a-banner

Privacy Notice

Privacy Notice

1. Introduction

This Privacy Notice explains how Strix Asset Management Limited (“Strix”,“we”, “us”, and “our”) process personal data. It describes where we obtain personal data, what we do with it, the legal basis relied on for processing, the retention of the personal data, the recipients, and transfers of personal data and how we ensure data protection rights are respected. Please contact us using the details at the end of this Notice for more information regarding the specific Strix entities covered by this Privacy Notice.

This Privacy Notice reflects the requirements as set out in Article 13 and 14 of the General Data Protection Regulation (2016/2016/679) (GDPR) the Irish Data Protection Acts 1988 to 2018 as amended.

This Privacy Notice applies to individuals whose personal data we process in the course of operating as a data controller.

2. Data controller

Strix acts as personal data controller within the meaning of GDPR. A data controller is defined in the GDPR as the entity who determines the ‘why’ and the ‘how’ in terms of processing your personal data.

There may also circumstances where we process your personal data as a data processor. In this instance, we are acting upon the instructions of our clients, who are the data controllers. This processing activity is outside the scope of this Privacy Notice. The personal data collected, the purpose of collecting, the means of collecting and the retention period are all determined by our clients, the data controllers and outlined, in their respective data protection notices or similar documents.

We shall process personal data lawfully, fairly and in a transparent manner. As explained in this Privacy Policy, personal data is collected for specified and explicit purposes and not further processed in a manner that is inconsistent with those purposes.

If you are a Strix employee, contractor or job applicant, please refer to the Data Protection Information in the Strix Employee Handbook.

3. Sources of data collection

We may collect personal data directly from you:

  • via application forms/account opening forms,
  • through feedback forms and other forums,
  • when you purchase any of our products or services,
  • when you register for and attend an event we organise,
  • via our telephone calls or video calls with you, which may be recorded,
  • when you provide your details to us either online or offline,
  • when you send an email or letter,
  • via cookies, which you can find out more about in the cookies policy on our website,
  • when you subscribe for our newsletter.

Depending on the nature of our relationship with you, we may also collect your personal data from several different sources including:

  • through companies which validate identity for financial crime purposes using tools such as the electoral register (this is not a credit check, but a record of the search may be retained),
  • from third party registers maintained by regulators such as the Central Bank of Ireland,
  • through business interactions between you and other Strix group companies,
  • from your authorised independent financial advisor,
  • from family members/ or your legal representative or an appropriately appointed authorised representative if you become incapacitated or unable to provide information relevant to your investment,
  • from your employer, if you work for a client organisation or service provider we deal with,
  • from the organisation that you are a director/partner/ member of.

4. Types of personal data

Personal Data is information that identifies you as an individual.

We will only collect information that is adequate, relevant, and limited to what is necessary in relation to the purposes identified within this Privacy Notice.

The personal data we collect and process depends on the nature of our relationship with you. For example, you may be,

  • a director or employee of a corporate client or institutional client of Strix,
  • an investor in managed accounts or products we manage,
  • an financial adviser representing an investor,
  • a beneficiary, or a legal representative of an investor,
  • an executor to the estate of a deceased investor,
  • an attendee at an event or a webinar we organise, or
  • a visitor to our website where you have requested information about our products and services.

We set out below the categories of personal data we may process. Please note that this is an indicative, non-exhaustive list, and the personal data we use may change over time.

  • Personal details: names; date of birth / age; nationality; identity card or passport,
  • Contact details: address; telephone number; email address,
  • Employment details: such as industry; role; business activities,
  • Anti-money laundering (“AML”) data, such as documentation to verify identity (including identification documents, which may include photographic identification and signatures and other official and documentation on request), documentation to verify address (including bank statements, utility bills, other official documentation on request), source of wealth and source of funds, details for conducting politically exposed persons, adverse media reports and similar,
  • Sensitive personal data (notably data on criminal and administrative proceedings and sanctions, screening against government, supranational bodies, including but not limited to the European Union and the United Nations Security Council, and/ or law enforcement agency sanctions lists as well as internal sanctions lists and other legal restrictions) only where the processing is necessary for the purpose of complying with regulatory and/or legal obligations,
  • Records of communications and correspondence including phone and video recordings,
  • Marketing preferences,
  • Opinions, comments and feedback which you choose to share with us, and
  • Any other personal information that you choose to share with us during communications.

