Privacy Policy.

What Type of Personal Information We Collect

Personnel

We currently collect and process the following information:

  • Full Name(s) including title
  • Nationality
  • Date of birth
  • Material status
  • Contact number
  • Home address
  • Personal email addresses
  • Health/medical information
  • Banking information (account
    number, sort code, bank address)
  • National insurance
  • Tax codes/references and allowances
  • Emergency contact details (names, relationship to personnel & number)
  • Biometrics
  • DBS check reports
  • Pension scheme information
  • Government repayment plans (student loans, council tax, CSA ECT)
  • Passport information
  • Maternity/paternity/dependant information
  • Joint account holder information including name and banking details

Clients

  • Full Name(s) including title
  • Contact phone number
  • Address(es)
  • Employment details
  • Date of birth
  • Nationality
  • Passport numbers
  • Driver’s license
  • National identity card information
  • Proof of address including bank statements & utility bills
  • Proof of source of funds/wealth
  • Demographics
  • Marketing Preferences
  • Joint account holder information including name and banking details

Third Parties

  • Full Name(s) including title
  • Contact phone number
  • Address(es)
  • Employment details
  • Date of birth
  • Nationality
  • Passport numbers
  • Driver’s license
  • National identity card information
  • Proof of address including bank statements & utility bills
  • Proof of source of funds/wealth
  • Demographics
  • Marketing Preferences
  • Joint account holder information including name and banking details

What Type of Personal Information We Collect

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • To support Anti-Money Laundering checks.
  • KYC.
  • Repayment from investments.

We use the information that you have given us to verify potential customers identities and check against relevant sanctions listings before proceeding with the investment application processes. We may share this information with Refinitive-Worldcheck and other government establishments for the purpose of our legal obligations to establish and verify you’re identity and ensure that you are not directly linked to any relevant sanction’s listings.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  1. Your consent. You can remove your consent at any time. You can do this by contacting info@the79thgroup.co.uk
  2. We have a contractual obligation
  3. We have a legal obligation
  4. We have a vital interest.
  5. We need it to perform a public task
  6. We have a legitimate interest

Personnel

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • To employ
  • To DBS check
  • HMRC We use the information you have given us to verify your employability in accordance with statutory obligation frameworks and GDPR.

Client

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • To confirm your geographic location.
  • Your subscriber communications.


We use the information you have given us to verify your geographic location in accordance with financial conduct authority (FCA) guidance on the sale and marketing of personal investment products.

How We Store and Share Your Information

Your information is stored in a secure, remote cloud server within the company infrastructure and hosted by our IT service provider, Next2IT within the UK. We keep personal information for the relevant times periods such as the life of your invest and then dispose your information in line with our data retention timeframes, which are aligned to legal frameworks.

Your Data Protection Rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.


You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Consent and opt in/out

Due to the nature of the businesses there may be times where we need your consent to process data, or ask you to consent to us or a third party supplier using your images/ recorded footage.

In these circumstances we will ask you for your consent before processing any of your data. If we do not ask for your consent then it will be due to us having a legitimate or lawful reason for the processing. The reasons can be found in the sections; what data do we collect, why we collect it and our data retention policy.

Safeguarding Measures

The 79th Group takes your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures in place, including:

  • Multi-factor Authentication (MFA)
  • Adherence to our Identity and access management Policy
  • Anti-malware and Ransomware technology and policies
  • Secure Sockets Layer/Transport Layer Security cryptographic protocols

Personnel

During the onboarding of new personnel we will ask for you to consent to the following:

  • Photography & Filming policy: You have the right to opt out of this at any time.
 

If you wish to opt out you can contact the HR Team.

Clients

During the onboard of clients we will ask you to consent to us processing your data for business related updates. This consent will either be requested through our application form or on the call with our investments team. You can change your mind for this decision at any point and you can do this by contacting us at: compliance@the79thgroup.co.uk.

Third Party

We will at times direct market via post, no personal data will be held within this marketing. If you do wish for us to cease our direct marketing. The request can be sent via email, our postal address or telephone.

SAR (Subject access Request)

In the event that a data subject wishes to submit a subject access request, this can be done by:

  • Asking in writing via our postal address Southport Business Park, Wight Moss Way, Southport, PR8 4HQ, United Kingdom or compliance@79thgroup.co.uk
  • The request should include; the email linked to the data subject, the data subjects full name and contact number, the reason for the request and the specific data requested
  • Extra DPA due diligence may be required in the event of a SAR request
  • Once the request is received in writing, the compliance Team will collate all information regarding the data subject
  • The request for information must be deemed as a reasonable request in line with the ICO guidance
  • Redactions will be made in appropriate circumstances where data is business confidential or involves another data subject
  • The SAR will be acknowledged within 10 working days and the request will be sent within 30 days via the data subjects preferred communication method

Data Accuracy & Rectification

The 79thGRP is required under GDPR to ensure all data that we hold for personnel, clients and third parties is up to date and accurate. This will be done in accordance with ICO guidance. The data subject is responsible for informing us when personal data is required to be updated.

