Privacy notice


RBC Brewin Dolphin Channel Islands

CLIENTS AND PROSPECTS (CURRENT AND PREVIOUS); INTERMEDIARIES; AND ASSOCIATED PARTIES.

To view on a mobile phone, or to print, please click here for a PDF version

1  About this Privacy Notice

2  Data controller

3  Sources of data collection

4  Types of personal data

5  Purposes for processing

6  Sharing of data

7  International transfers

8  Data retention

9  Security of personal data

10 Data protection rights

11 Contact us

12 Changes to this Privacy Notice

Executive Summary

This is a summary of how RBC Brewin Dolphin Channel Islands Limited (“we”, “us”, and “our”) processes personal data. As a subsidiary of Brewin Dolphin Limited (a company registered in England and Wales), we are a member of both the RBC Brewin Dolphin Group and the broader RBC Group.

More information on how RBC Brewin Dolphin Group manage your data can be found at https://www.brewin.co.uk/privacy-notice

Who is this privacy notice for: This privacy notice applies to current or previous clients, prospective clients, intermediaries or clients of intermediaries, and any associated parties

Why we collect personal data: We collect your personal data in the course of providing our services.

Where we collect personal data from: We may collect personal data directly from you, our staff, third parties or our clients. This is likely to be done face-to-face, by post, over the phone or online.

What personal data we collect: Types of data that we collect include personal details, financial data, ID and verification documents, special category and sensitive data, technical data from your personal devices, and any other information which you choose to provide.

What we use personal data for: We only use personal data for necessary and proportionate purposes. These include for advising you from the time you are a prospective client to the time we onboard you as our client, carrying out suitability assessments and anti-money laundering checks, managing and administering your accounts, managing relationships with intermediary firms, recording calls for regulatory compliance reasons, marketing and events, handling feedback, requests, queries and complaints, and improving the quality of our products and services.

Our legal basis for processing personal data: As a controller, we ensure that we and our processors process personal data lawfully. Most commonly, we will process data to perform a contract with you, to comply with a legal or regulatory obligation, in our or your legitimate interests or with your consent. We may rely on other lawful bases from time to time, including where we process sensitive or special categories of data.

Who we may share personal data with: We are part of the RBC Brewin Dolphin Group which is owned by Royal Bank of Canada (“RBC”). Where we have a valid business need, we may share personal data with other entities both within the RBC Brewin Dolphin Group and the broader RBC Group, as well as with third parties, including our business partners, service providers, credit reference agencies, government bodies, regulatory authorities and agencies. Your data is likely to be shared within and outside of Jersey or the European Economic Area. Transfers outside of Jersey or the European Economic Area are carried out with the appropriate safeguards and transfer mechanisms are in place.

How long we keep personal data for and our security measures: We keep your data until the purpose for which it was collected is fulfilled and in line with our retention schedules. We may need to keep certain data for longer to fulfil any legal, regulatory or reporting requirements. Your data is processed and stored securely in our systems, and, in the unlikely event of a data breach, we would take appropriate steps to notify the regulator or you where applicable.

Your rights and making queries or complaints: You can exercise your rights or make a query or complaint about the way we handle personal data by using the contact details in the “Contact Us” section of our Privacy Notice.

Cookies: For information about how we use cookies, please see our Cookie Policy.

Marketing: If you would like to update your contact details or update any of your communication preferences, please get in touch with your usual contact at Brewin Dolphin by phone, post, or email. If you are a private client, you can also use the Client Preference Centre or, if you are a business client or a non-client, the Preference Centre. Please allow 14 days from receipt of your information for any changes to be reflected across our systems.

1. About this Privacy Notice

This privacy notice applies to current or previous clients, prospective clients, intermediaries or clients of intermediaries, and any associated parties, and explains how RBC Brewin Dolphin Channel Islands (“we”, “us”, and “our”) process personal data. We are part of the RBC Brewin Dolphin Group (Brewin Dolphin Ltd), a company registered in the United Kingdom. More information on how RBC Brewin Dolphin Group manage your data can be found at https://www.brewin.co.uk/privacy-notice

The purpose of this Privacy Notice is to outline how we process personal data, including special categories of data, and the legal basis on which personal data is processed by us. It is important that those whose personal data we process read and understand this Privacy Notice.

