“Prism Group” consists of three operating entities: Prism Financial Products LLP (“Prism LLP”), Prism Financial Products LP (“Prism LP”), and PrismFP Analytics Ltd (“Analytics Ltd”). This Privacy Notice is issued on behalf of Prism Group; references to “Prism Group”, "we", "us" or "our" refer to the relevant operating entity within Prism Group responsible for processing your data.
Prism Group respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you about how we look after your personal data when you interact with the Prism Group, including when you use our brokerage businesses, visit our website(s) and/or use any of our online services (regardless of the geographical location from where you visit them), or provide us with services. It tells you about your privacy rights and how the law protects you.
1. IMPORTANT INFORMATION, WHO WE ARE & CONTACT DETAILS
Purpose of this Privacy Notice
This Privacy Notice sets out how Prism Group collects and processes personal data from external contacts. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
3rd Floor, 248A Marylebone Road
London, NW1 6JZ
ICO reg: ZA062960
130 West 42nd Street, 23rd Floor
New York, NY
ICO reg: ZA377778*
3rd Floor, 248A Marylebone Road
London, NW1 6JZ
ICO reg: ZA269746
* Prism LLP has been designated as the representative in the EEA of Prism LP.
References in this Privacy Notice to the “brokerage(s)” means Prism LLP and Prism LP, collectively or individually, as the circumstances require.
If your company has an agreement with Analytics Ltd to use the Prism Analytics Modules platform (also known as “PAM”), then under that relationship Analytics Ltd is a data processor in respect of the limited amount of personal data we use to provide the core element of that service. The basis upon which we act as a data processor is set out in our PAM Agreement with your company, and is also detailed in the Privacy Notice, which all PAM users can access when they log-in to PAM.
We have appointed a CISO, who is responsible for overseeing Prism Group’s data privacy compliance and initiatives, and for answering questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our CISO: email@example.com or write to them at one of the above addresses.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( www.ico.org.uk) and/or potentially your local competent authority (if different). We would, however, appreciate the chance to deal with your concerns before you approach them, so please contact us via: firstname.lastname@example.org in the first instance.
Changes to the Privacy Notice
This version was implemented with effect from 25 May 2018. When we update this Privacy Notice we will (amongst other things) update the versions available on our website(s) and via the links in our emails. Historic versions can be obtained by contacting us at email@example.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Anyone else’s personal data that you provide to us
If for any reason you provide us with any personal data about someone else, please ensure that you are entitled to do so, and please provide them with a copy of this Privacy Notice.
Our website(s) and online services may include links to third-party websites, plug-ins and applications. If you have a relationship with our brokerage business, you may also elect to communicate with us via messaging services such as Bloomberg. Clicking on those links, enabling those connections, or using those messaging services may allow the relevant third parties to collect or share data about you. We do not control these third-party websites, applications and services and we are not responsible for their privacy statements. When you leave our website(s) or use plug-ins, applications and other third party services, we encourage you to read their respective privacy notices.
Please be assured that any obligations of confidentiality we may have with you in respect of non-personal commercial data (such as details of trades), both under contract and, in the case of the brokerages, under their respective regulatory regimes, are not affected by this Privacy Notice.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information relating to an identified or identifiable natural person (a data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender. In limited circumstances it may include a copy of your passport for our Know Your Client/Anti-Money Laundering compliance activities.
Contact Data includes billing address, delivery address, email address, telephone numbers, trader and similar identifiers, and Bloomberg ID.
Financial Data includes bank account details (where you supply us with services in your own name or you provide one of the brokerages with details of a family office account bearing a family name).
Transaction Data includes details about our various commercial interactions, including transactions that we may have executed for you as part of our brokerage business, and services (including various types of research) that we have provided to you or (if you are a supplier) details about business you or your company has done with Prism Group.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s), PAM or our other online services.
Profile Data includes your PAM username and password and other online identifiers and personalisations.
Usage Data includes information about how you use our products and services – this may overlap with/relate to the Transaction Data referred to above.
