Last updated: 16 October 2018
Hargreaves Lansdown takes the privacy and security of your personal information very seriously, and we’re committed to protecting and respecting your privacy.
As Hargreaves Lansdown, we include the entities we’ve listed below in section 1 (“Who we are”). When we use “Hargreaves Lansdown”, ‘we’, ‘our’ or ‘us’ throughout this Policy, we’re referring to any one of our entities. All our legal entities are registered in England and Wales, and all may act as data controller of your personal information.
We recognise that there are risks to you with us processing your personal information, such as financial loss if there is a security breach, You can find out more information about our security measures in section 4.
We are always looking to improve the information we provide to our customers and contacts so if you have any feedback on this Policy, please let us know using our contact details in section 15.
We explain in this Policy:
- Who we are
- Collecting your information
- How we use your information
- Information security
- Our legal basis for using your information
- How and when we share your information
- Transfers outside of Europe
- How long we store your personal information
- Your rights
- Using our websites
- Contacting us
Your rights to object: You have various rights in respect of our use of your personal information as set out in sections 9 and 10. Two of the fundamental rights to be aware of are that you may:
- ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
- ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person’s, legitimate interest.
You can find out more information in sections 9 and 10.
1. Who we are
|Hargreaves Lansdown plc||02122142|
|Hargreaves Lansdown Asset Management Limited||01896481|
|Hargreaves Lansdown Savings Limited||08355960|
|Hargreaves Lansdown Advisory Services Limited||03509545|
|Hargreaves Lansdown Fund Managers Limited||02707155|
|Hargreaves Lansdown Pension Trustees Limited||01733872|
|Hargreaves Lansdown Pensions Limited||03977269|
|The Hargreaves Lansdown Charitable Foundation||CE007686|
|Hargreaves Lansdown (Nominees) Limited||01824226|
|Hargreaves Lansdown Savings (Nominees) Limited||10584596|
|Hargreaves Lansdown Investment Management Limited||04021749|
|Hargreaves Lansdown Trustee Company Limited||05794815|
|Hargreaves Lansdown Insurance Brokers Limited||01874058|
The registered office for all of our legal entities is: One College Square South, Anchor Road, Bristol BS1 5HL.
This Policy also applies to the websites that Hargreaves Lansdown operates as described in section 11.
2. Collecting your information
We collect and process your information in these circumstances:
- When you give us your personal information by phone, email, and via our websites, in writing or otherwise: This includes but isn’t limited to information you give us when you open an account, request quotations, register for email alerts, request literature, signup for newsletters or enter a competition, promotion or survey. The information you give us can include your name, address, email address and other contact information. It can also include your financial and debit card information and other personal details such as your National Insurance number and health information.
- When you visit our premises: Because of our security policies and procedures in our office premises, we will collect images of visitors using CCTV footage.
- When you visit our website: When you visit our websites we automatically collect information which includes: the Internet Protocol (IP) address used to connect your computer to the internet, your login information, your geographic location, your browser and browser plug-in type and version, and your operating system and platform. We also collect information about your visit, including the source of your visit, and the full click path and mouse movement through our sites (including date and time). This includes the services you viewed, searches you made on our sites, page response times, download errors, length of visits to certain pages, page interaction information (such as page scrolling, mouse clicks, mouse movements and keyed text), and how you navigated away from any page and any phone number you use to call our Helpdesk. We collect this type of information using a website recording service.
- When we email you: From time to time when you open an email we’ve sent you, we automatically collect information including your geographic location, browser type and version, the device, and the operating system and platform you’re using. We also collect information about your email consumption, including the full click path from within and on to our sites (including date and time), and whether you opened, deleted, forwarded, printed or unsubscribed from the email, and also how long the email was open.
- When we receive your information from third party service providers: We may receive information about you from third party service providers such as credit reference agencies, payment service providers, or analytics providers. If you have a workplace pension with us, we also receive personal information from your employer.
If we don’t receive all of the personal information we’ve requested from you, then we won’t be able to provide all of our products and services to you.
Some of the personal information that we collect about you or which you provide to us about you or your family members may be special categories of data. Special categories of data include information about physical and mental health, sexual orientation, racial or ethnic origin, political opinions, philosophical belief, trade union membership and biometric data. We take special care with this data.
