1. WHO ARE WE?
Quest is committed to maintaining, protecting and respecting your privacy and the confidentiality, integrity and security of personal information about yourself or others that you may provide. If you do give us any personal information about yourself or others, we are committed to treating it securely, fairly and lawfully.
The “Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union (“EU”), the European Economic Area (“EEA”) and their member states, and the United Kingdom (“UK”), including the General Data Protection Regulation 2016/679/EU (“GDPR”), the Data Protection Bill (“DPB”) and their respective successors, applicable to the protection of natural persons with regard to the processing of Personal Data (as defined under the GDPR) and on the free movement of such data.
2. THE DATA CONTROLLER
For the purpose of the Data Protection Laws and Regulations, the data controller of the personal data you provide is Quest. We are responsible for, and control the processing of, your personal information. Further information can be obtained by contacting us. (See the “How to Contact Us” section below.)
Details of the related affiliates can be obtained by contacting us. (See the “How to Contact Us” section below.)
We may collect, record and process the following categories of personal data:
3.1 Investor/Client Information
This covers any personal data relating to our customers, clients, investors and related contacts. The data that we may collect, record and process may include contact details (including name, title, address, telephone number, personal email address), date of birth, copies of passport, driving licences and utility bills, national insurance number, bank account details and details relating to investment activity.
3.2 Business Contact Information
This covers any personal data relating to our business contacts. The data that we may collect, record and process may include data about contacts provided including, but not limited to, name, date of birth, address, email address, telephone numbers, the place of work and job title.
3.3 Website Information
This covers any personal data relating to any visitors to our website. The data that we may collect, record and process may include name, date of birth, address, email address, telephone numbers, technical data (including internet protocol (“IP”) address, source of access to the website, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access our website, usage data (including information about how the website is used) and marketing and communications preferences (including preferences in receiving marketing and other communication preferences).
We do not collect, record and process "special categories" of sensitive personal data from our website. This includes details about race or ethnicity, religious or philosophical beliefs, criminal convictions and offences.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
5. INFORMATION WE MAY COLLECT FROM YOU
5.1 Information you give us
You may give us information about you by filling in forms on our site or forms that we have given to you to fill in, by corresponding with us via telephone, email, facsimile or otherwise. This includes information you provide when you register to use our site, log in to a service, when you report an issue with our site and/or you subscribe to a service provided by Quest. The information you give us may include:
- Your name;
- Your email address;
- Your telephone number;
- Your date of birth;
- Information about your investment strategies, objectives and risk tolerances;
- Information about the institution you work for
- Information on your regulatory status
- Personal Information you offer up
- Any further personal information required as part of the provision of our services or required as part of a product application or which you share through our site.
5.2 Information we collect about you
Each time you visit our site we may automatically collect the following information:
- Technical information including the internet protocol (“IP”) address used to connect your computer to the internet, your log-in information, browser type and version, browser plug-in types and versions, time zone setting, operating system and platform; and
- Information about your visit, including the Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time); items you searched for; page response times; download errors, length of time spent on pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call us.
6. INFORMATION WE RECEIVE FROM OTHER SOURCES
We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, criminal records check agencies).
We receive personal data from these third parties from time to time. We may combine this information with information you give to us and information we collect about you. We may use this information and combined information for the purposes set out below (depending on the types of information we receive).
6.1 Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations, emails and other electronic communications) for the purpose of quality assurance, training, fraud prevention and compliance with our obligations under applicable legislation.
6.2 Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- Give consent on his/her behalf to the processing of his/her personal data;
- Receive on his/her behalf any data protection notices; and
- Give consent to the processing of his/her personal data which may include all of the information listed above.
