PrismFP

Privacy Notice

1. WHO WE ARE, CONTACT DETAILS & OTHER IMPORTANT INFORMATION

PrismFP Group PrismFP Group consists of PrismFP Partners LLP (which reference includes any successor holding entity, including due to any reorganisation) and any current, successor and future entities (and their respective branches) which directly or indirectly control, are controlled by, or are under common control with PrismFP Partners LLP, whether by shareholding, voting power, board or management representation, contract or otherwise, where “control” means the power of a person directly or indirectly to secure that the affairs of the entity in question are conducted in accordance with their wishes whether via shareholding, board or management control, or otherwise. References to “PrismFP Group”, "we", "us" or "our" refer to the relevant entity(ies) within PrismFP Group responsible for processing your data. References in this Privacy Notice to the “brokerage(s)” mean (collectively or individually, as the circumstances require) the PrismFP Group entities (and their branches) which are registered as brokerages with the applicable authorities.

PrismFP Group respects your privacy and is committed to protecting your personal data. This Privacy Notice tells you how we look after your personal data when you interact with PrismFP Group. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements those other notices and is not intended to override them.

Data Controllers: As mentioned above, PrismFP Group is made up of a number of different entities. Postal addresses for the main operating entities within PrismFP Group can be found on www.prismfp.com. We always act as a data controller in all PrismFP Group’s relationships with clients, suppliers and other third parties unless and to the extent specifically agreed otherwise in a contract with your company/employer. Which PrismFP Group entity(ies) acts as data controller in any specific instance will depend on the circumstances.

Joint controllers: PrismFP Group entities may sometimes jointly determine the purposes and means of processing your personal data in relation to our business and we may sometimes share data and/or act as “joint data controllers”. In essence, our respective responsibilities and roles in relation to your personal data are: (i) centrally overseen by our Chief Information Security Officer (“CISO”) (and who, in turn, reports to senior management); (ii) governed by a data sharing arrangement between the PrismFP Group entities; and (iii) further detailed in this Privacy Notice. If these data sharing arrangements were ever to be terminated in respect of one of more of the PrismFP Group entities, personal data relating to you may be retained by or, as the case may be, transferred to the terminated entity(ies) or their successors and assignees.

EU Representative: PrismFP Analytics Ltd Eesti filial (registry no. 16221453), the Estonian branch of PrismFP Analytics Limited (“PrismFP Analytics”), has been designated as the EU representative for PrismFP Group operating entities located outside the EU and can be contacted via privacy@prismfp.com. The Estonian branch has been mandated by those entities to be addressed in addition to (and not instead of) them and, accordingly, any correspondence sent to privacy@prismfp.com will also be received by the relevant entity(ies).

Contacting us: If you have any questions about this Privacy Notice or how we process your personal data, including any requests to exercise your legal rights, please contact our CISO: privacy@prismfp.com.

Complaints: You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) and/or potentially your local competent authority (if different). We would, however, appreciate the chance to deal with your concerns before you approach them, so please contact us via: privacy@prismfp.com in the first instance.

Changes to this Privacy Notice: We may update this Privacy Notice without notice and, when we do, we will (amongst other things) update the versions available on our website(s) and via the links in our emails and we encourage you to read them.

Informing us of changes: It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Anyone else’s personal data that you provide to us: If for any reason you provide us with any personal data about someone else, please ensure that you are entitled to do so, and please also provide them with a copy of (or send them a link to) this Privacy Notice.

Third-party links and third party services: The various website(s) and other online services which we make available to you (collectively, our “Technology”) may include links to third-party websites, plug-ins and applications. If you have a relationship with our brokerage business, you may also elect to communicate with us via messaging services such as Bloomberg. We do not control these third-party websites, applications and services and we are not responsible for their privacy practices. We encourage you to read their respective privacy notices before using them.

2. WHAT DATA WE COLLECT ABOUT YOU

We may collect, use, store and transfer different kinds of personal data about you in the course of operating our business and providing our various services and Technology (collectively, our “Services”), such as:

  • Identity Data: includes name, username or similar identifier, title, date of birth, gender, and other background verification data such as a copy of passports or utility bills or evidence of beneficial ownership or the source of funds to comply with client due diligence/“know your client”/anti-money laundering, fraud prevention and other applicable laws (collectively, “Compliance”) which may, where relevant, include special categories of personal data.
  • Contact Data: includes billing address, delivery address, email address, telephone numbers, trader, Technology and similar identifiers, and Bloomberg ID.
  • Financial Data: includes bank account details and payment-related information.
  • Transaction Data: includes details about your various commercial interactions, conversations and communications with PrismFP Group whether as client, supplier or otherwise.
  • Usage and other Technical Data: such as information about how you access and use our Technology collected through cookies and other tracking technologies, including internet protocol (IP) address, login data, page views, session duration, trends, browser type, time zone setting and location, and operating system.
  • Profile Data: includes your Technology username(s) and password(s) and other online identifiers, credentials and personalisations.
  • Demographic Data: such as your address, preferences and interests.
  • Other Data: includes any other data relating to you that you may provide to us e.g in course of registering for and attending events or meetings (including access and dietary requirements) or otherwise.

