Executive Summary
This is a summary of how Strix Asset Management Limited and other Strix Asset Management Limited group entities (“Strix”), (“we”, “us”, and “our”) process personal data. Please contact us using the details at the end of this notice for more information regarding the specific Strix entities covered by this privacy notice.
Who is this private notice for? This privacy notice applies to current or previous clients, prospective clients, intermediaries or clients of intermediaries, and any associated parties.
Why we collect personal data: We collect your personal data in the course of providing our services.
Where we collect personal data from: We may collect personal data directly from you, our staff, third parties or our clients. This is likely to be done face-to-face, by post, over the phone or online.
What personal data do we collect? Types of data that we collect include personal details, financial data, identification and address verification documents, special categories of data and sensitive data, technical data from your personal devices, and any other information which you choose to provide.
What we use personal data for: We only use personal data for necessary and proportionate purposes. These include for advising you from the time you are a prospective client to the time we onboard you as our client, carrying out suitability assessments and anti-money laundering checks, managing and administering your accounts, managing relationships with intermediary firms, recording calls for regulatory compliance reasons, marketing and events, handling feedback, requests, queries and complaints, and improving the quality of our products and services.
Our legal basis for processing personal data: As a controller, we ensure that we and our processors process personal data lawfully. Most commonly, we will process data to perform a contract with you, to comply with a legal or regulatory obligation, in our or your legitimate interests or with your consent. We may rely on other lawful bases from time to time, including where we process sensitive or special categories of data.
Who we can share personal data with: We will share personal data with our group companies, as well as third parties including our business partners, service providers, credit reference agencies, government bodies and regulatory authorities. Your data is likely to be shared within and outside of Ireland and the EU. In cases where data is shared outside of Ireland and the EU, we ensure that appropriate safeguards and transfer mechanisms are in place.
How long we keep personal data for and our security measures: We keep your data until the purpose for which it was collected is fulfilled and in line with our policies on retaining data. We may need to keep certain data for longer to fulfil any legal, regulatory or reporting requirements. Your data is processed and stored securely in our systems, and, in the unlikely event of a data breach, we would take appropriate steps to notify the regulator or you where applicable.
Your rights: You can exercise your rights or make a query or complaint about the way we handle personal data by using the contact details in the “Contact Us” section of this Privacy Notice.
Cookies: For information about how we use cookies, please see our Cookie Policy.
Marketing: If you would like to update your contact details or update any of your communication preferences, please get in touch with your usual contact at Strix by phone, post, or email. Please allow 14 days from receipt of your information for any changes to be reflected across our systems.
1. About this Privacy Notice
This privacy notice applies to current or previous clients, prospective clients, intermediaries or clients of intermediaries, and any associated parties, and explains how Strix Asset Management Limited (“Strix”) and certain of its group entities, (“we”, “us”, and “our”) process personal data. Please contact us using the details at the end of this notice for more information regarding the specific Strix entities covered by this Privacy Notice.
The purpose of this Privacy Notice is to outline how we process personal data, including special categories of data, and the legal basis on which personal data is processed by us. It is important that those whose personal data we process read and understand this Privacy Notice.
Please note that this Privacy Notice provides an overview of how we process personal data and we may provide further information in just-in-time privacy statements during the course of your interactions with our people and services.
2. Data controller
For the purposes of applicable data protection law, in particular the General Data Protection Regulation (“GDPR”) and the Irish Data Protection Acts, your data will be controlled by Strix or the relevant affiliate or subsidiary undertaking that you have instructed, that is providing services to you, or that is communicating with you, and each such entity is regarded as an independent data controller of your personal data.
3. Sources of data collection
Directly from you or our employees
We collect and process personal data to provide our services to you. This data may be collected directly from you or by our employees, on your behalf.