3. How we use your information
We use your personal information in the following ways:
- To provide you with any services and/or information you request from us. This also includes carrying out any obligations specified in any contracts between us.
- To get quotations or arrange investments or insurance for you with regulated entities.
- If you contribute to a child’s Junior ISA, we’ll give your name to the parent/guardian who’s responsible for the account.
- If you apply for an account with us for someone else, acting with power of attorney, we’ll use the information you give us about the applicant (including information about the applicant’s mental health) and your role as the attorney to provide the product or service you request.
- To comply with our legal and regulatory obligations, co-operate with the court service, our regulators and law enforcement agencies and to prevent and detect crime.
- If we learn of your insolvency or bankruptcy (or any insolvency proceedings), we’ll transfer your details to the Official Receiver or appointed insolvency practitioner(s).
- To check instructions you’ve given us or to resolve disputes including to establish, exercise or defend our legal rights.
- To improve the quality of our services and to train our staff.
- To let you know about any changes we make to our service.
- To process any job application you submit, or that an agency submits for you.
- To tell you (by mail, email, telephone or otherwise) about products and services we think you could be interested in, based on our products you already have or have shown an interest in. You can opt out of this communication at any time.
- To confirm your identity and address, which includes using automated decisions when we carry out financial crime checks.
- To request your feedback on a product or service via a third party we’ve chosen (we’ll only share your name and email address).
- Gathering data for analysis and research, and to provide management information or other services internally and to third parties.
- To administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes.
- To improve our sites to make sure that our content is as effective as we can for you and for your computer.
- So we can provide services such as the ‘most popular’ information on our site.
- So we can show you and others targeted advertisements when you browse the internet.
- So you can choose to participate in interactive features of our sites.
- As part of our efforts to keep our sites safe and secure and to prevent and detect money laundering, financial crime and other crime.
- To monitor, record, store and use any telephone, email or other communication with you. We’ll update your records with any new information you or a third party give us, and we’ll add it to any information we already have.
- When you call our main contact phone number, 0117 900 9000, we’ll collect the Calling Line Identification information and keep a copy of the call for training and security purposes. We’ll also use your information to help improve our efficiency and effectiveness.
- To deal with any enquiries or issues you have about how we collect, store and use your information, or any requests made by you for a copy of the information we hold about you.
- For internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies.
4. Information security
We take the security of your personal data very seriously, and we use appropriate technologies and procedures to protect your personal information.
We keep our data security policies and procedures up to widely accepted international standards. In addition, we review our policies regularly and update them whenever needed to protect you, and to meet our business needs, changes in technology, and regulatory requirements.
Here are examples of the ways we protect your data:
- We have appropriate technical and organisational measures in place to protect you against accidental loss and unauthorised access, use, destruction or disclosure of your data.
- We have a business continuity and disaster recovery plan that is designed to help us offer our services and protect our people and assets no matter what happens.
- We place appropriate restrictions on access to personal information.
- We implement measures and controls, including monitoring and physical measures, to store and transfer data securely.
- We complete data protection impact assessments in accordance with legal requirements and our business policies.
- We provide data security training for our employees.
- We use a stringent approach to vendor risk management.
The internet is an open medium and we can’t guarantee that any information you send to us by email or via our sites won’t be intercepted or tampered with. Any transmission is at your own risk. To help protect your personal information and minimise the risk of it being intercepted by unauthorised third parties, our secure servers use Secure Socket Layer v3 (SSL) or Transport Layer Security v1 (TLS) encryption when you submit information to us through our sites. You can see this security is in place when you see “https” and the padlock on your URL bar. Older browsers don’t always support current SSL technology, so we recommend that you use an up-to-date browser. Once we’ve received your information, we use strict procedures and security features to try to prevent unauthorised access. For more information please visit our security centre.
5. Our legal basis for using your information
Our legal basis for collecting and using your personal information depends on the exact type of information and how and when we collect it. However, we’ll normally only collect personal information from you, your employer, or another third party where one of the following applies:
- we need your personal information to perform a contract with you (for example if you are a client of one of our financial service products);
- it’s in our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:
- run, grow and develop our business;
- ensure a safe environment for our staff and website visitors;
- marketing, market research and business development;
- provide client services; and,
- for internal group administrative purposes.If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your personal interests or fundamental rights and freedoms which require protection.