7. HOW WE USE YOUR INFORMATION
We use information which you have given to us and we have collected and hold about you in the following ways:
- To provide and improve our services to you;
- To manage our relationship with you and our clients;
- To provide you, or permit selected third parties to provide you with information about products or services we feel may interest you;
- To notify you about changes to our service;
- To provide you with personalized content;
- To process and respond to inquiries;
- To carry out our obligations arising from any contracts entered into between you and Quest and to provide you with the information, products and services that you request from us;
- To comply with our legal and regulatory obligations;
- To measure or understand the effectiveness of marketing communications, advertising and or financial promotions we serve to you and others, and to deliver relevant marketing communications, advertising and or financial promotions to you;
- To ensure that content from our site is presented in the most effective manner for you;
- To administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To compile anonymous statistics, for example, website usage statistics;
- To keep our site safe and secure; and
- For other legitimate business purposes.
8. LEGAL BASIS FOR PROCESSING
We need to use the personal data to enable us to perform our contract with you (“Contract”) and/or to enable us to comply with legal obligations (“Legal”). In some cases we may use your personal data to pursue legitimate interests of the Firm or those of third parties (“Legitimate Interest”), provided your interests and fundamental rights do not override those interests.
Some of the reasons for processing will overlap and there may be several grounds which justify our use of your personal data. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not anticipate being required to obtain your consent for the processing of your personal data. If we consider it necessary to use your personal data for other purposes which do require your consent, we will contact you to request this consent.
In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Providing your consent is not a condition of any contractual agreement with us. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal.
To withdraw your consent, please contact our Data Protection Officer (“DPO”), see the “How to Contact Us” section below.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We would like to send you information by post, email, telephone, text message (“SMS”) or automated calls about our products, services and/or news which may be of interest to you. Other related affiliates may also send you similar marketing messages, depending on what you agree with us. We will only ask whether you would like us to send you marketing communications when you tick the relevant boxes when you signed an agreement with us or filled out a form provide by us or on our site.
You can change your preferences for receiving marketing communications and other information from us at any time. You can unsubscribe at any time through either an automated online service or, if this is not available, by the method referred to in the footer of sent marketing communications, or by contacting us. (See the “How to Contact Us” section below.)
Email marketing messages may contain tracking beacons and/or tracked clickable links or similar server technologies in order to track subscriber activity. Where used, such marketing communications may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
If you have consented to such receive marketing communications from us, you can opt out at any time. See the “Your Rights” section below for further information.
Please note that we may use your marketing and content preferences, and other information you provide to us (including details of your attendance at, or interest in, events) in order to build a profile for you. We may supplement this profile with information about how you use our site, review our content and interact with us. We use this profile to try and ensure that you only receive information that you are likely to find of interest.
10. IDENTITY AND ANTI-MONEY LAUNDERING CHECKING
We may do an identity and/or credit check on you:
- So that we and other related affiliates can verify your identity;
- Make credit decisions about you and members of your household; and
- To prevent and detect fraud and money laundering.
Our search will be recorded on the files of the credit reference agency.
We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked.
Other credit businesses may use your information to:
- Make credit decisions about you and the people with whom you are financially associated;
- Trace debtors; and
- Prevent and detect fraud and money laundering.
If you provide false or inaccurate information to us and we suspect fraud, we will record this.
If you want to see your identity check and/or credit file, please contact us using the contact information below and we will provide you with the details of the agencies which we use so that you can contact them directly to obtain the relevant information.
11. DISCLOSURE OF YOUR INFORMATION
Quest may disclose your personal data to another entity for the purposes of outsourcing one or more of the services provided by us; or, to confirm or update information provided by you; or to inform you of events, information about our services, and other important information, or for other purposes disclosed at or before the time the information is collected. We may share your information when legally required to do so.
We may share your personal information with:
- Other companies affiliated with us;
- Our agents and service providers (including custodians);
- Credit reference agents – see “Credit Checking” section above;
- Our business partners in accordance with the “Marketing and opting out” section above;
- Suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- In the event that we buy or sell any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- Law enforcement agencies in connection with any investigation to help prevent unlawful activity;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, where requested by regulatory agencies, or in order to enforce or apply our Terms and Conditions and other agreements or to protect the rights, property or safety of Quest. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- Financial institutions and other similar organisations that we deal with in the course of the services we offer; and
- Auditors, accountants, legal counsel or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.
