Overview
Bravura Solutions Limited and its affiliates (“Bravura”) are strongly committed to protecting the privacy rights of our employees, users of our systems and visitors to our websites, in accordance with the Privacy laws in the jurisdictions we operate in, including the General Data Protection Regulation (“GDPR”), the Australia Privacy Act and Australian Privacy Principles (“APPs”), the New Zealand Privacy Act, the South African Protection of Personal Information Act, the Hong Kong Personal Data (Privacy) Ordinance, and the India Information Technology Act.
In this Policy, “Personal Information” means any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.
This privacy and cookie policy (“Policy”) sets out how we collect, manage, hold, use, transfer and disclose an individual’s Personal Information. It contains information about how an individual may access the Personal Information about him or her that we hold and seek the correction of such information. It also contains information about how an individual may lodge a complaint in respect of potential breaches of Privacy laws and how we will deal with such a complaint.
Legal Basis for collecting Personal Information
We collect Personal Information by fair and lawful means, to the extent that it is reasonably necessary for, or directly related to, one or more of our business activities. The legal bases for our handling of Personal Information is either:
- the individual has consented to it; or
- under performance of a contract with an employee or a third party; or
- it is in our legitimate interests as a business that provides services to contracted third parties; or
- there is a legal obligation which makes the processing necessary for us to comply with any laws or other legal requirements; or
- it is necessary in the vital interests of the individual whose Personal Information we hold; or
We collect Personal Information by fair and lawful means, to the extent that it is reasonably necessary for, or directly related to, one or more of our business activities. The legal bases for our handling of Personal Information is either:
- the individual has consented to it; or
- under performance of a contract with an employee or a third party; or
- it is in our legitimate interests as a business that provides services to contracted third parties; or
- there is a legal obligation which makes the processing necessary for us to comply with any laws or other legal requirements; or
- it is necessary in the vital interests of the individual whose Personal Information we hold; or
- the processing is necessary for us to perform a task in the public interest, and the task has a clear basis in law.
The first three of these are likely to be the dominant legal basis for our handling of Personal Information. By using any of our services or otherwise providing us with any Personal Information (or authorising it to be provided to us by someone else), you consent to us collecting, holding, storing, using, disclosing, transferring and otherwise managing your Personal Information (including sensitive information (such as health information), as defined under Privacy laws as set out in this Policy. This Policy may be updated from time to time and published on the Bravura Solutions website at https://www.bravurasolutions.com/privacy-policy/ (“Bravura Website”).
Personal Information
The Personal Information we may collect or receive will depend on the circumstances of collection, including whether we collect or receive the information from the individual as a prospective or existing institutional and financial adviser (and their associated staff) (“Clients”), supplier, contractor, job applicant, employee or in some other capacity, or whether we collect the information from some other source, such as from our clients or our related bodies corporate.
In running our business, and in providing services to our clients, Bravura may:
- collect and hold Personal Information about our Clients, including (but not limited to):
- job title(s);
- business address;
- e-mail address;
- business telephone numbers;
- communications between Bravura and our Clients’ representatives;
- transactional information regarding our services; and
- financial information and banking details;
- hold Personal Information about our Client’s customers or persons associated with our Client’s customers, including (but not limited to):
- name(s);
- address;
- email communications;
- date of birth;
- identification documents;
- transaction details;
- tax file numbers; Sensitive Information, financial and taxation information, and banking details;
- collect (under authorisation from our Clients) our Clients’ customer’s data feeds and information from third party product providers, including investment holdings, account numbers and transaction information;
- collect Personal Information about contractors, service providers and suppliers, including (but not limited to):
- name;
- job title;
- business contact details of company representatives with whom we deal; and
- financial information and banking details; and
- in the context of our recruitment and employment process for employees and contractors, collect and hold Personal Information where permitted by local law, including (but not limited to):
- name(s);
- email address;
- telephone number;
- address;
- financial details (including banking details);
- date of birth;
- history with us (including communications between us);
- citizenship;
- employment references;
- civil, credit and criminal records;
- driver’s licence information;
- education and employment history;
- marital status;
- membership of a professional or trade association or union; and
- Sensitive Information.
How do we collect Personal Information?
