests (for understanding, running and improving our business and improving your interactions with us)
Automated decision making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not currently envisage that any such decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
PrismFP Group currently grows its business through recommendations and one-to-one interactions with personal contacts. Updates about what we do are routinely provided as part of our ongoing account management. We do not currently conduct direct marketing initiatives in the commonly understood sense, nor will we sell your data to third parties for their own marketing activities. If our approach to marketing changes in the future, we will update this Privacy Notice and obtain consents/provide opt-outs if and to the extent required by law.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.
- Other companies within PrismFP Group acting jointly or individually as controllers or processors. PrismFP Group entities and their respective personnel often (subject to applicable laws and regulations) work both together and interchangeably when dealing with our clients and other third parties with whom we have a business relationship (and their respective personnel), and personal data is shared between them with a view to giving our clients the best service/product; and to giving everyone with whom we have a business relationship the best and most secure and compliant experience/interaction we can.
- We will disclose personal data to the following categories of external third parties:
Service providers who provide IT and system administration services underpinning PrismFP Group operations generally and/or any of the services we provide to our clients.
In the case of the brokerages and DEA, these third parties provide the trading, clearing, reporting and other platforms that are used to execute, clear, record and report trades and for compliance purposes. They in turn will interact with and report to the Exchanges in various countries on which we do business for you and with the relevant clearing banks and regulators as necessary to conclude and report trades.
In the case of PrismFP Analytics and the Analytics Products, this includes the service providers which (in addition to providing some general IT infrastructure for PrismFP Analytics) host the Analytics Products and provide secure log-ins and a follow-the-sun helpdesk facility.
- Exchanges, regulators and other authorities based in the UK, the US and other territories where the brokerages conduct business for you in accordance with their disclosure/ reporting requirements.
- Our clearers and market makers.
- Bloomberg, where you elect to communicate with the brokerage(s) using Bloomberg systems.
- The platform known as “Docs” (hosted by FIA Tech), for the generation and recording of Give Up Agreements in relation to our brokerage relationship.
- Third parties at your or your company’s/employer’s request. For example, their reporting/data depository portals/service providers.
- Professional advisers including lawyers, bankers, auditors, accountants and insurers.
- Any person or entity to whom we have a right or duty to disclose personal data. For example, to authorities and other official bodies and to relevant trading parties/service providers to assist in the prevention/detection of terrorism, money laundering and other crimes.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
We require our service providers to respect the security and confidentiality of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and/or in accordance with our instructions.
Depending upon the nature of your relationship with us we may also need to share your personal information with clearers, Exchanges, regulators, suppliers and advisers, or otherwise to comply with the law. Generally speaking, these third parties are data controllers and will hold and process personal data shared in this way in accordance with their own privacy policies and the laws and regulations applicable to them.
6. INTERNATIONAL TRANSFERS
We share personal data internationally within PrismFP Group in order to provide the best possible experience for our clients, suppliers and other external contacts. This will involve transferring your data both into and out of the UK and the European Economic Area (“EEA”). We have in place between PrismFP Group entities a global data transfer agreement, which incorporates approved “model clauses” (see the second bullet below for more detail) to ensure that there are adequate safeguards in place for personal data that is transferred between them.
Some of our service providers are based outside the UK/EEA so their processing of your personal data will also involve a transfer of data into and out of the UK/EEA.
When we transfer your personal data out of the UK/EEA to our service providers, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission/UK. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
- Where we use certain service providers (including, in particular, those in the US), specific “model clauses” approved by the European Commission/UK that give personal data the same protection it has in Europe may be used. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
- Where we use service providers based in the US, we may also transfer data to them if they are party to any recognised replacement for Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US.
We may also transfer data internationally as required/permitted by applicable laws/regulations.
Even though we have put in place the arrangements and safeguards described above, when you first log-in to the Analytics Products, we may also ask for your consent to transfer your personal data on an international basis in order to provide you with the Analytics Products and our related services.
For international transfers of your personal data (primarily email addresses and trader IDs) between the brokerages and you or your company/employer (and/or the relevant regulators/Exchanges), during the normal course of our communications and business with you, where no other legitimate basis for transfer applies, we may make those transfers on the basis that they are necessary for the performance of the contract we have with your company/employer which was concluded in the interest of allowing you to use our brokerage/research/DEA or other services.
7. DATA SECURITY
We have put in place appropriate security measures with a view to preventing your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Additionally, we limit access to your personal data to those employees, agents, contractors and our service providers who have a business need to know. They will process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. DATA RETENTION
How long will you use my personal data for?
The basic principle underlying all PrismFP Group data retention decisions is that data of any sort (including personal data) will be retained for whichever is the longest of the following (collectively “Retention Reasons”):
- as long as is necessary to fulfil the purpose for which it was collected (including as may be set out in our contracts and Privacy Notices);
- to comply with legal, regulatory (eg FCA/NFA/CFTC/FINRA), accounting, audit, reporting and internal policy requirements;
- for the establishment or defence of actual and/or anticipated legal claims; and
- as long as any other legitimate reason may justify
To determine the appropriate retention period for personal data, we consider the applicable legal and regulatory requirements in each relevant jurisdiction and the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. If there is no longer an applicable Retention Reason for certain data to be retained, we will erase the data securely, or in some cases anonymise it. We may use anonymised information indefinitely without further notice.
In some circumstances you can ask us to delete your data: see paragraph 9 below for further information.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to: access, update or correct it; restrict or object to our processing of it; ask for it to be erased; have it provided to another controller; or withdraw your consent in respect of it, where we have obtained your consent for processing.
If you wish to exercise any of these rights, please contact us via email@example.com.
No fee usually required
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee where we are legally entitled to. For example, if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.