Privacy & Data Protection Policy
Adam Cumberland, believes that maintaining our clients trust and confidence is a high priority. We understand that privacy is an important concern for both clients and visitors to our web site(s). Whether you are a client of Adam Cumberland, or just visiting our web sites, we would like to take the opportunity to explain how we work to protect your privacy in the event we collect, retain and use information about you, and the steps we take to safeguard that information.
By registering for any services on this Web site or by providing any information to us, you consent to the collection, use and transfer of your information under the terms of this policy.
Overview about visiting Adam Cumberland's web site
No personal information is retrieved from our servers when a client or visitor browses the public (pre-login) areas of our web sites. Although we may use web site usage data to improve the content and services offered to our web site visitors, such data is reported on an aggregate, anonymous basis with no personal information associated with such gathering of data. Typical data may include: how many people visit our web sites; the pages they visit; how long they stay on our web sites; and the domain name of the site visitors connect from e.g. google.com.
In the event you access a third party web site via a link on our pages then associated cookies might also be created when you access these sites. Adam Cumberland will not have access to these cookies or any information that these cookies may contain. Although we would expect third parties to adhere to a suitable privacy policies and terms and conditions of use, we are not responsible for the actions or policies of such third parties. Accordingly, you should contact the third party site for more information on their policies regarding cookies.
Adam Cumberland Data retention, security of information collected, internet based transfers and disclaimer
We will retain your information for a reasonable period or as long as the law requires. In accordance with the UK's Data Protection Act 1998, we employ strict physical, electronic, and administrative security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both on-line and off-line.
Given that the Internet is a global environment, using the Internet to collect and process personal information necessarily involves the transmission of data on an international basis. Therefore by browsing this Web site and communicating electronically with us, you acknowledge and agree to our processing of personal information in this way.
Whereas we employ reasonable measures to protect against viruses and other harmful components, the nature of the internet is such that it is impossible to ensure that your access to the Web site will be uninterrupted or error-free, or that this Web site, its servers or emails which may be sent by us are free of viruses or other harmful components.
Whether you are a Adam Cumberland client or a visitor browsing our web sites, and you submit / request information from one of our non-public areas (login & password / token protected areas) such as our online account forms, or trading statements please note that we use Secure Sockets Layer ("SSL") encryption technology to protect the information you submit.
This technology helps protect you from having your information intercepted by anyone other than Adam Cumberland while it is being transmitted to us. We strive to ensure that our web sites are and remain secure and that they meet the highest possible industry standards. In addition to SSL encryption technology, we use a variety of other safeguards such as firewalls, authentication systems (e.g. passwords, tokens etc) and access control mechanisms to control unauthorized access to our systems and data.
The contents of this Web site are designed to comply with the general obligations of the European Directives on Data Protection and E-Privacy. We cannot be responsible for non-compliance with any local advertising or other laws in relation to this Web site or its contents.
Adam Cumberland restricts access to Personal Information about you.
To protect the security of Personal Information, we maintain physical, electronic, and procedural safeguards that comply with regulatory standards for securing the information we collect about you. (as detailed previously).
The use of hyperlinks
Adam Cumberland's web site may contain hyperlinks or "links" to third party sites, and other sites may also "link" to our sites. Any web sites linking to and from our sites may have privacy practices different from Adam Cumberland's. Our web site Privacy Statement applies solely to information collected by our web sites. Adam Cumberland is not responsible for the privacy policies or the content of sites you link to, and we have no control over the use or protection of information provided by you or collected by those sites.
Personal information (Non-Public)
In the event visitors to our web site choose to provide Adam Cumberland with non-public personal information about themselves (e.g., name, address, phone number, email address) for the purpose of receiving additional information about our products and services, or if you are a Adam Cumberland client and we obtain from you or from other sources non-public personal information about you in the course of providing you with our products and services, we will take the following steps to safeguard such non-public personal information ("Personal Information").
Information we collect, In order to provide you with financial products and services, or information about such services, Adam Cumberland may collect the following types of Personal Information:
Information we receive from your introder (if applicable) or from you on account applications, whether written or electronic, or on other forms (including on-line forms) and every time you email us or provide us with your details in other ways (i.e. over the telephone, by fax, by mail etc.). This information would include, but not be limited to, such details as: your name, address, landline or mobile telephone numbers, fax number, e-mail address, social security or national insurance number, your date of birth; company name and contact details; income, investment experience; details of the ways in which you are happy to receive information from us and/or selected third parties etc.