5. Purposes for processing

We set out below provides examples of the purposes for which we process personal data and the lawful basis we rely on under Article 6, Article 9 and Article 10 of GDPR and the Irish Data Protection Acts 1988 to 2018 as amended. Please note that this is an indicative, non-exhaustive list.

We set out below provides examples of the purposes for which we process personal data and the lawful basis we rely on under Article 6, Article 9 and Article 10 of GDPR and the Irish Data Protection Acts 1988 to 2018 as amended. Please note that this is an indicative, non-exhaustive list.

Process

Purpose of processing

Lawful basis for processing


Client onboarding and due diligence 

If you are a client, a prospective client or a representative of a client, we process your personal data as part of our due diligence and on boarding processes.


Article 6 (1) (b) – Performance of a contract


Article 6 (1) (f) – Legitimate interests


Article 6 (1) (c) – Compliance with a legal obligation


Article 9 (2) (a) – Explicit consent


Article 9 (2) (g) – Substantial public interest



AML checks

If you are a client, a prospective client or a representative of a client, we process your personal data to comply with on-going legal obligations on anti-money laundering and counter terrorist financing, taxation, crime-detection, crime prevention, investigation, the prevention of fraud, bribery, anti-corruption, tax evasion.

Article 6 (1) (c) – Compliance with a legal obligation


Article 6 (1) (f) – Legitimate interests


Article 9 (2) (a) – Explicit consent


Article 9 (2) (g) – Substantial public interest


Article 10 – Schedule conditions for processing


Suitability assessments

If you are a client, and you share with us your circumstances and needs, we will use this to help support and tailor services to you.

Article 6 (1) (b) – Performance of a contract


Article 6 (1) (c) – Compliance with a legal obligation


Article 6 (1) (f) – Legitimate interests


Article 9 (2) (a) – Explicit consent


Article 9 (2) (g) – Substantial public interest


Delivery of client services

If you are client, a prospective client or a representative of a client, we process your personal data for the purpose of delivering a service to that client, for the purpose of maintaining appropriate business records, including maintaining appropriate registers required under applicable law and regulation, for the purpose of quality control, business and statistical analysis, market research, for the purpose of tracking fees and costs, for the purposes of invoicing clients and updating client contact details and for the purpose of customer service, provision of regulatory updates, corporate updates, training, and related purposes.

Article 6 (1) (b) – Performance of a contract


 Article 6 (1) (c) – Compliance with a legal obligation


 Article 6 (1) (f) – Legitimate interests

Maintaining client relationships

If you are client, a prospective client or a representative of a client for the purpose of maintaining our ongoing relationship with you, such as via correspondence and calls, and in connection with the administration of our relationship with you.

Article 6 (1) (b) – Performance of a contract


Article 6 (1) (c) – Compliance with a legal obligation


Article 6 (1) (f) – Legitimate interests

Recording of telephone and video calls

Telephone and video calls with you may be recorded for the purposes of record keeping, security and training. Such recordings may be used as evidence in the event of a dispute or as evidence in court.

Article 6 (1) (b) – Performance of a contract


Article 6 (1) (c) – Compliance with a legal obligation


Article 6 (1) (f) – Legitimate interests


Attendance at an event or a webinar

If you accept an invitation to attend an event or webinar, we process your contact details for registration purposes.

Marketing & Events


Article 6 (1) (a) – Consent


Article 6 (1) (f) – Legitimate interests


Regular Communications

We use your personal data to communicate with you and provide you with information.

Article 6 (1) (b) – Performance of a contract


Article 6 (1) (c) – Compliance with a legal obligation


Article 6 (1) (f) – Legitimate interests


Handling complaints, queries and legal claims

We use your personal data to respond to complaints, legal claims, data breaches or data protection rights requests.