Third parties
We may process personal data collected from, and relating to, third parties, for example, public sources, a pension or product/service provider, intermediaries, financial advisers, dealers, brokers, introducers and authorised representatives acting on your behalf such as a family member or legal representative. This can include information about you and other individuals, such as your family, and may include information about your health, contact details and relevant assets, financial or policy details for the purposes of administering services we provide to you.
Our clients
We may process personal data about you that is provided to us by our clients.
Personal data is collected through paper or web forms or in face-to-face, phone or e-mail communications. During our client onboarding process and throughout our relationship with you it may be necessary for you to provide personal data, including special categories of data, relating to other people. Where this occurs, you must ensure that they understand how their information will be used, have given you their permission to disclose it for these purposes, and allow us and our partners and processors to process it as set out in this Privacy Notice.
4. Types of personal data
The type of personal data we collect will depend on the product or service we provide. We will only collect information that is adequate, relevant, and limited to what is necessary in relation to the purposes identified within this Privacy Notice. The table below outlines the categories of personal data we may process, with common examples. Please note that this is an indicative, non-exhaustive list, and the personal data we use may change over time.
Data category | Common examples |
Personal details | Biographical information Contact details Gender Marital Status Official identification documents National identification numbers Family circumstances and background Behavioural and lifestyle Education and employment history Organisational roles including trusteeships, directorships and partnerships Records of communications and correspondence including phone and video recordings Marketing and communication preferences Opinions, comments and feedback Any other personal information that you choose to share with us during communications e.g., opinions, holiday, and travel plans. |
Financial data | Current financial situation Financial history Financial planning Source of wealth and source of funds Billing and banking Tax Pension Insurance policies and positions Credit status Risk appetite and score Portfolio position and performance Records and logs of activities on your accounts Service, product and account information and history Ethical and investment restrictions Any other financial information that you choose to share with us |
Special category and sensitive data | Mental and physical health, including vulnerability Nationality Any other personal information that you choose to share with us, such as political or religious views and criminal convictions and judgements |
Anti-money laundering (“AML”) data | Official documentation to verify identity including: Identification documents (which may include photographic identification and signatures) Other official documentation on request Official documentation to verify address including: Bank statements Utility bills Other official documentation on request Source of wealth and source of funds Details for conducting Politically Exposed Person and Sanctions checks against relevant lists Adverse media reports Criminal convictions and judgements relating to, or resulting from, above checks or which you have told us about |
Anonymised data | In addition to the categories of personal data described above, we produce anonymised and aggregated data and information that is not processed by reference to a specific individual |
Cookies and technical data | We collect cookies from your device when you access and use our website. For more information, please see our Cookie Policy |
5. Purposes for processing
Our primary purpose of processing personal data is to provide our services to our clients. This includes onboarding clients, assessing suitability for financial products and services, providing investment advice, and sending information about marketing products, services, and events that you may be interested in. We will take steps to ensure that personal data is handled only by personnel that have a need to do so for the purposes described in this notice.
The table below provides examples of the purposes for which we process personal data and the lawful basis we rely on under Article 6, Article 9 and Article 10 GDPR and the Irish Data Protection Acts. Please note that this is an indicative, non-exhaustive list.