We also collect, use and share Aggregated Data relating to use of Prism Group services for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal you or your company’s identity, nor can your specific trades or analysis habits be identified or attributed to you via reverse engineering or otherwise. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website/service feature and to identify which, and to analyse why, services are over or under-used.
Other than in very limited circumstances where you provide us with a copy of your passport for our Know Your Client/Anti-Fraud and Anti-Money Laundering compliance activities, and from which your race, ethnicity or religious beliefs might be apparent, we do not collect any Special Categories of Personal Data about you such as sexual orientation, political beliefs, health, genetic or biometric data.
If at any time we collect any information about your criminal convictions and offences, it will be from the public domain and we will use it only in relation to our Know Your Client/Anti-Fraud/Anti-Money Laundering compliance activities.
Where we need to collect personal data by law, or under the terms of a contract we have with you or your company, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into (for example, to provide brokerage services). In this case, we may have to cancel or refuse to provide a service, but we will notify you if this is the case at the time.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
Direct interactions. You may give us your Identity, Contact, Profile, Transaction, Usage and Financial Data by filling in forms or by corresponding with us by post, phone, email, Bloomberg, through our website(s) and online services or otherwise. This includes personal data you provide when you:
- undertake our client onboarding process (which includes our Know Your Client/Anti-Money Laundering compliance activities)
- interact with our brokerage(s) in relation to trading strategies and opportunities;
- receive/request research and analysis from us;
- ask us to execute trades;
- apply/register for our products or services;
- register and log-in to PAM or create an account on our website(s);
- use PAM and any other online services we offer;
- contact us or visit us in the normal course;
- provide us with references or other information in relation to job applicants;
- provide us with goods or services (including in relation to our recruitment activities); or
- provide us with feedback.
Automated technologies or interactions. As you interact with our website(s) and online services (including PAM),
we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal
data by using cookies, server logs and other similar technologies. Please see section 4 below for further details. We will
also collect Usage and Transaction Data to generate Aggregated Data.
PLEASE NOTE: to ensure that Prism Group meets its legal and regulatory obligations, electronic communications, including email and telephone calls, may be recorded/monitored.
Third parties or publicly available sources. We may receive personal data about you from your company/employer and various other third parties and public sources, including as set out below:
- Identity and Contact Data from your employer or your colleagues in the normal course of their creation and pursuit of their commercial relationship with us.
- Identity, Contact, Usage and Transaction Data from regulators, relevant authorities, clearers, Exchanges and service providers in the normal course of our brokerage relationship with you and your company.
- Identity, Contact, Usage and Transaction Data from the third parties we use to help us provide our products and services, such as our trading platform(s) and helpdesk providers.
- Technical Data from analytics providers and search information providers such as Google.
- Identity and Contact Data from publicly availably sources such as Google, LinkedIn, Facebook, Twitter, Companies House and the Electoral Register.
- Identity and Contact Data from people and companies who have a current or proposed relationship with you and who introduce us.
4. HOW WE USE YOUR PERSONAL DATA
- Where it is necessary for our legitimate interests (or those of a third party) – normally where a Prism Group entity has a current or prospective business relationship with you and/or your company.
- Where we need to comply with a legal or regulatory obligation – this is particularly relevant in relation to our brokerages, which are both regulated entities.
- Where we need to perform the contract we are about to enter into or have entered into with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person as we do not have individual clients).
We have set out below, in a table format, a description of all the ways we plan to use personal data, and on which of the legal bases we rely to do so. We have also identified what our legitimate interests are, where appropriate.
For these purposes, “legitimate interest” means the interest of Prism Group in conducting and managing our business to enable us (if you are a client) to give you the best service/product and the best and most secure experience/interaction; and (if you are a supplier/service provider or other external contact) to manage our relationship in an efficient, mutually beneficial and legally compliant manner. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us via firstname.lastname@example.org.
Note that we may process personal data for more than one lawful ground depending on the specific purpose for which we are using it. Please contact us via email@example.com if you have any questions about this.