Information about your transactions with us, our affiliates, or others. This information could include your trading history through us, our affiliates and others, your history of meeting margin calls, and your use of the various products and services that we and our affiliates provide.
Information about you obtained in connection with our efforts to protect against fraud or unauthorized use of your account(s) with us. Information automatically collected about your visit to our Web site. Information relating to your selection of a user ID for the use of some of our services or activities.
You will find that it is not compulsory to provide us with any additional information we request which is not necessary or reasonable in order to provide you with the services you have requested.
Use of Information Collected - We hold your personal information in order to open and manage your account with us. In addition this information will enable us to review your needs on a regular basis thereby assisting us in providing you with the level of customer service you expect. It may also be used to provide you with new information or opportunities from us about our various products and services that we believe may be relevant to your needs.
Information we may disclose - The personal information you provide to us will be held on a server in the United Kingdom and may be accessed by or given to our staff and disclosed to unaffiliated third parties with which BMG is engaged in a joint marketing arrangement (see Who we may share your information with section below). The personal information disclosed to such unaffiliated third parties will include but not be limited to:
Information we receive from your Introducer (if applicable) or from you on account applications, whether written or electronic, or on other forms (including on-line forms) and every time you email us or provide us with your details in other ways (i.e. over the telephone, by fax, by mail etc.) .
This information would include, but not be limited to, such details as: your name, address, landline or mobile telephone numbers, fax number , e-mail address, social security or national insurance number, your date of birth; company name and contact details; income, investment experience; details of the ways in which you are happy to receive information from us and/or selected third parties etc.
Information about your transactions with us, our affiliates, or others. This information could include your trading through us, our affiliates and others, your history of meeting margin calls, and your use of the various products and services that we and our affiliates provide.
Who we may share your information with
Adam Cumberland will NOT disclose the types of Personal Information listed above to the following types of third parties:
Companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements to sell Adam Cumberland products or services; Financial service providers, such as introducing brokers, broker-dealers, futures commission merchants, investment companies, investment advisers, commodity trading advisors, and commodity pool operators;
Publishers and other direct marketers of products related to the financial services industry, such as newsletter or book publishers and software or trading system developers; Government bodies and law enforcement agencies; Successors in title to our business; We may also disclose Personal Information to other non-affiliated third parties as permitted or required by law, such as in response to a subpoena or legal process or in order to complete a transaction which you initiated and authorised,
You should be aware that countries outside the European Economic Area do not always have strong data protection laws. Therefore However In the event any transfer data is made to countries outside of the EEA, this will only be done to; countries with equivalent legislation and or organisations with the appropriate level of data security and or with your prior consent.
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
Accessing, Updating , Contacting Us and Your right to opt-out of information sharing
Under the Data Protection Act 1998, you are entitled to see the personal information we hold about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date.
Furthermore, if you prefer that we not disclose your Personal Information to unaffiliated third parties, you can choose to opt out of those disclosures. That is, you may direct us not to make those disclosures (other than disclosures permitted or required by law). However, this opt out will not apply to Personal Information disclosed about you to your Introducing Broker (if applicable), or any service provider necessary to effect or process any transaction in your account(s) with us (if applicable).
Online services - If you register for any of our online products or services, we will retain your user ID and password and other information about your use of our web site in order that we may recognise you as a registered user. We may also obtain your email address from you or from another source.
We may send you email offers for our as well as our affiliates' products and services. You may also receive emails from third party product and service providers we think may be of interest to you. All email offers we send to you include an opportunity to opt out from future email offers.
If you opt out from receiving email offers, we reserve the right to still send (via email or otherwise) important information about your account(s) with us (if applicable) and our products and services.
Web site privacy statement updates
As and when necessary we reserve the right to make changes to our Privacy Statement. We recommend that regular visitors to our web sites review this Web site Privacy Statement periodically to learn of any updates and changes that have been made to this Statement. Should you become a Adam Cumberland client by obtaining a user ID and password by completing account forms on-line, we will notify you of any changes we make to this Statement in the following manner.
The first time you log on to a non-public part of our web site after we have modified our Web site Privacy Statement, you will be required to click-through our revised Statement. Accessing your account information or placing an order will not be possible until you agree to the terms of the revised Statement.