Process | Purpose of processing | Lawful basis for processing |
Prospective clients | “To take steps, at your request, prior to entering a contract with us in order to begin the process of onboarding you as a client To provide tailored information on our offerings to you as a prospective client and to market our services” | “Article 6 (1) (a) – Consent Article 6 (1) (b) – Performance of a contract Article 6 (1) (f) – Legitimate interests” |
Client onboarding | “To onboard you as our client and set up a file with your documentation, including information relating to vulnerability or health position if applicable, and to verify your identity. To execute our business relationship with you. For example, we ask you to complete a client risk questionnaire, before risk discussions in order to generate a risk appetite score (regularly reviewed and agreed by you) on which to base our services during the course of your relationship with us” | “Article 6 (1) (b) – Performance of a contract Article 6 (1) (f) – Legitimate interests Article 9 (2) (a) – Explicit consent Article 9 (2) (g) – Substantial public interest” |
AML checks | “To verify your identity and comply with legal obligations under AML legislation where applicable. To prevent, detect and report fraud, money laundering and other offences | “Article 6 (1) (c) – Compliance with a legal obligation Article 6 (1) (f) – Legitimate interests Article 9 (2) (g) – Substantial public interest Article 10 – Schedule conditions for processing” |
Suitability assessments | To ensure suitability for financial products and services including information relating to vulnerability or health position if applicable. Suitability is regularly reviewed throughout your relationship with us | “Article 6 (1) (c) -Compliance with a legal obligation Article 6 (1) (f) – Legitimate interests Article 9 (2) (a) – Explicit consent Article 9 (2) (g) – Substantial public interest” |
Management and administration of accounts, systems, services, products and offerings including via online and digital platforms | “To provide services, products or offerings, including online and digital, as requested To provide investment management and financial planning services to you directly or through third party intermediaries or representatives To effectively manage, administer and operate contractual arrangements and comply with instructions or requests on your behalf. We may use providers such as DocuSign to securely exchange information with you To analyse and report on the effectiveness of our operations and growth strategies to increase efficiency, innovation and maintain a competitive edge To administer fees and charges” | “Article 6 (1) (b) – Performance of a contract Article 6 (1) (c) – Compliance with a legal obligation Article 6 (1) (f) – Legitimate interests” |
Recording of telephone and video calls | “To comply with regulatory monitoring requirements under financial regulations by recording communications in phone calls and through Microsoft Teams. For training, quality and product and service development and improvement To use as evidence in the event of a dispute or as evidence in court” | “Article 6 (1) (c) – Compliance with a legal obligation Article 6 (1) (f) – Legitimate interests” |
Marketing and non-marketing communications and events | “To send appropriate marketing communications, knowledge and insight and recommend products and services that we think might be suitable for you or that we think is of importance, interest or relevance, including in response to requests from you via electronic mail or our website To invite you to face-to-face and online events and webinars that we think you may be interested in and manage your attendance, including updating you with key information such as date, time and location To ensure that where you have unsubscribed or ‘opted-out’ of certain communication types or channels, including marketing, we do not send such communications to you To notify you and associated parties about important changes to our services, products or offerings and provide non-marketing communications about valuations, statements and account information” | “Marketing & Events Article 6 (1) (a) – Consent Article 6 (1) (f) – Legitimate interests Non-marketing Article 6 (1) (c) – Compliance with legal obligation Article 6 (1) (f) – Legitimate interests” |
Automated decision-making | “To carry out marketing activities which may involve the use of segmentation tools provided by third parties To advertise our products and services using digital channels, including on the internet and social media” | “Article 6 (1) (a) – Consent Article 6 (1) (b) – Performance of a contract Article 6 (1) (f) – Legitimate interests” |
Handling complaints, queries and legal claims | To respond to complaints, legal claims, data breaches or data protection rights requests | “Article 6 (1) (c) – Compliance with legal obligation Article 6 (1) (f) – Legitimate interests Article (9) (2) (f) – Legal claims or judicial acts” |
Management and operations of technology and systems | “To enable quick and easy access to information on Strix services To maintain security of our systems and prevent fraud and offer proactive, up-to-date security for our technology services To obtain further knowledge of current threats to network security in order to update our security solutions To analyse, test, develop and improve our systems and services” | Article 6 (1) (f) – Legitimate interests |
Regulatory and internal compliance | “To comply with regulatory audit and reporting requirements To monitor the use of our copyrighted materials and comply with internal policies and procedures” | “Article 6 (1) (c) – Compliance with legal obligation Article 6 (1) (f) – Legitimate interests” |
CCTV surveillance | To use CCTV footage at some of our locations for monitoring and securing our premises, assets, staff and visitors | Article 6 (1) (f) – Legitimate interests |
Cookies and technical data | “To collect, through our technology security services, traffic and security reports, information and activity logs on the usage of our systems and services. For example, websites visited by users, documents downloaded, security incidents and prevention measures taken by the gateway To collect, analyse and report on technical information about the services that you interact with when visiting our websites, applications and online advertisement. For more information, please see our Cookie Policy” | “Article 6 (1) (a) – Consent Article 6 (1) (f) – Legitimate interests” |
6. Sharing of data
We share personal data internally with our employees, agents and service providers and other companies within the Strix group of companies, who are required to maintain the confidentiality of this information. Any transfer of personal data is based on a lawful basis, and we will only engage third parties that have appropriate technical and organisational measures to process, store, and safeguard personal data. While the third parties that we engage may change occasionally, the following table is an indicative, non-exhaustive list to help you understand the types of data sharing activities we undertake.