Type of data
Lawful basis for processing including basis of legitimate interest
Corresponding with you about our actual/potential relationship and to onboard you/your company as a new customer or as a new supplier/service provider to one or more Prism Group entities
(a) Necessary for our legitimate interests (to negotiate, implement and perform our contract/pursue our commercial relationship with you/your employer/company)
(b) Necessary to comply with a legal obligation. For example, we have Know Your Client and Anti-Money Laundering obligations to fulfil as part of our onboarding processes for the brokerages
(c) Performance of a contract with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person, we do not have individual clients)
Where you are (or interact with us on behalf of) a client, to manage our ongoing relationship with you and/or your company/employer.
This will include (but not be limited to) Prism Group interacting and using/sharing personal data between themselves and with their respective service providers for the purposes of that relationship.
In the case of the brokerages, Prism Group will use personal data to:
(a) contact and interact with you both proactively and reactively about the markets, trading strategies and opportunities
(b) provide research and analysis
(c) execute trades
(d) report, record, reconcile and charge for business that has been undertaken, including reporting to the relevant exchanges and regulators
(e) answer enquiries and provide updates about our services
(f) collect, use and share Aggregated Data
(g) comply with our regulatory obligations
(h) manage the ongoing relationship
(i) undertake backups and archiving
In the case of Analytics Ltd/PAM, Prism Group will use personal data to:
a) contact and interact with you both proactively and reactively about our services and to provide you with user and technical support
(b) provide you with, and update you about, the relevant services including onboarding you and potentially, as the service matures, building your user profile and preferences with you
(c) manage your user account(s) and your relationship with us more generally including potentially, as the service matures, by personalising the service to provide a richer user experience
(c) collect, use and share Aggregated Data
(d) undertake backups and archiving
Any and all Prism Group entities will use personal data:
(a) to notify you about changes to our terms or privacy practices
(b) for general business as usual correspondence and managing our relationship
(c) to ask you to leave a review or take a survey
(a) Necessary for our legitimate interests (to perform our contract/pursue and proactively manage all aspects of our commercial relationship with you/your employer/company; to keep our records updated and to study how our products/services are used; to prevent fraud; and to monitor, record and manage payments)
(b) Necessary to comply with a legal obligation – in particular, both of the brokerages are regulated
(c) Performance of a contract with you (where you deal with us in your personal capacity – this is only likely to be the case where you supply services to us in person, as we do not have individual clients)
Generally to administer and protect our business and our website(s), PAM and our other online services (including troubleshooting, collecting, using and sharing Aggregated Data, data analysis, testing, system maintenance, support, reporting (including, where required by the licensor, reporting usage of licensed-in third party data), hosting of data, backups and archiving, and compliance
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
Where you are (or interact with us one behalf of) a supplier or service provider, to manage all aspects of our ongoing relationship with you and/or your company/employer.
This will include (but not be limited to) Prism Group interacting and using/sharing personal data between themselves and with service providers.
(a) Necessary for our legitimate interests (to perform our contract/pursue and proactively manage all aspects of our commercial relationship with you/your employer/company; to keep our records updated and to study how your products/services are used; to prevent fraud; and to monitor, record and manage payments)
(b) Necessary to comply with a legal obligation – in particular with regard to both of the brokerages, which are regulated entities
If you are providing us with a reference or other information in relation to a job applicant, to process and record the application. This may include sharing your Identity and Contact Data with the relevant regulator(s)/authority(ies) where the applicant is seeking a regulated role. For example, if an applicant is to be registered as a CF4 with the FCA, some or all of the personal data you provide will need be shared with the FCA as part of the registration process.
(a) Necessary for our legitimate interests (for ensuring that we recruit the best candidates and that the candidates are fit and proper persons to work for us and our clients)
(b) Necessary to comply with a legal obligation
To use data analytics and Aggregated Data to improve PAM and our website(s) and other Prism Group products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep them updated and relevant, to develop our business and to inform our product/service development and other strategies)
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not currently envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Prism Group currently grows its business through recommendations and one-to-one interactions with personal contacts. Updates about what we do are routinely provided as part of our ongoing account management. We do not currently conduct direct marketing initiatives in the commonly understood sense, nor will we sell your data to third parties for their own marketing activities. If our approach to marketing changes in the future, we will update this Privacy Notice and obtain consents/provide opt-outs as required by law.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us via firstname.lastname@example.org.