This is a statement of the data protection policy adopted by Adam Cumberland. The responsibility for the updating and distribution of this policy rests with Adam Cumberland's Information Protection Officer. Our policy is subject to periodic review to ensure that changes to the relevant legislation or the structure or internal polices of Adam Cumberland are reflected into this policy. All directors and staff are expected to apply the policy and to seek advice or consultation as appropriate.
In the normal course of commercial operations Adam Cumberland needs to collect and retain certain types of personal data (both public & non-public) from a variety of sources including clients, prospective clients, personnel, suppliers, business contacts, Introducing Brokers, finance companies, credit reference agencies, internet users and others who Adam Cumberland conducts business with. For the purpose of this policy these will be referred to as ("Data Subjects"). In addition, to ensure Adam Cumberland complies with its regulatory obligations it may be required by law to collect and use certain types of information.
Personal Data means data which relates to a living individual who can be identified from that data or from that data combined with other information which is in the possession of, or is likely to come into the possession of, the data controller. The data controller for the purpose of this note is Adam Cumberland.
Under the Act personal data must generally not be processed at all unless an entry has been made on the notification register maintained by the UK Information Commissioner. Adam Cumberland has made this notification and is registered under reference number 7043217200. In order to ensure continued compliance, Adam Cumberland will regularly review the scope of these notification entries to ensure that they are kept up-to-date if the way in which Adam Cumberland uses information changes throughout the year.
All personal data must be dealt with correctly, as provided for by the safeguards in the Data Protection Act 1998 ("DPA"), however it is ascertained, recorded and used. This applies equally whether the data is held electronically, on paper or by other means.
In addition to any legal consideration, Adam Cumberland believes the lawful and correct treatment of all personal data (non-public) is an essential step in building and maintaining confidence to everyone concerned including both staff, clients & business associates alike. With this in mind we need to ensure that our company treats personal data in a lawful and correct manner.
In light of this Adam Cumberland fully endorses and endeavours to comply with the eight principles set out in the DPA which govern the processing of personal data.
The Eight Principles of the DPA and application of those principles by Adam Cumberland.
The eight data protection principles under the Act and some examples of practical steps taken by Adam Cumberland to help ensure compliance with the principles (by the application of appropriate management structure and strict use of criteria and controls) are set out as follows: Personal data shall be processed fairly and lawfully. This principle is an overarching one which impacts upon each of the other principles below.
In particular processing will not be fair and lawful if the data subject has been deceived or misled as to the purpose or purposes for which their personal data will be processed. BMG will therefore ensure that certain information, known as "Fair Processing Information", has been provided to the data subjects before processing takes place (i.e. on their data collection forms).
This information must include the following: the identity of Adam Cumberland as the data controller; the purpose(s) for which the data will be collected by and processed by Adam Cumberland; and any other information that is necessary to enable the particular processing to be fair (some of which are required by the other data protection principles as set out below).
For example: The recipient or categories of recipient of the data including all those third parties that Adam Cumberland disclose data to or who process data on Adam Cumberland's behalf (e.g. to financial and legal advisors, payroll and pensions processing companies, consultants working on Adam Cumberland's behalf and governmental authorities);
whether (or not) any of the intended recipients of the data are outside the EEA; whether replies to questions asked by Adam Cumberland are obligatory for justifiable operational reasons; the existence of the right of access to, and the right to rectify, the data; the use of the personal data for credit checking purposes; the use of the personal data for direct marketing purposes; the security measures implemented by Adam Cumberland regarding the processing;
Adam Cumberlnad's policy on record retention (how long records are kept and any steps taken to ensure that records are accurate and kept up to date); Adam Cumberland's contact details; explaining how consent, once given, can later be withdrawn etc.
In addition to providing the Fair Processing Information, to ensure that all processing is fair and lawful Adam Cumberland will also ensure that the processing in question can be justified under certain conditions set out under the Act. This means that at least one of the following, what are known as "Fair Processing Conditions" must be met:
The data subject has given freely given specific and informed consent to the processing;
The processing is necessary for the performance of a contract to which the data subject is a party, or for the taking of steps at the request of the data subject with a view to entering into a contract; The processing is necessary for compliance with any legal obligation to which the Adam Cumberland is subject, other than an obligation imposed by contract;
The processing is necessary in order to protect the vital interests of the data subject; or The processing is necessary (a) for the administration of justice, (b) for the exercise of any functions conferred on any person by or under any enactment, (c) for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or (d) for the exercise of any other functions of a public nature exercised in the public interest by any person.