Please note that this Privacy Notice provides an overview of how we process personal data and we may provide further information in just-in-time privacy statements during the course of your interactions with our people and services.

2. Data controller

For the purposes of applicable data protection law, in particular Data Protection (Jersey) Law 2018, your data will be controlled by RBC Brewin Dolphin Channel Islands.

3. Sources of data collection

Directly from you or our employees

We collect and process personal data to provide our services to you. This data may be collected directly from you or by our employees, on your behalf.

Third parties

We may process personal data collected from, and relating to, third parties, for example, public sources, a pension or product/service provider, intermediaries, financial advisers, dealers, brokers, introducers and authorised representatives acting on your behalf such as a family member or legal representative. This can include information about you and other individuals, such as your family, and may include information about your health, contact details and relevant assets, financial or policy details for the purposes of administering services we provide to you.

Our clients

We may process personal data about you that is provided to us by our clients, for example, where financial planning involves understanding a client’s dependents and family circumstances.

Personal data is collected through paper or web forms or in face-to-face, phone or e-mail communications. During our client onboarding process and throughout our relationship with you it may be necessary for you to provide personal data, including special categories of data, relating to other people. Where this occurs you must ensure that they understand how their information will be used, have given you their permission to disclose it for these purposes, and allow us and our partners and processors to process it as set out in this Privacy Notice.

Our services are generally not directed towards children, we typically process children’s personal data where they are named on a portfolio as dependants, are beneficiaries, or with regards to trusts.

4. Types of personal data

The type of personal data we collect will depend on the product or service we provide. We will only collect information that is adequate, relevant, and limited to what is necessary in relation to the purposes identified within this Privacy Notice. The table below outlines the categories of personal data we may process, with common examples. Please note that this is an indicative, non-exhaustive list, and the personal data we use may change over time.

Data categoryCommon examples
Personal detailsBiographical

Contact details

Gender

Marital Status

Official identification documents

Internal client identification codes

National identification numbers

Family circumstances and background

Behavioural and lifestyle

Education and employment History

Organisational roles including trusteeships, directorships, and partnerships

Records of communications and correspondence including phone and video recordings

Marketing and communication preferences

Dietary requirements

CCTV footage

Opinions, comments and feedback

Any other personal information that you choose to share with us during communications e.g., opinions, holiday, and travel plans.
Financial dataCurrent financial situation

Financial history

Financial planning

Source of wealth and source of funds

Billing and banking

Tax

Pension

Insurance policies and positions

Credit status

Risk appetite and score

Portfolio position and performance

Records and logs of activities on your accounts

Service, product and account information and history

Ethical and investment restrictions

Any other financial information that you choose to share with us
Special category and sensitive dataMental and physical health, including vulnerability

Nationality

Any other personal information that you choose to share with us, such as political or religious views and criminal convictions and judgements
Anti-money laundering (“AML”) dataOfficial documentation to verify identity including:

Identification documents (which may include photographic identification and signatures)

Other official documentation on request

Official documentation to verify address including:

Bank statements

Utility bills

Other official documentation on request

Source of wealth and source of funds

Details for conducting Politically Exposed Person and Sanctions checks against relevant lists

Adverse media reports

Criminal convictions and judgements relating to, or resulting from, above checks or which you have told us about
Anonymised dataIn addition to the categories of personal data described above, we produce anonymised and aggregated data and information that is not processed by reference to a specific individual
Cookies and technical dataWe collect cookies from your device when you access and use our website. For more information, please see our Cookie Policy

5. Purposes for processing

Our primary purpose of processing personal data is to provide our services to our clients. This includes onboarding clients, assessing suitability for financial products and services, providing investment advice, and sending information about marketing products, services, and events that you may be interested in. We will take steps to ensure that personal data is handled only by personnel that have a need to do so for the purposes described in this notice.