Article 6 (1) (b) – Performance of a contract


Article 6 (1) (c) – Compliance with a legal obligation


Article 6 (1) (f) – Legitimate interests

Regulatory and internal compliance

We process your data to comply with regulatory audit and reporting requirements, to monitor the use of our copyrighted materials and to comply with internal policies and procedures.

Article 6 (1) (c) – Compliance with legal obligation


Article 6 (1) (f) – Legitimate interests

Cookies and technical data

If you are a user of our website, we collect, through our technology security services, traffic and security reports, information and activity logs on the usage of our systems and services. For example, websites visited by users, documents downloaded, security incidents and prevention measures taken by the gateway. We also collect, analyse and report on technical information about the services that you interact with when visiting our websites, applications and online advertisement. For more information, please see our Cookie Policy.

“Article 6 (1) (a) – Consent


Article 6 (1) (f) – Legitimate interests”

6. Recipients of data

We share your Personal Data internally with our employees, agents and service providers and other companies within the Strix group of companies, who are required to maintain the confidentiality of this information. Any transfer of personal data is based on a lawful basis, and we will only engage third parties that have appropriate technical and organisational measures to process, store, and safeguard personal data.

We will disclose your information to the following third parties. Please note that the third parties that we engage may change occasionally and this is an indicative, non-exhaustive list.

  • any member of the Strix group of companies,
  • other people or organisations associated with you, such as authorised representatives, financial advisers, family members, guardians, powers of attorney, lawyers, or legal representative, acting on your behalf,
  • our suppliers and vendors, such as third parties who provide SaaS, IaaS, and/or PaaS services & support, event management, marketing services, market research, couriers and postal services, website hosting, and cloud-based services to us,
  • our lawyers, advisors, and auditors who provide services to us and are subject to confidentiality obligations,
  • credit reporting agencies or AML agencies for the purposes of verifying your identity,
    our business partners, including intermediaries, financial advisers and pension or product/service providers, who provide you or your organisation with services alongside or related to those provided by us,
  • government departments, bodies or agencies, any court or tribunal or government, regulatory, law enforcement, fiscal or monetary authority or agency (for example, the Irish Revenue, the Gardai (Irish police, the Central Bank of Ireland and the Data Protection Commissioner’s Office),
  • prospective buyers or sellers,
  • debt collection agencies.

Some of these third-party recipients will process your personal data on our behalf as data processors. Others will determine the purposes and means of processing of your personal data as data controller and may be permitted to disclose your personal data to other parties in accordance with applicable law.

7. International transfers

From time to time your personal data may be transferred outside of Ireland including to companies situated in countries outside of the European Economic Area (“EEA”) which may not have the same data protection laws as in Ireland. These countries include:

  • United Kingdom,
  • Cayman Islands.

We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of the EEA, in accordance with applicable data protection and privacy laws. These measures include:

  • Adequacy Decisions: We will ensure that the specific country provides an adequate level of protection to data privacy as approved by the Irish EU data protection authorities; or
  • Standard Contractual Clauses: We will put in place a data transfer agreement with the recipient of the information using the contractual wording as approved by the Irish and EU data protection authorities; or
  • Other transfer mechanism: We will utilise any other transfer mechanism approved by the European Commission (e.g. a EU-US data privacy framework).

For further information about any such transfers, please contact the Strix Head of Compliance using the details at the end of this notice.

8. Data retention

The duration for which we retain your personal data will vary depending on the type of personal data and our reason for collection and processing. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. To determine the appropriate retention period for personal data, we consider the following:

  • the volume of personal data
  • the nature, and sensitivity of the personal data
  • our obligations and legal requirements to retain your personal data
  • the purpose of processing your personal data
  • the risk of unauthorised use or disclosure of your personal data

9. Where we share data with our group companies.

Our group companies may retain the information we share with them for such period as may be required from time to time under relevant laws and regulations, including those relating to record keeping and prescription periods. Generally, your Personal Data will be retained until the end of your client relationship with Strix or after an investment has matured/encashed plus a reasonable period of time after that (in most cases 7 years) to:

a) respond to any client account related enquiries;

b) deal with any legal matters (e.g. legal proceedings); or

c) comply with applicable Irish or European Union law.