We also collect, use and share Aggregated Data relating to use of our Services for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal you or your company’s identity, nor can your specific trades or analysis habits be identified or attributed to you via reverse engineering or otherwise.

Other than where you provide us with a copy of your passport for our Compliance activities, and from which your race, ethnicity or religious beliefs might be apparent, we do not collect any Special Categories of Personal Data about you such as sexual orientation, political beliefs, health, genetic or biometric data.

If at any time we collect any information about your criminal convictions and offences, it will be disclosed by you (or at your request), or it will be obtained from the public domain and we will use it only in relation to our Compliance activities.

If you fail to provide personal data: Where we need to collect personal data by law, or under the terms of a contract we have with you or your company/employer, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into. In this case, we may have to cancel or refuse to provide a Service, but we will notify you if this is the case at the time.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you, including from:

  • Direct interactions: You may give us data by corresponding with us by post, phone, email, Bloomberg, through our Technology, via text, messaging services, LinkedIn, social media or otherwise.
  • Automated technologies or interactions. Where we monitor use of, or interactions with, our Technology and email and other communications sent from or received by us. We will also collect Usage and Transaction Data to generate Aggregated Data, to provide user/technical support, and to provide enhanced analysis where you or your company/employer have requested it. PLEASE NOTE: to ensure that PrismFP Group meets its legal and regulatory obligations, communications and interactions of any sort, including email, Bloomberg messages, transactional data feeds and telephone calls, may be recorded/monitored.
  • Third parties. For example, we may collect information about you to assist with our Compliance procedures; we may receive information about you from regulators, relevant authorities, clearers, exchanges and service providers in the normal course of our brokerage/research relationship with you; or from your company/employer or your colleagues in the normal course of their creation and pursuit of a commercial relationship with us.
  • Publicly available and industry-centric sources. We may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking/marketing purposes, e.g. Google, LinkedIn, Facebook, X/Twitter, Bloomberg, corporate websites, Companies House and the Electoral Register.

4. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data as a data controller when the law allows us to, in accordance with this Privacy Notice, and normally under one or more of the following legal grounds:

Contract performance: where your information is necessary to enter into or perform our contract with you.

Legal obligation: where we need to use your information to comply with our Compliance and other legal/regulatory obligations.

Legitimate interests: where we use your information to achieve a legitimate interest in relation to our business and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: where your information is necessary for us to defend, prosecute or make a claim.

Consent: where you have consented to our use of your information and you have not withdrawn your consent.

We may use your personal data in the following ways. In each case, we have noted the legal grounds we rely on to use your personal data:

To negotiate with you and to onboard you as a client/supplier including for general correspondence and Compliance. Legal grounds: contract performance, legitimate interests, legal obligations.

To administer all aspects of our ongoing relationship,, whether by providing our Services to you; receiving goods or services from you, or otherwise. Legal grounds: contract performance, legitimate interests, legal obligations, consent.

To operate, manage and protect all aspects of our business, including generating Aggregated Data, statistics and analysis and general business management, accounting and record-keeping. Legal grounds: contract performance, legitimate interests, legal obligations.

To facilitate the provision, use, support and security of, improvements to, and training in respect of, our Services, including ensuring that the Services we provide are relevant and effective for you. Legal grounds: legitimate interests, consent, contract performance, legal obligations.

For marketing and business development purposes – to provide you with details of new services and updates, and invites to marketing meetings related to the Services you receive from us, or where you have chosen to receive these. Occasionally we may also contact people in the industry with whom we do not yet have a direct relationship. To make contact in this way, we generally obtain a person’s details from their colleagues or contacts; corporate websites; chat and messaging services; publicly available sources (such as Google, Companies House etc) and social media and online communities such as LinkedIn and X/Twitter. You can always opt out of further marketing communications using any options/details provided at the time or by contacting us as set out in section 1 above. Legal grounds: legitimate interests, consent.

For research and development purposes – in order to better understand your service, technology, marketing and other business requirements, to better understand our business, and to develop our Service offerings. Legal grounds: legitimate interests.