The table below provides examples of the purposes for which we process personal data and the lawful basis we rely on under Article 6, Article 9 and Article 10 GDPR and UK GDPR. Please note that this is an indicative, non-exhaustive list

ProcessPurpose of processingLawful basis for processing
Prospective clientsTo take steps, at your request, prior to entering a contract with us in order to begin the process of onboarding you as a client

To provide tailored information on our offerings to you as a prospective client and to market our services
Consent

Contract

Legitimate interests
Client onboardingTo onboard you as our client and set up a file with your documentation, including information relating to vulnerability or health position if applicable, and to verify your identity.

To execute our business relationship with you. For example, we ask you to complete a client risk questionnaire, provided by our supplier Oxford Risk, before risk discussions in order to generate a risk appetite score (regularly reviewed and agreed by you) on which to base our services during the course of your relationship with us
Contract
 
Article 6 (1) (f) – Legitimate interests
 
Explicit consent
Public interest
AML checksTo verify your identity and comply with legal obligations under AML legislation where applicable.

To prevent, detect and report fraud, money laundering and other offences

To protect our business and for risk management
Legitimate interests

Public interests

Regulations

Other legal obligations

Prevention of unlawful acts
Suitability assessmentsTo ensure suitability for financial products and services including information relating to vulnerability or health position if applicable. Suitability is regularly reviewed throughout your relationship with usLegitimate interests

Explicit consent

Public interest regulations

Other legal obligations
Management and administration of accounts, systems, services, products and offerings including via online and digital platformsTo provide services, products or offerings, including online and digital, as requested.

To provide investment management and financial planning services to you directly or through third party intermediaries or representatives.

To effectively manage, administer and operate contractual arrangements and comply with instructions or requests on your behalf. We may use providers such as DocuSign to securely exchange information with you.

To analyse and report on the effectiveness of our operations and growth strategies to increase efficiency, innovation and maintain a competitive edge.

To administer fees and charges
Contract

Legitimate interests

Other legal obligations
Management and transfers of pensionsTo manage and administer pensions or transfer your pension to or from a third-party pension providerConsent
 
Contract
 
Legitimate interests
Recording of telephone and video callsTo comply with regulatory monitoring requirements under financial regulations by recording communications in phone calls and through Microsoft Teams. For training, quality and product and service development and improvement.

To use as evidence in the event of a dispute or as evidence in court
Legitimate interests

Other Legal Obligations
Marketing and non-marketing communications and eventsTo send appropriate marketing communications, knowledge and insight and recommend products and services that we think might be suitable for you or that we think is of importance, interest or relevance, including in response to requests from you via our webforms.

To invite you to exclusive face-to-face and online events and webinars that we think you may be interested in and manage your attendance, including updating you with key information such as date, time and location.

To ensure that where you have unsubscribed or ‘opted-out’ of certain communication types or channels, including marketing, we do not send such communications to you.

To notify you and associated parties about important changes to our services, products or offerings and provide non-marketing communications about valuations, statements and account information
Marketing & Events

Consent

Legitimate interests

Non-marketing

Legitimate interests

Other Legal Obligations
Automated decision-makingTo carry out marketing activities which may involve the use of segmentation tools provided by third parties

To advertise our products and services using digital channels, including on the internet and social media
Consent

Contract

Legitimate interests
Handling complaints, queries and legal claimsTo respond to complaints, legal claims, data breaches or data protection rights requestsLegitimate interests

Legal proceedings
Management and operations of technology and systemsTo enable quick and easy access to information on RBC Brewin Dolphin services.

To maintain security of our systems and prevent fraud and offer proactive, up-to-date security for our technology services.

To obtain further knowledge of current threats to network security in order to update our security solutions.

To analyse, test, develop and improve our systems and services
Legitimate interests
Regulatory and internal complianceTo comply with regulatory audit and reporting requirements.

To monitor the use of our copyrighted materials and comply with internal policies and procedures
Legitimate interests

Other legal obligations
CCTV surveillanceTo use CCTV footage at some of our locations for monitoring and securing our premises, assets, staff and visitorsLegitimate interests
Cookies and technical dataTo collect, through our technology security services, traffic and security reports, information and activity logs on the usage of our systems and services. For example, websites visited by users, documents downloaded, security incidents and prevention measures taken by the gateway.