- we have your consent (for example you have ticked a box on a form):We may use your special categories of data (such as health information) where you have provided your consent (which you may withdraw at any time after giving it, as described below).We may also process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us and we will stop doing so.
- we have a legal obligation to collect your personal information (such as for H.M.R.C. reporting).When we collect personal information to comply with a legal requirement or to enter into a contract with you, we’ll let you know at that time. We’ll also tell you if providing your personal information is mandatory or not, and what the consequences would be if you don’t provide it. Similarly, if we collect and use your personal information for our legitimate interests (or those of any third party), which are not set out above we’ll tell you at that time what those legitimate interests are.
6. How and when we share your information
We’ll share your personal information with other members of the Hargreaves Lansdown Group to:
- help us to better understand your needs, run your accounts and improve our products and services. This could be, for example, client modelling, or statistical and trend analysis; and
- contact you to tell you about the products and services we provide and think you could be interested in.
We also share your information with the following third parties: partners, suppliers, sub-contractors including but not limited to payment service providers, advertising networks, our professional advisors such as lawyers, auditors, insurers and information, service and software providers that help us improve and optimise our sites.
Our reasons for sharing your information with these service providers include:
- To uphold our part of any contract we enter into with them or you.
- To enforce or apply our statutory disclosures or any other agreement or to protect the rights, property or safety of our sites, our users or others.
- In agreement with advertisers and advertising networks that require your information so they can select and serve adverts about our services to you and others. We will only share your personal information with third party advertisers in order to help them provide services on our behalf.
- With our workplace pensions, or our authorised broker service, when your employer, or their appointed third party, asks us for information about your trades or for the value of your holdings to allow them to comply with their regulatory obligations where you have given us your explicit permission. If you hold a workplace pension with us, we’ll also provide your employer with information about the contributions paid into and fees deducted from your accounts, as well as details of your membership of the relevant scheme.
We will also disclose your information to third parties:
- where it is in our legitimate interests to do so to run, grow and develop our business:
- if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
- if we are under a duty to disclose or share your personal information: in order to comply with any legal obligation, any lawful request from government, judicial bodies or agencies to make sure we comply with our legal and regulatory obligations; with law enforcement officials; and as may be required to meet national security or law enforcement requirements or prevent illegal activity; to work with fraud prevention agencies, other companies and organisations to prevent or detect financial and other crime.
- in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
- to protect our rights, property, or safety and that of our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.
When we share your information with third parties, we make sure the appropriate safeguards are in place to protect your personal information.
We will never sell, trade, or rent your personal information to anyone.
When you use www.hlmarkets.co.uk, in relation to our CFD trading and the Spread Betting service, all your dealing, administration and settlement is carried out by IG (trading name of IG Markets Limited and IG Index Limited). Any personal information you provide in connection with these services can be shared between us and IG. You can find out more about how your personal information is managed when using these services in the dedicated privacy policies, which can be found here (CFD) and here (Spread Betting).
We may also disclose and use anonymised, aggregated reporting and statistics about users of our website or our services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.
7. Transfers outside of Europe
We usually store your information on our secure servers in the United Kingdom.
However, where we use third parties to process your information for us, for any reason detailed in our Terms and Conditions, we may transfer your information to, and store it and process it inside or outside the European Economic Area. This could be for (but isn’t limited to) the following purposes:
- If you’ve agreed with us and your employer that we’ll provide them with your trading activity and account balance details.
- Where a fund group in which you hold units requests details of the investors in their funds to comply with their regulatory obligations.
- In order to obtain quotations or to arrange investments or insurances with regulated entities.
Our partners and service providers may also transfer your personal information outside of the European Economic Area.
We’ll take all steps reasonably necessary to make sure that your personal information is treated securely. For example, as permitted by Article 46 of the General Data Protection Regulation, we use standard contractual clauses with third parties, so that your information is protected to the same standards as it is in the European Economic Area. If your information is sent to the US, in accordance with Articles 45 and 46 of the General Data Protection Regulation we make sure it goes to an organisation that is part of the Privacy Shield or that we use standard contractual clauses with third parties, so that your information is protected to the same standards as it is in the European Economic Area. Privacy Shield is the framework that sets privacy standards for information sent between US and EU countries, and it uses similar standards as the European Economic Area.