In the case of 'sensitive' personal data (i.e. personal data concerning a Data Subject's racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition (which will include employee's health records), sexual life or the commission or alleged commission of any offence or proceedings for any actual or alleged offence, the disposal of such proceedings or the sentence of any court in such proceedings) this may only be collected stored, used, disclosed or otherwise processed if, in addition to the requirements set out above one of the following conditions is met:
The data subject concerned has given Adam Cumberland specific written consent to process the personal data;
Adam Cumberland needs to process the personal data to carry out its obligations under national employment law;
Adam Cumberland needs to process the personal data to protect the individual (or another person) where that individual is physically or legally incapable of giving his consent (e.g. where an individual has been involved in a road accident or develops a health condition); or
The processing relates to personal data which has been made public by the individual concerned or is necessary for legal claims.
Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
Adam Cumberland has set up internal procedures to identify the collection points of data (e.g. websites, application forms, emails, CCTV, application forms etc.), the nature of the data collected and the purposes for which such data is processed. Adam Cumberland will give data subjects the Fair Processing Information when data is collected or obtained. Adam Cumberland will ensure that personal data is not used for reasons not set out in the Fair Processing Information without ensuring that one of the Fair Processing Conditions is met.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed. In order to process data in a way which is compatible with the purposes for which it is processed Adam Cumberland will, for example:
periodically review data collection procedures to ensure that they are adequate, relevant and not excessive in relation to the purpose for which data is going to be processed; review requests for personal data, to ensure that all data which is supplied is necessary or whether it can be destroyed; periodically review personal data held in manual filing systems and computerised filing systems to ensure that Adam Cumbertland is holding no more than the minimum of data required for the purpose for which the data was collected; and ensure that if employees are allowed to enter free text onto records, training is given to them to ensure its relevance.
Personal data shall be accurate and, where necessary, kept up to date Adam Cumberland will check that personal data is accurate, complete and current by, for example: keeping a record of the dates on which personal data is created and/or obtained both manually and electronically; assessing the accuracy of the personal data at the time of collection when it comes from sources other than the data subject concerned and, in any case, reviewing the accuracy of personal data before it is entered into any filing systems; ensuring that where personal data is duplicated and held separately (e.g. at a different locations or in a different department)
any updates or amendments are communicated to all holders of the personal data and that the personal data is updated/amended accordingly; and checking personal data periodically to ensure that it is accurate and up to date and to evaluate the degree of damage to the data subject (and Adam Cumberland) which could be caused through inaccurate or out of date personal data being held. This could be done by putting a procedure in place which provides that when a record is accessed, the individual accessing the file has to sign off that they have briefly reviewed the entire file and removed/amended any inaccurate personal data.
Personal data processed for any purpose or purposes shall not be kept for longer than necessary for that purpose or those purposes Adam Cumberland will comply with this principle by, for example: reviewing personal data periodically to determine whether retention is justifiably necessary for legitimate business purposes or whether the personal data can be archived or destroyed; and ascertaining whether such personal data could be retained in an anonymous format (e.g. if kept only for historical or statistical purposes). Determining the integrity of the personal data used and ensuring that records are not maintained for longer than is necessary.
Personal data shall be processed in accordance with the rights of data subjects under the Act Adam Cumberland will inform data subjects of: the obligatory or optional nature of the personal data requested (e.g. optional fields could be marked with a star which indicates that such personal data may be used for future marketing activities; and
how Data Subjects can contact Adam Cumberland with any enquiries or complaints about the processing of personal data and the choices and the means offered by Adam Cumberland for limiting the use and disclosure of personal data .
Adam Cumberland has also established suitable procedures to enable an individual to find out whether personal data (of which that individual is the data subject) is being processed by or on behalf of Adam Cumberland and if so what such personal data comprises. Such a request by an individual must be in writing and Adam Cumberland may be entitled to charge a small fee for responding to such requests. Adam Cumberland has t rained staff to recognise subject access requests from data subjects and to respond to these in accordance with the DPA and particularly in accordance with the statutory time limits.
Where Adam Cumberland obtains personal data about an individual from a third party (e.g. from a marketing company) Adam Cumberland will inform the data subject as soon as practicable that it is holding the personal data and set out the purposes for which such personal data will be held. This will not, however, be necessary where the third party has already informed the data subject that their personal data will be passed to Adam Cumberland and identified these purposes.