Bravura collects Personal Information about an individual directly from the individual when the individual:
- applies for job vacancies, or is employed or contracted by us;
- meets with us or contacts us via other methods such as our support line or helpdesk, or when the individual uses our client portal;
- completes forms, transacts with us or provides information to us via the Bravura Website;
- provides information to us through industry surveys, promotions conducted by us or via social media platforms; and
- participates in other services we offer, such as our digital advice tools, client portals and client engagement calculators and other.
We also collect Personal Information about individuals from third parties and organisations. We collect, handle or process information from:
- Clients of Bravura who disclose the Personal Information of their customers as part of their use of the services provided by Bravura;
- third party product providers who we engage (including, but not limited to, data feeding service providers);
- Bravura’s related bodies corporate;
- publicly available sources of information, such as public registers;
- government agencies;
- our contracted service providers;
- parties to whom the individual refers us or from whom the individual authorises collection; and
- any social media platforms over which we have administrative control.
If you are a Client and provide us with the Personal Information of your customers, we will assume, and you must ensure, that you are authorised to disclose that information to Bravura. If you disclose Personal Information of your customers to Bravura or if you disclose Personal Information of third parties through contractual arrangements with Bravura, we will assume, and you must also ensure, that:
- you have made that third party aware of the purposes involved in the collection, use, transfer and disclosure of the relevant Personal Information, for example, by requiring the customer to read this Policy;
- you have obtained the individual’s consent to our collection, use, disclosure, transfer and handling of the relevant Personal Information in accordance with this Policy; and
- when collecting Personal Information, you have complied with all applicable laws, including data protection and privacy laws.
Where requested to do so by Bravura, you must assist us with any requests by an individual to access or update the Personal Information you have collected from them in relation to our services.
Purposes of collection, use and disclosure of Personal Information
Bravura may collect, hold, use and disclose Personal Information for the following purposes:
- to provide services to our Clients;
- to maintain, manage and develop our relationship with our Clients, including organising events;
- to facilitate the provision of services by our Clients or our related bodies corporate to their customers;
- to verify an individual’s identity, for invoicing, to provide support services, or to administer the services we provide to the individual;
- to provide our Clients with information and updates on changes to our services;
- to send our Clients’ information about our or our related bodies’ corporate products or services that may be of interest to them. If at any time an individual no longer wishes to be notified about our or our related bodies’ corporate products or services, the individual can contact us at the details provided at the bottom of this Policy;
- to send feedback questionnaires, and to participate in employee or industry surveys;
- to help us undertake training in relation to our services and to improve how we serve our Clients;
- to assist individuals with the resolution of technical issues or other issues relating to our services;
- to contract out some of our functions to external service providers and suppliers (such as mailing houses and printing companies, IT, advertising and marketing);
- to comply with laws and regulations in applicable jurisdictions;
- to assess and consider applications from prospective job applicants, contractors and service providers;
- to manage and administer a contractor’s or service provider’s relationship and arrangements with us and maintain any records in relation to this relationship; and
- such purposes for which we may obtain consent, from time to time.
If you do not provide the Personal Information we request or consent to the collection and use of your Personal Information for the purposes outlined in this Policy, we may not be able to do any of the things or provide the services as set out above.
Offshore disclosure
We are likely to disclose an individual’s Personal Information to overseas recipients. The countries in which those recipients are likely to be located are the United Kingdom, New Zealand, Hong Kong, India, Ireland, Germany, Poland, and the US. For clarity, we do not disclose our Clients’ customer’s Personal Information to overseas recipients.
If an individual does not want their Personal Information or that of their clients’ to be stored on third party servers, the individual should not provide their Personal Information to our Clients or use our services.
Security of Personal Information
Bravura is committed to protecting any Personal Information held by us from unauthorised access, modification or disclosure. We take appropriate measures using industry standard techniques to maintain technical and organisational safeguards and controls to protect the information we hold (including your Personal Information). As part of our security policies we take into account confidentiality, integrity, availability and privacy when handling Personal Information in both the physical and electronic environment.
Our services may allow an individual to transfer data, including Personal Information, electronically to and from third party applications. Bravura has no control over, and takes no responsibility for, the privacy practices or content of these applications. The individual is responsible for checking the privacy policy and third-party terms of any such applications so that the individual can be informed of how they handle Personal Information. Individuals must take care to protect their Personal Information (for example, by keeping usernames and passwords secure), and should notify us as soon as possible if they become aware of any unauthorised disclosure of Personal Information.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold its securely and retain it for the period we instruct.
