Triple Point Group Privacy Policy
Triple Point Investment Management LLP (“TPIM”) is part of the Triple Point group of companies (the “Triple Point Group” or “TPG”). It is a regulated financial services business with Financial Conduct Authority (“FCA”) number 456597. It is registered in England and Wales with company number OC321250 and is registered with the Information Commissioner’s Office (“ICO”), number Z1021055. ‘Triple Point’ is a trading name of TPIM and is used by other members of the Triple Point Group.
Triple Point Administration LLP (“TPAL”) is a regulated business with FCA number 618187. It is registered in England and Wales with company number OC391352, and is registered with the ICO, number ZA049704.
All of the above entities are part of the Triple Point Group and are all based at Triple Point’s head office at 1 King William Street, London, EC4N 7AF.
Please take the time to read this Privacy Policy, which forms part of our standard terms and conditions for all products and services across the TPG, including those branded Triple Point Income Service (“Terms and Conditions”).
If you have any further questions about our Privacy Policy, or our use of your personal information, you can contact us at:
Compliance Team
Triple Point Group
1 King William Street
London
EC4N 7AF
Telephone: 020 7201 8990
Email: contact@triplepoint.co.uk
This Privacy Policy sets out how we collect and use your personal information. We recognise the importance of maintaining the privacy and security of your personal information and are committed to doing so responsibly.
Personal information is any detail about you that can be used either on its own, or with other data, to identify you.
For the purposes of:
TPG (and the relevant TPG company with which you contract) is the data controller of your personal data.
Personal information may be given to us directly by you, or by individuals or companies that act on your behalf to share such information with us (e.g. if you use an Independent Financial Advisor). Alternatively, we may receive or collect information from other sources, such as data created when you visit our websites or information received when we request identity checks for anti-money laundering purposes to comply with our regulatory obligations.
Categories of personal data that we may hold may include:
We may also collect the following special categories of personal data where it is necessary for the purposes set out in this Privacy Policy (please also see the section on ‘Special Categories of Data’ for more details about how we process this type of personal data):
If any of your personal details change, please notify us promptly.
You can do so in some cases by logging into your online account and updating your details there directly, e.g. with Triple Point Income Service accounts.
Alternatively, you can email contact@triplepoint.co.uk to advise us of any changes.
In some cases, such as a change of name, further supporting information may be required to enable us to comply with regulations before we can record the changes. We may also seek to verify certain information by telephone for the purpose of data security and avoiding fraud.
We use personal information for the following purposes:
We need a lawful basis to collect and use your personal data under Data Protection Law. In the United Kingdom, the UK GDPR establishes six legal bases on which we can rely to process your personal data (there are additional requirements for special category data). This includes processing information on the basis of:
Personal information may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. Triple Point’s legitimate interests include responding to solicited enquires, providing information, research, fraud prevention, credit checks, training and monitoring, statistical analysis and employment and recruitment requirements. Unless otherwise stated in this Privacy Policy, the lawful basis for our use of your personal data will primarily be that this information is required for one or more of the legitimate interests described above.
If you would like to change our use of your personal data, please get in touch with us using the details in the “Contact us” section below.
In certain circumstances, in order to provide some services to you (or as part of our recruitment processes), we may need to process types of personal data that the relevant Data Protection Law considers falling into a special category (“special category data”).
Special category data is personal data that needs more protection because it is sensitive. Data Protection Law defines it as including the following categories of data:
We will only ever process special category data in a manner that is permitted under Data Protection Law and under the following circumstances:
In most circumstances, we will not need you to send us any reports or documents about you that contain a special category of data (for example, letters from your doctors or care providers). You should never send these to us unless we specifically ask you to do so.
Your data may be accessed by different parts of, or companies within the Triple Point Group.
We may disclose your information to third parties:
If we share your information with third parties, we will ensure they are obliged to process your information in compliance with applicable data protection legislation (or, if such legislation is not deemed to have equivalence with the Data Protection Laws, in compliance with the requirements for a restricted transfer pursuant to the UK GDPR – more information in respect of which can be found on the ICO’s website here). We will only provide such third parties with the information they need for the purposes set out above.
Where information is provided for the purposes of our candidate screening and/or hiring processes, and has been provided via our third party ATS platform, it will be retained for a period of 1 year after the relevant process has concluded, unless we have expressly agreed otherwise with the relevant candidate (or is otherwise being retained in compliance with our internal data retention policies/procedures). We will seek to retain such information to enable us to promote new opportunities to unsuccessful candidates, to answer queries from the relevant candidate and carry out statistical analysis. Candidates will have the ability to opt out of our (and our subcontractor's) continued retention of their data (albeit some data may be retained for legal or regulatory reasons or as part of our, or our subcontractors', automated archive and/or disaster recovery systems, wherein which the deletion of such information in full or in part may impair or otherwise impair the workings of such systems).