When we share your information with third parties they will process your information either as a data controller or as our data processor and this will depend on the purpose of our sharing the personal data. We will only share your personal data in compliance with the applicable data protection legislation and the Data Protection Laws and Regulations.
A list of our selected third parties with whom we may share your information is available by contacting us at email@example.com.
12. WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers located in Europe, primarily in the United Kingdom, Ireland and the Netherlands.
We have put in place what we consider to be appropriate security measures against unlawful or unauthorised processing of the personal data we hold about you, and against the accidental loss of, or damage to, such personal data. We use both technical and procedural methods to maintain the integrity and security of our databases, including firewalls. But please be aware though that no security measures are perfect or impenetrable.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
We will not be responsible or liable for any damages, losses or causes of action arising out of or in connection with the disclosure of your personally identifiable information.
If you have any particular concerns about your information, please contact us (see “How to Contact Us” section below).
You are responsible for keeping your password, user name and other log-in identity details secure and confidential. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
14. ACCURACY OF PERSONAL DATA
We try to ensure that the information we hold about you is accurate and kept up-to-date by contacting you at regular intervals and asking you to confirm that this is the case, or if not, to provide us with updated details. However, if at any time you believe that any information we are holding about you is inaccurate, out-of-date or incomplete, please notify us at firstname.lastname@example.org, as soon as possible. We will promptly correct or delete any information found to be incorrect.
15. TRANSFERS OF YOUR INFORMATION OUT OF THE EEA
Quest operates internationally and, as such, personally identifiable information may be used in countries outside of the European Economic Area ("EEA"), which may not have data protection regulations as stringent as those in Europe.
Rest assured that we will always ensure any transfer is subject to appropriate security measures to safeguard your personal data including entering into European Commission (“EC”) approved contracts that that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
Details of any third parties located outside of the EEA to which your personal data is transferred will be communicated to you in accordance with the terms of the agreement with you. We do not transfer your information outside of the EEA other than in accordance with an agreement you have with us.
16. ACCESS AND YOUR RIGHTS
16.1 The right to ask us to stop contacting you with direct marketing
Even if you have accepted the processing of your personal data for marketing communication purposes (by ticking the relevant box), you have the right to ask us to stop processing your personal data for such purposes.
Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
You can exercise this right at any time by contacting us at email@example.com.
16.2 The right to request a copy of your information
You can request a copy of your information which we hold (this is known as a “Data Subject Access Request” or “DSAR”).
If you would like a copy of some or all of your information, please contact us at firstname.lastname@example.org; and let us know the specific information you want a copy of.
Any data subject access request may be subject to a reasonable fee to cover the administration cost of providing you with details of the information we hold about you.
16.3 The right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please contact us at email@example.com; and let us know the specific information that is incorrect and the specific information you want it replaced with.
16.4 The right to request we cease processing your information
You may request that we cease processing your personal data. If you make such a request, we shall retain only the amount of personal data pertaining you that is necessary to ensure that no further processing of your personal data takes place.
16.5 The right to request deletion of your information
You can ask us to erase all your personal data (also known as the “right to be forgotten”) in the following circumstances:
- It is no longer necessary for Quest to hold that personal data with respect to the purpose for which it was originally collected or processed;
- You wish to withdraw your consent to us holding and processing your personal data;
- You object to us holding and processing your personal data (and there is no overriding legitimate interest to allow us to continue doing so);
- The personal data has been processed unlawfully; or
- The personal data needs to be erased in order for us to comply with a particular legal obligation.
Unless we have reasonable grounds to refuse to erase your personal data, all requests for erasure shall be complied with.
18. HOW TO CONTACT US
Quest is in the process of registering with the UK Information Commissioner’s Office (“ICO”) and will update the this Policy with the number as soon as it is complete.
If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data in accordance with the Data Protection Laws and Regulations you have the right to lodge a complaint at the ICO (https://ico.org.uk/).