Employees

The 79th GRP uses information provided from employees, this is mostly stored on People HR and Sage. If data is inaccurate then you either need to change these details yourself or raise the changes to the HR Team. We will work to get these changes made as soon as we can without delay.

Client

The 79th GRP needs to ensure that client data is accurate at all times. If your information does need changing then a request should be sent to your relationship manager or investments@the79thgroup.co.uk. We will update this information as early as possible but there may be some circumstances where we require proof of the change, such as change of name due to marriage. We would request that this is sent along with the request in order.

Third Party

If we hold data on you that you deem as inaccurate you can get in touch via compliance@the79thgroup.co.uk.

Data Portability

The 79th GRP will accommodate a request to data transfer if the request is within the companies means to do so. If you do request data to be ported or transferred the request must be made to compliance@ the79thgroup.co.uk We will provide the information in an appropriate format within business capacity.

Data Retention Periods

Personnel

We will comply with the data retention periods set out GDPR 2016, DPA 2018 ICO, FCA guidelines as well as governing body guidelines in other jurisdictions.

Client

We will comply with the data retention periods set out GDPR 2016, DPA 2018 ICO, FCA guidelines as well as governing body guidelines in other jurisdictions.

Third Party

We will comply with the data retention periods set out GDPR 2016, DPA 2018 ICO, FCA guidelines as well as governing body guidelines in other jurisdictions.

Data Retention

Under ICO guidance in alignment with GDPR 2016 and DPA 2018 we will not keep personal data for longer than necessary.

We will in most circumstances keep personal data for 5 years in line with GDPR. The exception to this being if data is held for other supervisory/ regulatory purposes. For a full list of data retention periods, this can be found in the table below.

We will review annually the data we hold and if we can we will erase or anonymise the data. This data retention policy does not effect individuals rights to exercise their other rights in accordance to GDPR 2016.

Type of DataSpecifics of DataGoverning BodyRetention
Period
Personnel• Material status
• Contact number
• Personal email address
• Health/medical information
• Emergency contact details
• Biometrics
• DBS results
• Passport information
ICO5 Years
Personnel• Title
• Full name
• Nationality
• Date of birth
• Banking information
• National insurance tax codes
• Home address
• Pension scheme information
• Government repayment plans
• Maternity/paternity/dependant information
• Joint account holder information
HMRC 7 Years
Client• Drivers license
• National identity card
• Proof of address
• Proof of source of funds/wealth
• Demographics
• Marketing preferences
ICO5 Years
Client• Title
• Full name
• Address(es)
• Employment details
• Date of birth
• Nationality
• Passport details
• Marketing preferences
HMRC 7 Years
Third Party• Contact phone number
• Employment details
• Date of birth
• Nationality
• Passport numbers
• Drivers licence
• National identity cards
• Demographics
• Marketing preferences
ICO5 Years
Third Party• Full names including title
• Address(es)
• Date of birth
• Nationality
• Proof of address including bank statements and
utility bills
• Joint account holder information
HMRC 7 Years

Breaches

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the company shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website). If a breach involves your personal data we will inform you at the earliest possible moment along with actions we have taken to control and mitigate further risk to your data.

Personnel

If a member of personnel believes they have committed a data breach then they should report this to their direct line manager with no delay. If the line manager is either unavailable or unable to deal with the breach then they should notify the internal compliance department as soon as they are able to via the compliance@the79thgroup.co.uk email account.
If a member of personnel suspects that there has been a data breach that has not been handled accordingly. They can raise this to the compliance team.

If the breach is considered misconduct this will be investigated and handled in line with the disciplinary procedure.

Third Party

If the breach is caused by a third party supplier, we expect the supplier to inform us at the earliest possible opportunity without delay. We also expect a full investigation into the breach and appropriate action taken to control and mitigate further risks.

How To Complain

If you have any concerns about our use of your personal information, you can raise a complaint to us at:

Southport Business Park, Wight Moss Way, Southport, PR8 4HQ, United Kingdom

You can also raise a complaint with the ICO if you are unhappy with how we have used your data.


The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: www.ico.org.uk