To collect, analyse and report on technical information about the services that you interact with when visiting our websites, applications and online advertisement. For more information, please see our Cookie Policy
Consent

Legitimate interests

6. Sharing of data

We are part of the RBC Brewin Dolphin Group which is owned by Royal Bank of Canada (“RBC”). Where we have a valid business need, we may share personal data with other entities both within the RBC Brewin Dolphin Group and the broader RBC Group, as well as with third parties, including our business partners, service providers, credit reference agencies, government bodies, regulatory authorities and agencies. Any transfer of personal data is based on a lawful basis, and we will only engage third parties that have appropriate technical and organisational measures to process, store, and safeguard personal data. While the third parties that we engage may change occasionally, the following table is an indicative, non-exhaustive list to help you understand the types of data sharing activities we undertake.

Third partyPurpose of sharing
Royal Bank of Canada (RBC) Group entities.We are owned by Royal Bank of Canada (“RBC”) and we are part of the RBC Group. We share data with other RBC Group entities to operate and manage shared services, systems and suppliers, request information about services and offerings provided by another entity, to transfer or refer clients, to undertake client AML checks, to conduct internal reporting and to co-operate in the investigation and response to complaints, legal claims, data breaches or rights requests.
RepresentativesWe may share information with authorised representatives acting on your behalf, such as a family member or legal representative.
Suppliers and vendorsWe outsource certain functions to third party suppliers and vendors to assist with our business operations and may share certain types of personal data in the course of business. This may include accountants, professional advisers, IT and technical support providers, communications providers and specialist financial service providers and platforms.
Credit reference agencies and AML companiesWe may undertake an electronic check to verify the personal identity information you have provided. The check will be undertaken by a reputable referencing agency or AML company which will retain a record of that check according to their retention policy. This information may be used by other firms or financial institutions for fraud prevention purposes.

For example:

LexisNexis

SmartSearch

Experian
Our business partnersWe may share data with our business partners including intermediaries, financial advisers and pension or product/service providers, who provide you or your organisation with services alongside or related to those provided by us.  Your information may be shared for the purpose of facilitating and hosting face-to-face and online events and webinars. We may also share information to co-operate in response to complaints, legal claims, regulatory authority requests, data breaches or data protection rights requests.
Government departments, bodies or agenciesWe may disclose information to any court or tribunal or government, regulatory, law enforcement, fiscal or monetary authority or agency where reasonably requested to do so or if required by applicable law, regulations or guidelines or in order to resolve queries, concerns or complaints.

For example:

HMRC

National Crime Agency

The police

Financial Conduct Authority

Information Commissioner’s Office

Financial Ombudsman Service

Central Bank of Ireland



Recipients may also include tax, law enforcement and regulatory bodies, and courts and judicial bodies in other countries, such as the US, where applicable.
Prospective buyers or sellersIn the event we decide to sell any of our business or assets, or buy another business or its assets, we may share information for due diligence purposes. If we are acquired by a third party, personal data held by us about you will be disclosed to the third-party buyer.
Debt collection agenciesWe reserve the right after notifying you to refer a debt, which you are unable or unwilling to pay, to a debt collection agency to recover our funds and any costs incurred to recover a debt, including legal costs. We also reserve a right, at our absolute discretion and without further notification, to sell the debt in its entirety to another party.

7. International transfers

From time to time your personal data will be transmitted through or stored or processed in other countries which are outside the UK and the European Economic Area.

These countries include: 

  • Guernsey
  • Jersey
  • Switzerland
  • Canada; and 
  • United States of America

We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include:

Adequacy Decisions: We will ensure that the specific country provides an adequate level of protection to data privacy as approved by the UK and EU data protection authorities; or

Standard Contractual Clauses: We will put in place a data transfer agreement with the recipient of the information using the contractual wording as approved by the UK and EU data protection authorities. For further information please contact the Data Privacy Team using the details at the end of this notice.