Third party | Purpose of sharing |
Blantyre Capital Limited, Piraeus Bank S.A., Likoma Holdings Limited | We are owned by Likoma Holdings Limited (which is a holding company that forms part of a fund structure managed by Blantyre Capital Limited, a UK FCA authorised investment firm) and Piraeus Bank S.A, a Greek credit institution. We share data with other group entities to operate and manage shared services, systems and suppliers, request information about services and offerings provided by another entity, to transfer or refer clients, to undertake client AML checks, to conduct internal reporting and to co-operate in the investigation and response to complaints, legal claims, data breaches or rights requests. |
Representatives | We may share information with authorised representatives acting on your behalf, such as a family member or legal representative. |
Suppliers and vendors | We outsource certain functions to third party suppliers and vendors to assist with our business operations and may share certain types of personal data in the course of business. This may include accountants, professional advisers, IT and technical support providers, communications providers and specialist financial service providers and platforms. |
Credit reference agencies and AML companies | We may undertake an electronic check to verify the personal identity information you have provided. The check will be undertaken by a reputable referencing agency or AML company which will retain a record of that check according to their retention policy. This information may be used by other firms or financial institutions for fraud prevention purposes. For example: LexisNexis |
Our business partners | We may share data with our business partners including intermediaries, financial advisers and pension or product/service providers, who provide you or your organisation with services alongside or related to those provided by us. Your information may be shared for the purpose of facilitating and hosting face-to-face and online events and webinars. We may also share information to co-operate in response to complaints, legal claims, regulatory authority requests, data breaches or data protection rights requests. |
Government departments, bodies or agencies | We may disclose information to any court or tribunal or government, regulatory, law enforcement, fiscal or monetary authority or agency where reasonably requested to do so or if required by applicable law, regulations or guidelines or in order to resolve queries, concerns or complaints. For example: The Irish Revenue The Gardai (Irish police) Central Bank of Ireland Data Protection Commissioner’s Office Financial Services Ombudsman Recipients may also include tax, law enforcement and regulatory bodies, and courts and judicial bodies in other countries, such as the UK, where applicable. |
Prospective buyers or sellers | In the event we decide to sell any of our business or assets, or buy another business or its assets, we may share information for due diligence purposes. If we are acquired by a third party, personal data held by us about you will be disclosed to the third-party buyer. |
Debt collection agencies | We reserve the right after notifying you to refer a debt, which you are unable or unwilling to pay, to a debt collection agency to recover our funds and any costs incurred to recover a debt, including legal costs. We also reserve a right, at our absolute discretion and without further notification, to sell the debt in its entirety to another party. |
7. International transfers
From time to time your personal data will be transmitted through or stored or processed in other countries which are outside of Ireland and the European Economic Area.
These countries include:
- United Kingdom
- Cayman Islands (domicile of Likoma Holdings Limited, a Strix shareholder).
