Last updated: 31 March 2022

Privacy Notice

Artis is committed to processing personal information (“PI”), including sensitive personal information (“SPI”)1, in line with all applicable privacy and data protection laws. Our operations are located in countries with laws governing the processing of PI. “Artis”, “we”, “us” or “our” means Artis Finance Group Holdings Limited, and each of its direct or indirect subsidiaries (the “Artis Group”).

The Artis Group respects and values the privacy of everyone who visits this website and only collects and uses your PI as described in this Privacy Notice. Any PI we collect will only be used as permitted by law.
This Privacy Notice sets out the purposes for which we collect, use and disclose (collectively “processing”) PI and how it is protected. It also sets outs individuals’ rights in relation to the processing of their PI. There may be additional terms, conditions and commitments that also govern how we collect, use and disclose your PI, which should be read in conjunction with this Privacy Notice.

1 Please note not all privacy laws define Sensitive PI (SPI), for example Hong Kong, Singapore and Canada

PI is information relating to an individual, which can be used either alone or with other sources of information to identify that individual. PI does not include information where the identity of the individual or the specific detail of the information has been removed and is therefore anonymous.

Sensitive PI (SPI) is a sub-category of PI that includes PI relating to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.

The nature of the information that we collect will depend on the services we provide and our relationship with you. We categorize PI we process as follows (the PI listed for each category are non-exhaustive examples):

• Identification data
Full name, title, gender, marital status, date of birth, passport number, driving licence number, national identification number, signature
• Contact data
Personal address, telephone number, email address
• Electronic Monitoring data
To the extent permitted by law, we may record and monitor your electronic communications with us
• Financial data
Bank account number; credit card number
• Marketing and Communications data
Marketing and communication preferences; tracking data relating to whether you have read marketing communications from us
• Professional Information data
Position/job title, work address; telephone number; email address
• Profile data
Username and password for our online services that you have access to; investments made; services requested; marketing communications responded to; survey responses

• Services data
Payment details to and from you or entities you act on behalf of; details of services you have provided to us or we have provided to you
• Building and Assets Security data
Records of visits to our premises; CCTV recordings
• Technical data
Your use of and interaction with our online services; your IP address; browser type and version; browser plug in types and versions; operating system
• Sensitive PI (SPI)
In limited circumstances, and where allowed by law, we may collect information about criminal convictions and offences, when legally required; dietary requirements if we are arranging catering; disability so that we can make reasonable accommodations for you in our buildings; sexual orientation if you provide details of your spouse or partner; political affiliations for us to determine whether you are a politically exposed person.

We collect PI in relation to you in a number of ways, including:

• when you provide it to us in connection with a Artis product or service, such as a completed financing application form
• if you are Representative of an organization or entity that is a client or vendor of the Artis Group and that organization or entity provides us with your PI
• throughout the course of our relationship with you, including where you change your details, provide additional PI, or where the services we are providing to you change
• from public sources where you have manifestly chosen to make your PI public, including via public profiles on social media
• from third parties such as credit reference agencies
• from visits to our websites or through logging into any of our online services

We may also create or derive PI such as creating records of your interactions with us, subject to applicable law. Unless we otherwise indicate that the provision of specific PI is optional, any PI we request is necessary for us to provide you or your organization or entity with the products and services requested. If you do not provide the PI requested, we may not be able to provide those products and services.

In connection with one or more of the purposes outlined in the section ‘Purpose and Legal basis for processing your PI’ above, we may disclose PI in any jurisdiction to:

• other members of the Artis Group;
• professional advisors, third parties, agents or independent contractors that provide services to any member of the Artis Group (such as IT systems providers, platform providers, financial advisors, brokers, consultants (including lawyers and accountants);
• goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); intermediaries and other individuals and entities that partner with us;
• competent authorities (including any national and/or international regulatory or enforcement body, agency, court or other form of tribunal or tax authority) or their agents where Artis is required or allowed to do so under applicable law or regulation;
• a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of the business or assets of companies in the Artis Group, or any associated rights or interests, or to acquire a business or enter into a merger with it;
• credit reference agencies or other organizations that help us to conduct anti-money laundering and anti-terrorist financing checks and to detect fraud and other potential criminal activity; or
• any person to whom disclosure is allowed or required by local or foreign law, regulation or any other applicable instrument.