10. Security of personal data

We will take all appropriate technical and organisational steps to safeguard your personal data. In the unlikely event of a data breach, we will contact you in line with our legal obligations. Access to your personal data will be restricted to those who need to use it for legitimate legal and business purposes.

We follow several industry good practices to ensure this protection is fully effective and the appropriate technical and organisational measures are in place. All personal data is provided protection in line with security and data protection policies.

All our employees and contractors receive mandatory information security and data protection training on being hired and subsequently on at least a yearly basis to ensure that they are aware of the security policies and their specific information security responsibilities. This also ensures that they are properly equipped to perform their duties in maintaining our security posture.

11. Consent

We sometimes need your consent to do certain things, such as sending you marketing emails, and/or collect special category information about your health and wellbeing in order to provide you suitable investment management services or financial planning advice.

When you consent we will: (a) be clear when we are asking for your consent; (b) only use your information if you have freely given us your consent to use it; (c) not have any pre-ticked boxes on our forms (for example, we will not send you marketing emails unless you consent by ticking the marketing box when you apply for a service); and (d) keep a record of your consent and how we got it.

You have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us in writing (see contact details below). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you choose to withdraw your consent, we may not be able to provide you with certain products and services.

12. Data protection rights

GDPR and the Irish Data Protection Acts 1988 to 2018 as amended provide you, the data subject, with a number of rights when it comes to your personal data. On receipt of a valid request to invoke one of your rights, we will do our best to adhere to your request as promptly as reasonably possible.

Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right so that access may be denied if, for example, making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information.

Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.

Objection: You have an absolute right to object to the processing of your personal data for direct marketing. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our services.

In other cases where the right to object applies, the right is not absolute and only applies in certain circumstances.

Restriction: You have the right to ask us to block or restrict the use of your personal data. The right is not absolute and only applies in certain circumstances.

Portability: You have the right to request to move, copy or transfer personal data from one IT environment to another in a safe and secure way, without affecting its usability.
Erasure: You have the right to ask us to erase personal data we hold about you. The right is not absolute and only applies in certain circumstances.

Right to withdraw consent: If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing. If you withdraw your consent, this will not invalidate the lawfulness of any processing carried out on the basis of consent before you withdrew it.

Details of how to make a data protection rights request, query or to opt-out of marketing are below.

13. Contact us

To exercise your rights or raise a query about the way we handle personal data, please email us at info@strixam.com

Alternatively, write to us at:

Head of Compliance
Strix Asset Management
Ella House,
39-43 Merrion Square,
Dublin D02 NP96
Ireland.

Please provide as much detail as possible to help us deal with your request, such as the context in which we may have processed your information and the likely dates when we processed it.

If a request is submitted by a third-party representative (such as a solicitor) on your behalf, we may require additional documentation, such as a signed Letter of Authority.

If you would like to update your contact details or update any of your communication preferences, please get in touch with your usual contact at Strix by phone, post or email. Please allow 14 days from receipt of your information for any changes to be reflected across our systems.

14. Complaints

If you are unhappy with how we have used your personal data you can complain by contacting us (see section 12 above).

You also have the right to complain to your national data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you carried out by Strix infringes the GDPR. The Data Protection Commission is the national data protection authority for Strix.

Data Protection Commission, 21 Fitzwilliam Square D02 RD28 Dublin 2 Tel. +3531 7650100 +353 1800437 737. Website: http://www.dataprotection.ie.

15. Changes to this Privacy Notice

This Privacy Notice may be updated from time to time. Please check here for the most recent information on how we process your personal data.

Cookies Policy

At Strixam.com, we respect your privacy. This website does not use cookies or similar tracking
technologies. We do not collect, store, or process any personal data through cookies.

In accordance with the EU General Data Protection Regulation (GDPR), we confirm that:

● No cookies are set on your device by this website.
● No personal data is collected or shared with third parties.
● No analytics, marketing, or profiling tools are used.