8. Data retention

The duration for which we retain your personal data will vary depending on the type of personal data and our reason for collection and processing. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. To determine the appropriate retention period for personal data, we consider the following:

  • the volume of personal data
  • the nature, and sensitivity of the personal data
  • our obligations and legal requirements to retain your personal data
  • the purpose of processing your personal data
  • the risk of unauthorised use or disclosure of your personal data

Where we share data with RBC

RBC will retain the information we share with them for a period of seven years (or 11 years if the data controller of your personal information is located in Jersey) from the date of termination of your relationship with them, or for such other period as may be required from time to time under relevant laws and regulations, including those relating to record keeping and prescription periods. Such information may be retained after your account with them has been closed, and for customer identification purposes in accordance with their record keeping policy.

More information on how RBC manage your data can be found at https://www.rbcwealthmanagement.com/en-eu/

9. Security of personal data

We will take all appropriate technical and organisational steps to safeguard your personal data. In the unlikely event of a data breach, we will contact you in line with our legal obligations. Access to your personal data will be restricted to those who need to use it for legitimate legal and business purposes.

We follow several industry good practices to ensure this protection is fully effective and the appropriate technical and organisational measures are in place. All personal data is provided protection in line with security and data protection policies.

All our employees and contractors receive mandatory information security and data protection training on being hired and subsequently on at least a yearly basis to ensure that they are aware of the security policies and their specific information security responsibilities. This also ensures that they are properly equipped to perform their duties in maintaining our security posture.

10. Data protection rights

The Data Protection (Jersey) Law 2018 provides you, the data subject, with a number of rights when it comes to your personal data. On receipt of a valid request to invoke one of your rights, we will do our best to adhere to your request as promptly as reasonably possible.

Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right so that access may be denied if, for example, making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information.

Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.

Objection: You have an absolute right to object to the processing of your personal data for direct marketing. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our services.

In other cases where the right to object applies, the right is not absolute and only applies in certain circumstances.

Restriction: You have the right to ask us to block or restrict the use of your personal data. The right is not absolute and only applies in certain circumstances.

Portability: You have the right to request to move, copy or transfer personal data from one IT environment to another in a safe and secure way, without affecting its usability.

Erasure: You have the right to ask us to erase personal data we hold about you. The right is not absolute and only applies in certain circumstances.

Right to withdraw consent: If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing. If you withdraw your consent, this will not invalidate the lawfulness of any processing carried out on the basis of consent before you withdrew it.

Data Protection Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority (See Section 11) or to seek a remedy through the courts. Details of how to make a data protection rights request, query or to opt-out of marketing are below.

11. Contact us

Making a data protection rights request

To exercise your rights or raise a query about the way we handle personal data, please email us at dataprivacy@brewin.co.uk.

Alternatively, write to us at:

Data Privacy Team

RBC Brewin Dolphin

12 Smithfield Street

London

EC1A 9LA

Please provide as much detail as possible to help us deal with your request, such as the context in which we may have processed your information and the likely dates when we processed it. We may ask you to provide ID for identification and verification purposes. If you require any assistance with completing the form, email us at dataprivacy@brewin.co.uk.

Requests received by third parties on your behalf

If a request is submitted by a third-party representative (such as a solicitor) on your behalf, we may require additional documentation, such as a signed Letter of Authority.

Data Protection Complaints to the relevant Information Commissioner

You have the right to lodge a data protection complaint with the Jersey Office of the Information Commissioner (https://jerseyoic.org). However, we would be grateful for an opportunity to resolve matters with you in the first instance.

Changing your marketing preferences

If you would like to update your contact details or update any of your communication preferences, please get in touch with your usual contact at RBC Brewin Dolphin by phone, post or email, or visit the Preference Centre. Please allow 14 days from receipt of your information for any changes to be reflected across our systems.

If you are a private client, update your preferences at the Client Preference Centre.

If you are a business client or non-client, update your preferences at the Preference Centre.

Complaints about our services

To make a complaint about our services, please follow the Complaints Procedure on our website.

12. Changes to this Privacy Notice

This Privacy Notice may be updated from time to time. Please check here for the most recent information on how we process your personal data.

Last updated: January 2023


The value of investments and any income from them can fall and you may get back less than you invested.