Fair Processing Notice

JLT Investment Management Limited

We know how important privacy is to you. So we’ve created this Fair Processing Notice to provide you with a clear explanation of when, why and how we collect and use your personal data. We’ve designed it to be as user friendly as possible, and have labelled sections to make it easy for you to navigate to the information that may be most relevant to you.

Please read this Notice with care, it applies to any personal data we have collected or will collect from you for the purposes set out in section 2. It provides important information about how we use your personal data and explains your legal rights. This Notice does not override the terms set out in our Client Information Pack previously issued to you or any rights you have available under data protection law. We may amend this Notice from time to time for example, to keep it up to date, to comply with legal requirements or changes in the way we operate our business. . We will publish updates to this Notice on our web site.



Notice – This Fair Processing Notice. Also referred to as a Privacy Notice.

We, us – JLT Investment Management Limited, part of the Jardine Lloyd Thompson Group plc. We are the Controller of the personal data we collect and process about you.

JLT Group – Jardine Lloyd Thompson Group plc and in the event that Jardine Lloyd Thompson Group plc is acquired by a purchasing firm, JLT Group shall include all companies within the purchasing firm.

Your Personal Data - The personal data that we collect and process about you.

Special Category Data - Categories of information that require enhanced protection measures. This includes, for example, health related information.

Processing – Any set of actions which is performed on Personal Data such as collecting, recording, organising, structuring, storing, altering, retrieving, using, disclosing or destroying.

Controller – The person or body that determines the purposes and means of processing.

Processor – The person or body that processes Personal Data on your behalf.

Profiling - Using automated processes without human intervention (such as computer programmes) to analyse your personal data in order to evaluate your behaviour or to predict things about you, such as your likely risk profile. 

FCA – The Financial Conduct Authority, a financial regulatory body.

ICO - The Information Commissioner's Office who are the Supervisory Authority for the processing of personal data by all UK organisations. See www.ico.org.uk for more information.

Service Providers - Third parties to whom we outsource certain functions of our business. For example, we have service providers who provide / support 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data.



1. Who is responsible for looking after your personal data?

We, JLT Investment Management Limited, are responsible for the information that we collect and process about you. You should be aware that your information may be held in databases which can be accessed by other JLT Group companies.



2. What do we use your personal data for?

We use your personal data to:

  • sign you up to, administer and provide our Discretionary Management Service (DMS);
  • execute investments and disinvestments at your request;
  • amend the bank account / address details associated with the account to which payments are made or correspondence is sent;
  • act on executor instructions;
  • support our controls and management information;
  • improve our processes and use of technology; and
  • meet our legal and regulatory obligations.

We have set out the legal basis we use for collecting and using your personal data below.



3. What personal data do we collect?

We will only collect your personal data where it is relevant for the purposes set out in Section 2. The information we collect may include:

 Categories of personal data  Examples of personal data we may collect
 Personal attributes  Name; Age or date of birth; National Insurance Number; Marital information (including divorce).
 Personal directory  Address (including postcode); Email address; Telephone numbers; Passport; Utility bills; Online identifiers; Birth certificate; Death certificate.
 Financial data  Bank account information; Other financial information e.g. fund values, insured amounts.

Certain additional information may be collected where this is necessary for the performance of our services to you and permitted by regulation.

From time to time, you may need to provide us with someone else’s personal data, e.g. your dependants, nominated beneficiaries, power of attorney etc. Wherever possible, you should take steps to inform them that you need to disclose their details to us, obtain their consent to do so and identify us as the party with whom you are sharing their information. Please provide them with a copy of this Notice.



4. Who do we collect your personal data from?

We will collect information from you over the course of our dealings with you. We may also obtain information about you from financial institutions with whom you have assets / benefits and from other sources where we believe this is necessary to assist in validating your identity and/or in fighting financial crime. These sources may include public registers, social media and other online sources, credit reference agencies and other reputable organisations.



5. Who do we share your personal data with?

We work with other members of the JLT Group and Service Providers to help manage our business and deliver services to you. These parties may from time to time need to have access to your personal data. The Service Providers may include:

  • Financial institutions with whom you have assets;
  • Print houses
  • Your professional advisers where we have your authority
  • Businesses who help manage our IT and back office systems;
  • Credit reference agencies and organisations working to prevent fraud in financial services; and
  • Auditors and other professional services firms.