Our websites may contain links to other sites, content, or videos (embedded or direct links) that are maintained by third parties. If you follow a link to any of these websites, please note that such sites are not maintained or controlled by us, and those third parties will have their own privacy policies, which will apply at that point.
We are committed to ensuring the responsible handling and security of personal details held.
Once we have received personal data, we use a variety of manual and automated procedures to ensure it is secure and to prevent unauthorised access, unlawful processing, accidental loss, destruction, or damage of your data.
Your personal data is stored on our secure servers or those of our suppliers which may be situated outside of the European Economic Area (“EEA”). Your information may also be processed by staff who are based outside of the EEA for the purposes set out in this Privacy Policy. Where we transfer personal information outside of the EEA we will ensure that adequate contractual safeguards are in place (e.g. the European Commission’s standard contractual clauses or “model clauses” or the UK GDPR’s standard contractual clauses and international data transfer agreement), to ensure the security of your personal information is maintained when the third party processes it.
We remind and urge you to adopt responsible best practices for your passwords and your own data security more generally. We have set out certain requirements in our Terms and Conditions.
We also remind you that the transmission of information over the internet is not secure and whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted electronically to us; such transmission is at your own risk. Email technology has unfortunately evolved without native encryption (sending an email is often compared with sending a postcard through conventional mail) therefore, please do not email personal information or login details that you would be concerned about were it to be intercepted. We ask that you re-confirm important information like bank account details by telephone as a precaution against interception.
We will keep your personal information for no longer than is necessary for the purposes for which it is processed, in accordance with our internal policies.
The length of time that TPG will keep data will depend on:
For example, the FCA requires us to retain records about your identification for a period of at least 5 years (but potentially up to 7 years) after our relationship with you has ended, and statutory limitation periods for any potential disputes can last up to 12 years.
Once the retention period has expired, the information will be confidentially disposed, permanently deleted, or in some cases archived.
Please note that we cannot commit to removing any information that:
Aside from our own policies and approaches to data, you have various rights by law which are set out below:
You have the right to know what information we hold about you and to ask to see your records. There are some exemptions, which means you may not always receive all the information we process, and there are specific statutory timeframes within which we are required to reply to any valid SAR.
Article 15, UK GDPR provides a data subject with the right to obtain from a data controller “confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to said personal data …”. Consequently, we will only conduct such searches as are necessary to identify instances of the relevant data subject’s personal data within our records and will only provide such documents and data as are relevant to their request.
We will not usually charge you for a SAR (unless we think your request is manifestly unfounded or excessive, which is assessed on a case-by-case basis). You will, however, be asked for proof of identity as the person dealing with your request may not be a staff member you have met before. We need to be sure we are only releasing your personal data to you or to a party authorised by you to receive such information (such as a ).
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing to your business email).
In certain situations, you have the right to ask for processing of your personal data to be restricted, for example, because there is some disagreement about its accuracy or legitimate usage.
In some cases, you have the right to be forgotten i.e. to have your personal data deleted from our database. Where you have requested that we do not send you marketing materials, we will need to keep some limited information in order to ensure that you are not contacted in the future.
Please note, whilst we will do our best to affect any request to erase a data subject’s information, we cannot commit to removing any information that:
If you believe our records are inaccurate or incomplete, you have the right to ask for those records concerning you to be updated.
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
You also have the right to make a complaint directly to the relevant supervisory authority, which in the UK is the ICO. You can find details about how to do this on the ICO’s website at: www.ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.
You can also complain directly to us at the contact details below.
Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time.
To discuss or exercise any of these rights, please let us know in accordance with the “Contact us” section at the end of this Policy.
We will try our best to respond to all legitimate requests without undue delay and, in any event, within one calendar month of our receipt of said request. In some cases, it may take us more than a month to deal with a request (for example, if it is particularly complex or you have made several requests). We will inform you within the first month whether we will need more time and the reasons for this.
If you have any concerns or further questions about our Privacy Policy or would like to exercise one of your rights, please get in touch by writing to us by:
Post:
Compliance Team
Triple Point Group
1 King William Street
London
EC4N 7AF
or
Email:
Finally, we do welcome and value all feedback, both positive and negative, and if you have any feedback for us please let us know.