To fulfil all our various legal, regulatory and risk management obligations – to comply with our legal, regulatory and Compliance obligations; to enforce our legal rights; and/or to protect the rights of third parties. Legal grounds: legal obligations, legal claims, legitimate interests. Where we process special categories of personal data we may also rely on substantial public interest (prevention or detection of crime) or legal claims. 

To ensure that we are paid and to address any disputes – to recover any payments due to us and to bring, defend and participate in any other legal actions and claims that may arise. Legal grounds: contract performance, legal claims, legitimate interests.

To inform you of changes – to notify you about changes in our business, including changes to our Services, our terms of business or this Privacy Notice. Legal grounds: legitimate interests.

To make changes to our business - if we undergo a re-organisation, restructure, merger, listing or sale of the whole or any part(s) of our business (each, a “Change”), we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transfer your personal data within the PrismFP Group or to a third party for the same purposes as set out in this Privacy Notice or for the purpose of analysing any proposed Change. Legal grounds: legitimate interests.

Automated decision making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not currently envisage that any such decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Cookies. Our Technology may use cookies. For more information about the cookies we may use for our Technology offerings, please see their respective cookie notices.

Change of purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. WHO WE SHARE YOUR PERSONAL DATA WITH

Your personal data may be shared with and processed by any PrismFP Group entity. We may also share your personal data with the following categories of third parties:

  • Service providers who provide services to PrismFP Group operations generally and/or any of our Services.
  • Exchanges, regulators and other authorities based in the UK, the US, Denmark and other territories where the brokerages conduct business for you in accordance with their disclosure/reporting requirements.
  • Our clearers and market makers.
  • Third parties at your or your company’s/employer’s request. For example, their reporting/data depository portals/service providers and clearers.
  • Professional advisers including lawyers, bankers, auditors, accountants and insurers.
  • Any person or entity to whom we have a right or duty to disclose personal data. For example, to authorities and other official bodies and to relevant trading parties/service providers to assist in the prevention/detection of terrorism, money laundering and other crimes and for our Compliance activities.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

6. INTERNATIONAL TRANSFERS

When providing our Services, we may need to transfer personal data to locations outside the jurisdiction in which you provide it where the data protection laws may not be as comprehensive.

Regardless of the location of our processing, we will impose the data protection safeguards and implement appropriate measures to ensure that your personal data is protected in accordance with applicable data protection laws. PrismFP Group has a data sharing agreement in place which includes standard contractual clauses. Similarly, where a third party service provider processes personal data on our behalf, we will ensure that appropriate measures are in place to ensure an adequate level of protection for your personal data, this is usually achieved by: (i) including standard contractual clauses in our agreements with such third party service providers; (ii) ensuring that an appropriate “adequacy” decision exists which permits the transfer; or (iii) by confirming that the data recipient has signed up to the EU/UK-US Data Privacy Framework (www.dataprivacyframework.gov).

Where you are in contact with the brokerages in the normal course of your business relationship with them, we may both be using Bloomberg or other messaging as a means of international communication and we are both using such messaging on their providers’ own terms of use and privacy.

We may also transfer data internationally as required/permitted by applicable laws/regulations.

For international transfers of your personal data (primarily email addresses and trader IDs) between the brokerages and you or your company/employer (and/or the relevant regulators/exchanges), during the normal course of our communications and business with you, where no other legitimate basis for transfer applies, we may make those transfers on the basis that they are necessary for the performance of the contract we have with your company/employer which was concluded in the interest of allowing you to use our Services.

7. DATA SECURITY

We have put in place appropriate security measures with a view to preventing your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those of our employees, agents, contractors and service providers who have a business need to know. We require those of our service providers which process personal data on our behalf to respect the security and confidentiality of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and/or in accordance with our instructions. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. DATA RETENTION

The basic principle underlying all PrismFP Group data retention decisions is that data of any sort will be retained for whichever is the longest of the following: (i) as long as is necessary to fulfil the purpose for which it was collected (including as may be set out in our contracts and Privacy Notices); (ii) to comply with legal, regulatory, accounting, audit, reporting and internal policy requirements; (iii) for the establishment or defence of actual and/or anticipated legal claims; and (iv) as long as any other legitimate reason may justify, (collectively “Retention Reasons”). If there is no longer an applicable Retention Reason for certain data to be retained, we will erase the data securely, or in some cases anonymise it. We may use anonymised information indefinitely without further notice.

9. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to: access, update or correct it; restrict or object to our processing of it; ask for it to be erased; have it provided to another controller; or withdraw your consent in respect of it, where we have obtained your consent for processing. If you wish to exercise any of these rights, please contact us via: privacy@prismfp.com.