We may be under legal or regulatory obligations to share your personal data with public authorities, government bodies, courts, regulators (which may include the FCA and ICO) and law enforcement agencies in the E.U. and around the world. Also, if we were to sell part of our businesses we would need to transfer your personal data to the purchaser of such businesses.

We will not share your personal data with third parties for marketing purposes.



6. International transfers

From time to time we may need to share your personal data with members of the JLT Group or with other Service Providers who may be based outside of the UK. We always take steps to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests. These measures include:

  • Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection;
  • Transfers within the JLT Group where they have entered into Standard Contractual Clauses or an intra-group agreement, both of which give specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the JLT Group; and
  • Transfers to Service Providers outside the UK are protected by prior due diligence and contractual commitments such as signing the Standard Contractual Clauses and, where available, further assurances such as certification schemes.

We may also share your personal data with a third party (e.g. fund manager, product provider) outside of the UK that you have selected.  This transfer will be necessary for you to enter into the contract or for the performance of that contract between you and that third party.

You have the right to ask us for more information about our safeguards. Please contact us if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).



7. How do we keep your personal data secure?

We take data security seriously. To reflect this, we’ve put in place a clear chain of responsibility when it comes to security. Our JLT Group Chief Information Security Officer (CISO) and CISO office are responsible for helping all JLT entities protect personal data and manage security risks. The CISO office does this by developing, monitoring and reviewing our information security framework policies and standards. Please contact us if you would like a copy of our Privacy and Security Statement. Our Privacy and Security Statement can be found here.



8. How long do we keep your personal data?

We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 2 of this Notice, including meeting legal, regulatory, tax and accounting requirements. We also retain your personal data so that we have an accurate record of your dealings with us in the event of any complaints or disputes, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings. This means that we may keep your personal data for a long period of time, including after we have ceased to provide you with services. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business on a day to day basis.



9. What are your rights?

You have a number of rights in relation to your personal data. You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required and restriction on the processing of your data, You also have rights in respect of the processing of your data, data portability and information used in relation to any Automated Decision Making and Profiling or the basis for international transfers of personal data. You can find out more information about your rights by clicking on this link.

Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. 

Where processing is carried out based upon your consent, you have the right to withdraw that consent. You may also exercise a right to complain to your Supervisory Authority. If you would like to exercise any of your rights then please click on this link.



10. Contact, further information, queries and complaints

Our Data Protection Officer is your primary point of contact for all matters arising from this Notice, including requests to exercise your rights set out in section 9.

If you have any query, complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the matter as soon as possible. You also have a right to lodge a complaint with the ICO at any time.

If you would like more information, please contact our Data Protection Officer by emailing EB_DataProtectionOfficer@JLTGroup.com.



What is the legal basis on which we process your personal data?


The legal basis for the processing of your personal data

To sign you up to, administer and provide our Discretionary Management Service (DMS).

Performance of a contract

To execute an investment or disinvestment at your request.

Performance of a contract

To amend the bank account / address associated with the account to which payments are made or correspondence is sent.

Performance of a contract

To act on executor instructions.

Performance of a contract

To support our controls and management information.

Legitimate interest

To improve our processes and use of technology.

Legitimate interest

 To comply with legal and regulatory obligations.

Legal Obligation


Your rights

Your right

What this means


You can ask us to:

  • confirm whether we are processing your personal data;
  • give you a copy of that data;
  • provide you with other information about your personal data to the extent that information has not been provided to you in this Notice, such as what data we hold about you, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any Automated Decision Making or Profiling.


You can ask us to rectify inaccurate personal data. We may seek to verify the data before rectifying it.


You can ask us to erase your personal data, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see 'Objection' below); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.


You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • you contest the accuracy of your personal data (see Rectification), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

    We can continue to use your personal data following a request for restriction, where:

  • we have your consent (for example to process a claim); or
  • to establish, exercise or defend legal claims; or
  • to meet legislative or regulatory requirements or
  • to protect the rights of another natural or legal person.


You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Controller, but in each case only where the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.


You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International Transfers

You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the UK. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.

Supervisory Authority

You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.