To provide global services and in the course of running our business, we may transfer PI to a location outside of the country where you reside or where services are provided to you or the organization or entity you work for. Although the country to which PI may be transferred may not have the same level of privacy and data protection laws, we apply the same level of security and organizational controls to the processing of PI wherever it is processed. We select our third party service providers processing PI on our behalf on their ability to comply with industry standard norms for PI processing.

If we transfer PI out of the EEA, we ensure a similar level of protection for your PI by ensuring the country to which the PI is transferred is considered by relevant data protection authorities to provide an adequate level of protection, putting in place contractual clauses that the relevant data protection authority considers to provide the same level of protection.

We will not process your PI for marketing purposes if you have informed us you do not wish to receive marketing materials. You can request that we stop processing your PI for marketing purposes at any time by clicking on marketing opt-out links in any electronic marketing materials we send you, by making a request to your usual Artis contact or by using the contact details set out in the “Contact Us” section of this Privacy Notice.

We do not share or sell your PI to third parties for the third party to use for their own marketing or other purposes.

We will process your PI for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements or for the establishment or defence of legal claims.

We use a range of physical, electronic and managerial measures to ensure a level of security appropriate to the risk of PI processing. These measures include:

• education and training of relevant staff to ensure they are aware of our privacy obligations when processing PI as well as training around social engineering, phishing, spear phishing, and password risks;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• the ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident;
• administrative and technical controls to restrict access to PI;
• technological security measures, including fire walls, encryption (industry standard SSL encryption with 128-bit key lengths), and anti-virus software;
• physical security measures, such as building access controls;
• external technical assessments, security audits and vendor due diligence;
• segregation of networks;
• application security;
• endpoint security;
• layered and comprehensive cybersecurity defences; and
• security incident reporting and management.

The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries the risk of access and interception. You should not send us any PI by open/unsecure channels over the internet. We endeavour to protect personal information but cannot guarantee the security of data transmitted to us or by us.

In certain circumstances you may have the following rights in relation to the processing of your PI:

• Access
To request a copy of the PI we process in relation to you and to be informed about how we use and share your PI.
• Object
To object to the processing of your PI if (i) we are processing your PI on the grounds of legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we are processing your PI for direct marketing purposes
• Correction
To request that we update the PI we process in relation to you, or to correct PI that you think is incorrect or incomplete.
• Deletion
To ask that we delete PI that we process in relation to you where we do not have a legal or regulatory obligation or other valid reason to continue to process it.
• Restriction
To request that we restrict the way in which we process your PI, for example, if you dispute the accuracy of your PI or have raised an objection which is under consideration.
• Portability
To request a copy of your PI that you have provided to us in a commonly used electronic format such as through the completion of an application form.
• Automated decision making
To request manual intervention if you are subject to automated decisions where the decision results in a legal or similar effect to you.

You may exercise your rights at any time by using the details set out in the Contacting us section. To the extent permitted by applicable law or regulation we reserve the right to charge an appropriate fee in connection with you exercising your rights.

We may need to request specific information from you to help us confirm your identity and ensure your right to access to the PI requested, or to exercise any of your other rights. This is to ensure that PI is not disclosed to any person who does not have authority to receive it. We may also request further information in relation to your request to help us to locate the PI processed in relation to you, including, for example, the nature and location of your relationship with us.

We will respond to all legitimate requests in line with the timescales set out in applicable law.

If you wish to exercise any of your rights, or have questions concerning this notice, please contact us by email at: privacy@artisfinance.com or by post sent to: Artis Finance Limited, One Lyric Square, London, W6 0NB

If you have any concerns or complaints about the way your PI is processed, please contact us at privacy@artisfinance.com. For further information in relation to these rights, including the circumstances in which they apply or to make a complaint, please visit the UK Information Commissioner’s Office (“ICO”) website at www.ico.org.uk or consider contacting a data protection or other competent authority with jurisdiction over privacy and data protection law in the country you live or work, or in the country where you believe an issue in relation to the processing of your PI has arisen.