We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include:
Adequacy Decisions: We will ensure that the specific country provides an adequate level of protection to data privacy as approved by the Irish EU data protection authorities; or
Standard Contractual Clauses: We will put in place a data transfer agreement with the recipient of the information using the contractual wording as approved by the Irish and EU data protection authorities. For further information please contact the Strix Head of Compliance using the details at the end of this notice.
8. Data retention
The duration for which we retain your personal data will vary depending on the type of personal data and our reason for collection and processing. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. To determine the appropriate retention period for personal data, we consider the following:
- the volume of personal data
- the nature, and sensitivity of the personal data
- our obligations and legal requirements to retain your personal data
- the purpose of processing your personal data
- the risk of unauthorised use or disclosure of your personal data
Where we share data with our group companies.
Our group companies may retain the information we share with them for a period of seven years from the date of termination of your relationship with them, or for such other period as may be required from time to time under relevant laws and regulations, including those relating to record keeping and prescription periods. Such information may be retained after your account with them has been closed, and for customer identification purposes in accordance with their record keeping policy.
9. Security of personal data
We will take all appropriate technical and organisational steps to safeguard your personal data. In the unlikely event of a data breach, we will contact you in line with our legal obligations. Access to your personal data will be restricted to those who need to use it for legitimate legal and business purposes.
We follow several industry good practices to ensure this protection is fully effective and the appropriate technical and organisational measures are in place. All personal data is provided protection in line with security and data protection policies.
All our employees and contractors receive mandatory information security and data protection training on being hired and subsequently on at least a yearly basis to ensure that they are aware of the security policies and their specific information security responsibilities. This also ensures that they are properly equipped to perform their duties in maintaining our security posture.
10. Data protection rights
GDPR and the Irish Data Protection Acts provide you, the data subject, with a number of rights when it comes to your personal data. On receipt of a valid request to invoke one of your rights, we will do our best to adhere to your request as promptly as reasonably possible.
Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right so that access may be denied if, for example, making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information.
Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.
Objection: You have an absolute right to object to the processing of your personal data for direct marketing. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our services.
In other cases where the right to object applies, the right is not absolute and only applies in certain circumstances.
Restriction: You have the right to ask us to block or restrict the use of your personal data. The right is not absolute and only applies in certain circumstances.
Portability: You have the right to request to move, copy or transfer personal data from one IT environment to another in a safe and secure way, without affecting its usability.
Erasure: You have the right to ask us to erase personal data we hold about you. The right is not absolute and only applies in certain circumstances.
Right to withdraw consent: If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing. If you withdraw your consent, this will not invalidate the lawfulness of any processing carried out on the basis of consent before you withdrew it.
Data Protection Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority (See section 11) or to seek a remedy through the courts. Details of how to make a data protection rights request, query or to opt-out of marketing are below.
11. Contact us
Making a data protection rights request
To exercise your rights or raise a query about the way we handle personal data, please email us at dataprivacy@strix.com
Alternatively, write to us at:
Head of Compliance
Strix Asset Management Limited
Suite 3, One Earlsfort Centre,
Hatch Street Lower,
Dublin 2,
Ireland
Please provide as much detail as possible to help us deal with your request, such as the context in which we may have processed your information and the likely dates when we processed it. We may ask you to provide ID for identification and verification purposes. If you require any assistance with completing the form, email us at dataprivacy@strix.com.
If a request is submitted by a third-party representative (such as a solicitor) on your behalf, we may require additional documentation, such as a signed Letter of Authority.
You have the right to lodge a data protection complaint with the Irish Data Protection Commissioner’s Office. However, we would be grateful for an opportunity to resolve matters with you in the first instance.
If you would like to update your contact details or update any of your communication preferences, please get in touch with your usual contact at Strix by phone, post or email. Please allow 14 days from receipt of your information for any changes to be reflected across our systems.
To make a complaint about our services, please follow the Complaints Procedure on our website.
12. Changes to this Privacy Notice
This Privacy Notice may be updated from time to time. Please check here for the most recent information on how we process your personal data.