Disclosure of Personal Information in limited circumstances
In conducting our business, we usually disclose Personal Information (except for Clients’ Personal Information or our Clients’ customers Personal Information) to:
- our related bodies corporate;
- external service providers, such as mail houses, website and IT service providers;
- professional advisors, such as our financial advisers, legal advisers and auditors; and
- government agencies.
Bravura may also disclose the Personal Information (except for Clients’ Personal Information or our Clients’ customers Personal Information) provided to us to third parties if it is necessary and/or appropriate in the provision of our services (or a related purpose). This may include disclosing Personal Information to any governing, regulatory or licensing bodies that require this information to assist with the provision of compliance or monitoring services, such as an individual’s dealer group or licensee.
Bravura may also be required to disclose Personal Information in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify individuals if we are required by law to disclose their Personal Information. The third-party servers we use for data storage do not control, and are not permitted to access or use an individual’s Personal Information except for the limited purpose of storing that information.
You may request access to your Personal Information or seek its correction
We will take such steps (if any) as are reasonable in the circumstances to ensure that the Personal Information we collect is accurate, complete and up-to-date. Our Data Subject Access Request (“DSAR”) policy (available on the Bravura Website) (“DSAR Policy”) explains our approach and submission requirements if an individual wishes to request access to their Personal Information, or request that we update or correct any Personal Information we hold about the individual.
Please be aware that if you are a Client of Bravura, or are employed by Bravura, you should make a request directly to us, by using the DSAR form attached to our DSAR Policy, and submitting it by:
- e-mail to [email protected] or
- letter to the Chief Information Security Officer (CISO), Bravura Solutions (UK) Limited, Dashwood House, 10th Floor, 69 Old Broad Street, London, EC2M 1QS.
If you do not have a direct relationship with Bravura, but with one of Bravura’s Clients, you should make your request directly to that individual or entity, who will request that we assist them with your DSAR.
Bravura will only keep an individual’s Personal Information for as long as we require it for the purposes for which the information may be used or disclosed under the Privacy laws unless otherwise required by law.
You can opt-out of any marketing email communications
Bravura uses an individual’s Personal Information to send them information about our or our related bodies’ corporate products or services that may be of interest to them. This information may be sent via email. Our emails will contain clear and obvious instructions outlining how an individual can choose to be removed from our mailing list.
Cookies
Bravura may use cookies to collect information about an individual’s use of the Bravura Website and online services. This information may include information about the IP address of the individual’s computer, browser type, language, operating system, mobile device, geographical region, the web pages visited, the date and the time of their visit, and the websites visited immediately before and after visiting the Bravura Website.
Our online service requires the use of cookies which are placed on your computer by Bravura for a number of purposes relating to the provision of our services, including to:
- retain your login information so as to make accessing our services efficient;
- retain details of your browsing and accessing history so as to optimise or customise the delivery of our services to you, or for us to provide material to you which may be of interest to you; and
- provide to us data as to the use of our services by customers so that we can assess the performance of the delivery of our services and make improvements or alterations to our services.
You will not be able to access some of our services if cookies are not enabled on your device.
There are two types of cookies: session cookies, and persistent cookies. Session cookies are deleted once you leave the website. Persistent cookies, however, will remain on your computer or until deleted by the website user. Session and persistent cookies can be classified into one of four categories:
Bravura has a privacy complaints process
If an individual wishes to make a complaint about how we have handled their Personal Information, the individual should provide us with full details of the complaint and any supporting documentation:
- by e-mail to [email protected]; or
- by letter to the Chief Information Security Officer (CISO), Bravura Solutions (UK) Limited, Dashwood House, 10th Floor, 69 Old Broad Street, London, EC2M 1QS.
We will endeavour to:
- provide an initial response to your query or complaint within 10 business days; and
- investigate and attempt to resolve your query or complaint within 30 days or one calendar month (as required under either the AUS Privacy Act or the GDPR), or within 20 working days under the New Zealand Privacy Act, or such longer period as is necessary and notified to the individual by our Head of Information Security.
In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the relevant regulatory authority, such as the:
- Office of the Australian Information Commissioner; or
- UK’s Information Commissioner; or
- New Zealand Privacy Commissioner; or
- Information Regulator (South Africa); or
- Poland President of the Personal Data Protection Office; or
- Office of the Privacy Commissioner for Personal Data, Hong Kong
This policy is effective as of 11 August 2021. We will update this policy if our information handling practices change, and any amendments will apply to the information we hold at the time of the update.