Adam Cumberland will obtain specific written consent from data subjects to use their personal data for non-obvious purposes such as for direct marketing at the time data subjects are first asked to provide personal data (or as soon after as is practicable) i.e. through a data protection notice on data collection forms (e.g. on website registration forms, application forms etc).
Adam Cumberland will inform data subjects if it intends to use their personal data for a purpose which is different from those for which the personal data was originally collected or where it intends to disclose personal data to a third party who has not previously been authorised by the individual concerned.
Adam Cumberland will ensure the rights granted to the people about whom personal data is held are upheld, including such issues as their right to be informed that processing is being undertaken, their rights to access such personal data, and their rights to correct or have deleted personal data that is determined as wrong personal data.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
In order to protect personal data stored by BMG from being lost, misused, accessed without authorisation, disclosed, altered or destroyed, Adam Cumberland will, for example:
ensure that all necessary technical & structural security measures are undertaken to safeguard personal data; promote awareness of data security among employees and where possible, conduct training in security responsibilities and issues; only authorise individuals to access personal data where they have a business need to do so, where they are reliable and where they have the appropriate knowledge to make decisions concerning how it should be handled (i.e. carry out background checks and conduct training to ensure that individuals understand their responsibilities, particularly surrounding confidential information and special categories of data).
Adam Cumberland will also segregate employee duties to ensure that responsibility for sensitive tasks is appropriately controlled; monitor access to personal data to prevent violations, intentional or accidental damage or disclosure; identify potential security risks and exposures within the company and implement appropriate security measures to counter those risks (e.g. Adam Cumberland will (i) only give employees access to personal data where they are authorised and have a legitimate business need to do so;
(ii) create a system of secure cabinets within locked rooms; (iii) maintain a clear desk policy; and (iv) where possible use partition screens in open plan areas); ensure that where personal data is taken off-site (e.g. on laptop computers or hard copy files), only necessary personal data is taken and that training is given on security rules which employees must follow (e.g. ensuring the personal data is not left in an unlocked car or unattended in a place where it could be viewed by others etc); that: (i)
computer servers are set up to optimise security; (ii) all systems passwords/ authorisation levels etc. are periodically reviewed to ensure that they are assigned to appropriate staff; (iii) where possible, audit trail capabilities of automated systems are used to track who accesses and amends personal data; and (iv) account is taken of the risks of transmitting confidential information by fax, by e-mail or via the internet; implement procedures to stop all employees whose employment has been terminated or transferred and any third parties (e.g. contractors) who are no longer used, from accessing systems used to process personal data;
and ensure that where the processing of personal data is carried out by a data processor on Adam Cumberland's behalf it chooses a data processor providing sufficient guarantees in respect of the technical and organisational security measures governing that processing and takes reasonable steps to ensure compliance with those measures. Such processing must be carried out under a written contract with appropriate obligations as required under the Act, for example, ensuring that the data processor is to act only on the instructions of Adam Cumberland.
Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
Adam Cumberland will ensure that the transfer of personal data abroad is only done once suitable safeguards have been made. This will be where either one or several of the following conditions applies; The data subject has given specific consent and or The transfer is to a country that offers an adequate level of protection, such as countries within the EEA, Switzerland, Canada, Argentina, Isle of Man, Guernsey, (Please note this list is not intended to be exhaustive and is subject to alteration & addition by the Data Protection Commissioner.) and or The transfer is to a US based company which has signed up to the scheme; and or by using binding Corporate Rules which are aimed at multinational organisations.
Information Protection Officer
To enable Adam Cumberland to achieve its objective of compliance with the principles of the DPA we have appointed a designated Information Protection Officer with specific responsibility for data protection who will act as the central focus for all issues relating to data protection and report directly to the Board . This will help to ensure that issues are dealt with in a uniform manner.
The Information Protection Officer will be responsible for identifying information, implementing appropriate data protection measures to comply with applicable law and maintaining those measures at appropriate levels so that the cost of protection does not outweigh the value of the information to BMG, training and briefing employees and third parties as to the data protection measures in place, liaising with business functions to resolve any issues which may arise and notifying the national data protection supervisory authority.
The information protection officer can be contacted by writing to:
Adam Cumberland, 27 Gloucester Place, London, W1U 8HU
or via email at email@example.com
Please note that due to potential sensitivity of personal data we cannot process enquires in the first instance by telephone.