Please see our separate Cookie Notice

This Privacy Notice is not applicable to third party websites that we do not own or control, or to any third-party website where content relating to the Artis Group is displayed.

We may modify or amend this Privacy Notice from time to time and you are advised to visit our website regularly to check for any amendments. Any material changes will be communicated to you through an appropriate channel, depending on how we normally communicate with you.

Purpose and legal basis for processing your PI

 

Processing Purpose Category of PI Basis of Processing
To consider, or to enter into a relationship with you, including performing anti-money laundering, anti-terrorism, sanction screening, fraud and other due diligence checks
  • Identification data
  • Contact data
  • Financial data
  • Professional Information data
  • Services data
  • Sensitive PI
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate interests: ensuring we do not accept the proceeds of criminal activities or assist in fraudulent or any unlawful activities, such as terrorism
To deliver the services you have requested, including liaising with third parties and to provide access to our technology solutions
  • Identification data
  • Contact data
  • Financial data
  • Profile data
  • Professional Information data
  • Technical data
  • Marketing and Communications data
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate interests: ensuring that you are provided with the best client services and visitor services we can offer, and securing a prompt payment of any fees, costs and debts in respect of our services
To manage payments, fees and charges and to collect and recover money owed to us
  • Identification data
  • Contact data
  • Financial data
  • Professional Information data
  • Services data
  • Performance of a contract
  • Legitimate interests: ensuring we can manage payments, fees and charges and to collect and recover money owed to us
To manage our relationship with you which will include notifying you about changes to our terms of business or this Privacy Notice
  • Identification data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Professional Information data
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate interests: ensuring we can notify you about changes to our terms of business or this Privacy Notice
To interact with governmental or regulatory bodies or other competent national authorities
  • Identification data
  • Contact data
  • Financial data
  • Services data
  • Professional Information data
  • Legal or regulatory obligation
  • Public interest
To detect or prevent fraud and/or other criminal activity and to protect our employees and assets
  • Identification data
  • Building and Assets Security data
  • Contact data
  • Electronic Monitoring data
  • Financial data
  • Services data
  • Professional Information data
  • Profile data
  • Technical data
  • Legal or regulatory obligation
  • Public interest
  • Legitimate interests: protecting the Artis Group and its client’s assets; detecting, and protecting against breaches of our policies and applicable laws; protecting the Artis Group employees
To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities
  • Identification data
  • Contact data
  • Profile data
  • Technical data
  • Marketing and Communications data
  • Professional Information data
  • Legal or regulatory obligation
  • Legitimate interests: ensuring the efficient and secure running of our business, including through office and facilities administration, maintaining information technology services, network and data security and fraud prevention
To invite you to take part in market insight or other events, or client seminars or similar events, and to manage your participation in them
  • Identification data
  • Contact data
  • Profile data
  • Technical data
  • Marketing and Communications data
  • Professional Information data
  • Consent
  • Legitimate interests: reviewing how clients use, and what they think of, our services; identifying ways to improve and expand our business
To send you marketing (including by paper and electronic channels) communications and service updates
  • Identification data
  • Contact data
  • Profile data
  • Technical data
  • Marketing and Communications data
  • Professional Information data
  • Consent
  • Legitimate interests: reviewing how clients use, and what they think of, our services; identifying ways to improve and expand our business

In relation to vendor services:

Processing Purpose Category of PI Basis of Processing
To engage you or the organization or entity you work for as a new supplier, including performing anti-money laundering, anti-terrorism, sanctions, fraud and other background checks
  • Identification data
  • Contact data
  • Financial data
  • Professional Information data
  • Services data
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism
  • Public Interest
To manage payments, fees and charges and to collect and recover money owed to us
  • Identification data
  • Contact data
  • Financial data
  • Professional Information data
  • Services data
  • Performance of a contract
  • Legitimate interests: ensuring we can manage payments, fees and charges; to collect and recover money owed to us
Where we provide you access to our systems we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, and data hosting
  • Identification data
  • Contact data
  • Profile data
  • Technical data
  • Legal or regulatory obligation
  • Legitimate interests: ensuring the efficient and secure running of our business, including maintaining information technology services, network and data security