Who we are
We are Tatton Investment Management Limited, (Tatton), a private limited company registered in England and Wales under number 08219008. Our Registered Office is: Paradigm House, Brooke Court, Wilmslow, Cheshire SK9 3ND.
(“Tatton”, “we”, “our”, and “us”).
We are registered with the UK Information Commissioner’s Office (“ICO”) under registration number ZA229009. Tatton Investment Management Limited is authorised and regulated by the Financial Conduct Authority. Firm Reference Number 733471.
We are not required to appoint a formal data protection officer under data protection laws. However, our Head of Compliance is responsible for data protection in Tatton.
By post: Head of Compliance, Tatton Investment Management Limited, 17, St Swithin’s Lane, London. EC4N 8AL
By telephone: +44 (0)207 139 1470 By email: [email protected]
Data protection principles
Tatton adheres to the following principles when processing your personal data:
Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimisation – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy – data must be accurate and, where necessary, kept up to date.
Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
Information we collect
You may choose to provide us with personal data when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, via our website or otherwise.
The categories of personal data you may provide includes:
first and last name;
date of birth
national insurance number
job title and company name;
Information we collect from third parties
We may also receive personal information from third parties who we work closely with and who are entitled to share that information, e.g. Financial Advisers and Regulators, but only as permitted by applicable law.
Information we collect online
Each time you visit Tatton websites we may automatically collect the following information:
Technical information, including the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone settings, browser plug-in types and versions, operating systems and platforms, etc.; and
Information about your visit, including the full Uniform Resource Locators (URL) of the internet sites you came through to our websites and which pages you visited (including date and time); page response times; download errors; length of visits to certain pages; page interaction information; and methods used to browse away from the page, provided we can do so lawfully.
Cookies (small text files)
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Sensitive personal data
We do not collect sensitive (or special categories of) personal data. Sensitive personal data is defined by data protection laws to include personal data revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning health.
We do not knowingly collect data relating to children.
How we use your information
The purpose for which we use and process your information is explained below:
To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us. This includes but is not limited to performance data for research and analysis purposes;
To comply with legal or regulatory requirements;
For the detection, prevention and investigation of illegal or prohibited criminal activities and in the protection of our legal rights (including liaison with regulators and law enforcement agencies);
To review and analyse the services we provide;
To provide you with access to applications in relation to services you have requested;
To notify you about changes to our services;
To administer the website and secure portals so we can improve the use, presentation, performance and security of the services;
If you do not wish to provide us with your personal data and processing such information is necessary for the performance of a contract with you, we may not be able to perform our obligations under the contract between us.
Tatton will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
Who we share your personal data with
We may share your personal data (including storage and transfer of data) with:
Any members of Tatton for the purposes set out in this Privacy Information Notice;
Any third party so we can meet our legal and regulatory obligations, including statutory or regulatory bodies, law enforcement agencies and company auditors;
Our service providers and agents (including their sub-contractors) or third parties who process information on our behalf in relation to, for example, printing services, bulk communication purposes and internet services. We only disclose the information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not use it for their own direct marketing purposes.
Any third party in the context of actual or threatened legal proceedings provided we can do so lawfully.
Transfers outside of the european economic area
The data that we collect from you may be processed by our service providers (and their employees) operating outside the EEA. Where this is the case, we take steps to ensure appropriate measures and controls are in place to protect your personal information in accordance with applicable data protection laws and regulations in the UK.
Security of your personal data
The security and storage of your personal information is very important to us.
The personal information we collect from you is stored by us on secure servers, protected through a combination of physical and electronic access controls, firewall technology and other security measures.
We will not disclose any personal information, under any circumstances, unless we are satisfied that the individual requesting it has the appropriate authority.
Although we use market standard security software to protect your personal information, we cannot guarantee the security of your or your client’s data transmitted by you to our websites, secure portals, applications or services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If we have given you (or you have chosen) a password to access certain areas of our websites, applications or services please keep this password safe. We will not share this password with anyone. If you believe your account has been compromised, please contact us by any method given above so we can take additional steps to protect your personal information as appropriate.
How long we keep your personal data
Your personal data will not be kept for longer than is necessary for the purposes for which it was collected and processed and for the purposes of satisfying any legal, accounting, or reporting requirements.
You have the following rights:
To be informed about how we obtain and use your information;
To ask for a copy of the information that we hold about you;
To have your information rectified;
To request us to restrict processing of your personal data;
To request to have your information erased (Right to be forgotten);
To have information you provided to us, returned to you or sent directly to another company, in a structured, commonly used and machine• readable format where technically feasible (Data Portability);
Where the processing of your information is based on your consent, the right at any time to withdraw that consent; and
To lodge a complaint with the Information Commissioner’s Office (ICO), the supervisory authority responsible for data protection matters.
You cannot opt out of receiving regulatory or legal information or updates (e.g. information about a change to our product terms and conditions).
If you withdraw your consent to the processing of your personal information or you ask for your information to be erased, we may not be able to provide you with access to all or parts of our website, applications, products or services. If we are not able to comply with your request, we will confirm this to you along with confirmation of the lawful basis which we will rely on to continue processing your personal data.
Exercising your rights
by contacting us as provided in “Contacting us” above.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
Other sites and social media
If you follow a link from our websites, applications or services to another site or service, this Privacy Information Notice will no longer apply. We are not responsible for the information handling practices of third-party sites’ or services and we encourage you to read the Privacy Information Notices appearing on those sites or services.
Whilst every member of the Tatton team has a personal private email address, email which you send to us or which we send to you may be monitored by Tatton to ensure compliance with professional standards and our internal compliance policies. Monitoring is not continuous or routine but may be undertaken on the instruction of senior management where there are reasonable grounds for doing so. Occasional spot checks or audits may also be undertaken on the instruction or with the authority of senior management.
You have the right to make a complaint at any time with a supervisory authority, in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is ICO who can be contacted at https://ico.org.uk or telephone on 0303 123 1113.