Countries outside the European Economic Area where your personal information can be transferred to include: United States of America, Canada, India and Australia.
8. How long we store your personal information
We keep the personal information we collect from you, your employer, and other third parties, where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
We keep all records for a minimum of ten years from when you stop being a client with us, or from when your records were provided to us (whichever is longer). We can use it to respond to any questions or complaints, to maintain records according to rules that apply to us, or for fighting financial crime, including fraud.
In certain circumstances, we will keep your information for longer than ten years – for example if we can’t delete it for technical reasons or for compliance with our legal and regulatory obligations. If your personal information is kept for longer than ten years for research and statistical purposes it will be anonymised.
When we have no ongoing legitimate business need to hold your personal information, we will either delete or anonymise it. If we can’t do this (for example, because your personal information is stored in backup archives), we’ll securely store your personal information, only use it for a purpose we’ve already communicated to you, and isolate it from any further processing until archives are deleted.
Where we process information on behalf of other organisations we apply the same retention periods as above.
We may collect and use your personal information for undertaking marketing by email, telephone and post.
We may send you certain direct marketing communications (including electronic marketing communications to existing customers) if it is in our legitimate interests to do so for marketing and business development purposes.
However, we will always obtain your consent to direct marketing communications where we are required to do so by law.
You have the right to ask us not to process your personal information for marketing purposes. You can do this by contacting us by post or email using the details in the “Contact Hargreaves Lansdown” section below. You can also unsubscribe from emails by following the unsubscribe instructions included in every email. If you are a client, you can also unsubscribe by going to the www.hl.co.uk website and logging into your account, or, by sending us a secure message. Please note: requests to unsubscribe via post, email or secure message are processed internally and may take longer to mark you as unsubscribed than using the unsubscribe link in the footer of our emails. In any case, we will aim to process all unsubscribe requests received by these methods within 5 working days.
10. Your rights
- Right of access: You have the right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your information outside of the European Economic Area.
- Right of to update your information: If any of the information we hold is inaccurate, you can ask us to make any necessary amendments.
- Complaints: If you have any complaints or concerns about our handling of your personal information please do get in touch with us and we will do our best to resolve these. You can contact us on 0117 900 9000 or you write to us at the address below in section 15.
In accordance with Article 77 of the General Data Protection Regulation, you have the right to complain about our collection and use of your personal information to the Information Commissioner’s Office or the data protection authority in the country where you usually live or work, or where the alleged infringement of the General Data Protection Regulation has taken place. For more information, please contact the local data protection authority at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by phone on 0303 123 1113.
You may also seek a remedy through local courts if you believe your rights have been breached.
In certain specific circumstances you also have following further rights:
- Right of deletion: You have a right to ask us to delete any personal information which we are holding about you.
- Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information.
- Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services.
- Right to object: You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
- Right to stop marketing: You have a right to ask us to stop using your personal information for direct-marketing purposes.
We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request, unless we tell you we are entitled to a longer period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
Please contact us at using the details below in section 15 if you would like further information. If you would like to exercise any of your rights you can contact us on 0117 900 9000 or you write to us at the address below in section 15.
11. Using our websites
This Policy applies when you use one of the above websites and their content. Partners who provide content or other linking sites found on our websites can also gather information and you should check their privacy notices.
If you visit our websites or use our mobile and/or tablet apps (collectively referred to as “our sites”) you acknowledge that the practices described in this Policy apply. Our sites can, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please remember that they have their own policies and that we do not accept any responsibility or liability for their policies or how they collect and use your information.
We do not and will not knowingly collect information from any unsupervised child under the age of 13. If you are under the age of 13, you may not use our sites unless your parent or guardian has provided us with their consent for your use of our sites or our site (as applicable).
15. Contacting us
If you have any questions about your privacy with us or this Policy, you can email us, write to us at Hargreaves Lansdown, Data Protection Officer, One College Square South, Anchor Road, Bristol BS1 5HL or call us on 0117 900 9000.