5. DISCLOSURES OF YOUR PERSONAL DATA
- Other companies within Prism Group acting jointly or individually as controllers or processors and who are based in the UK and the US. Prism Group entities and their respective personnel often (subject to applicable laws and regulations) work both together and interchangeably when dealing with our clients and other third parties with whom we have a business relationship (and their respective personnel), and personal data is shared between them with a view to giving our clients the best service/product; and to giving everyone with whom we have a business relationship the best and most secure experience/interaction we can.
- We will disclose personal data to the following categories of external third parties:
- Service providers acting as processors based in the UK, the US and Canada who provide IT and system administration services underpinning Prism Group operations generally and/or the services we provide to our clients.
- In the case of the brokerages, these third parties provide the trading, clearing, reporting and other platforms that are used to execute, clear, record and report trades and for compliance purposes. They in turn will interact with and report to the Exchanges in various countries on which we do business for you and with the relevant clearing banks and regulators as necessary to conclude and report trades.
- In the case of Analytics Ltd and PAM, the service providers (in addition to providing some general IT infrastructure for Analytics Ltd) host the PAM platform and provide a follow-the-sun helpdesk facility.
- Exchanges, regulators and other authorities based in the UK, the US and other territories where the brokerages conduct business for you in accordance with their disclosure/reporting requirements.
- Bloomberg, where you elect to communicate with the brokerage(s) using Bloomberg systems.
- The platform known as “Docs” (hosted by FIA Tech), for the generation and recording of Give Up Agreements in relation to our brokerage relationship.
- Third parties at your or your company’s/employer’s request. For example, their reporting/data depository portals/service providers.
- Professional advisers including lawyers, bankers, auditors, accountants and insurers based primarily in the UK and the US who provide consultancy, banking, legal, insurance and accounting services.
- Any person or entity to whom we have a right or duty to disclose personal data. For example, to authorities or other official bodies to assist in the prevention/detection of terrorism, money laundering and other crimes.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
We require our service providers to respect the security of your personal data and to treat it in accordance with the law and we do not allow them to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Depending upon the nature of your relationship with us we may also need to share your personal information with clearers, Exchanges, regulators, suppliers and advisers, or otherwise to comply with the law. Generally speaking, these third parties are data controllers and will hold and process personal data shared in this way in accordance with their own privacy policies and the laws and regulations applicable to them.
6. INTERNATIONAL TRANSFERS
We share personal data within Prism Group in the UK and US in order to provide the best possible experience for our clients, suppliers and other external contacts. This will involve transferring your data both into and out of the European Economic Area (“EEA”). We have in place between Prism Group entities a global data transfer agreement, which incorporates approved “model clauses” (see the second bullet below for more detail) to ensure that there are adequate safeguards in place for personal data that is transferred between them.
When we transfer your personal data out of the EEA to our service providers, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission – for example, we retain records for our brokerages’ compliance purposes using a provider that is based in Canada. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
- Where we use certain service providers, we may use specific “model clauses” approved by the European Commission that give personal data the same protection it has in Europe. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
- Where we use service providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
Please contact us via email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Additionally, we limit access to your personal data to those employees, agents, contractors and our service providers who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements in the relevant jurisdictions (e.g. for/to the FCA/NFA).
To determine the appropriate retention period for personal data, we consider the applicable legal and regulatory requirements in each relevant jurisdiction and the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
As referred to above, when creating Aggregated Data, we will anonymise your personal data (so that it can no longer be associated with you or your company/employer) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Further details of retention periods for different aspects of your personal data are available in our Data Retention policy which you can request from us by contacting us via firstname.lastname@example.org.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to: access, update or correct it; restrict or object to our processing of it; ask for it to be erased; have it provided to another controller; or withdraw your consent in respect of it, where we have obtained your consent for processing.
If you wish to exercise any of the rights set out above, please contact us via email@example.com.
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee where we are legally entitled to. For example, if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.