OTCScoop Data Protection & Privacy Policy

Policy Statement

The Data Protection Act 1998 (DPA) regulates the way in which all personal data is held and processed. With the introduction of the General Data Protection Regulation (GDPR) on the 25th May, all organisations within the EU must review how they manage personal data, to ensure they meet GDPR requirements. GDPR demands greater accountability and transparency from organisations such as ours about how they collect, process and store personal information.

The information that we are provided with, or that is gathered automatically, helps us to monitor our services and enables us to provide clients (as in a company) and ‘Users’ (as the individuals within that company), with the most relevant information. Everyone has rights with regard to how their personal information is handled. During the course of our legitimate business activities we will collect, store and process personal information about our staff, clients, suppliers and other third parties. We recognise the need to treat it in an appropriate and lawful manner and OTCscoop respects people’s privacy. Any breach of this policy will be taken seriously by the company.

Scope: information covered by DPA and GDPR

‘Personal data’ covered by these regulations are essentially any recorded information which identifies a living individual. Personal data held by OTCscoop will include contact information for a variety of stakeholders and other personal data.

Definition of Terms

OTCscoop.com Ltd is the Data Controller under this policy

Bondrumours is the financial news service, the main business of OTCscoop.com Ltd

Clients are banks/companies/financial institutions/sole traders that are contracted or past or prospective contracted subscribers of the Bondrumours service or any other business involving a contract/subscription or agreement which OTCscoop.com Ltd fulfils

Users are individuals who may/may not be under a contract which their banks/companies/financial institutions have arranged with OTCscoop.com Ltd

Suppliers and third parties are suppliers/third parties to OTCScoop.com Ltd.

 

About this policy

OTCscoop’s main business is the Bondrumours.com service to the financial markets which, for security reasons, is a manual input system and sends out only, it does not receive automated data.

All emails coming to Bondrumours are received on OTCscoop.com’s email server. Bondrumours is not available to the public and each person who is set up on the service is at their or their bank’s/financial institution’s request and maybe checked using other internet sources as a market professional or professional day trader with viewable history usually if not at an bank/financial institution. Some of this information may be gathered on the telephone rather than any written source. OTCscoop’s systems do not use cookies and we do not receive or store information about children.

The types of information that we may be required to handle include details of current, past and prospective employees, suppliers, current, past and prospective clients and others that we communicate with. The information, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in DPA and GDPR and other regulations. These impose restrictions on how we may use that information. They set out our rules on data protection and the legal conditions that must be satisfied in relation to the obtaining, handling, processing, storage, transportation and destruction of personal information.

The Data Protection Officer is responsible for ensuring compliance with DPA and GDPR and with this policy. The Data Protection Officer can be emailed at adele.ottinger@otcscoop.com or written to at Data Protection Office, OTCscoop.com Ltd, 4 Ashfield Close, Richmond, TW10 7AF. Any questions or concerns about the operation of this policy should be referred in the first instance to the Data Protection Officer. If you consider that the policy has not been followed in respect of personal data about yourself or others you should raise the matter with a Data Protection Officer.

Policy Statement

The principles of the DPA and GDPR require that personal information must: be processed fairly and lawfully;  not be used for a purpose for which it was not collected; be adequate, relevant and not excessive for the purpose; be accurate and up-to-date; not be kept longer than necessary; be processed in accordance with the data subject's rights; be kept secure and protected from unauthorised processing, loss or destruction; and be transferred only to those countries outside the European Economic Area that provide adequate protection for personal information.

In order to meet the requirements of the principles OTCscoop will: fully observe conditions regarding the fair collection and use of information; meet its legal obligations to specify the legitimate purposes for which information is used; collect and process appropriate information, and only to the extent that it is needed to fulfil operational or contractual needs and/or to comply with any legal requirements;  ensure the quality of the information used; hold personal information on OTCscoop.com’s  systems for as long as is necessary for the relevant purpose, or as long as is set out in any relevant contract held with OTCscoop; ensure that the rights of people about whom information is held can be fully exercised under the DPA and GDPR (these include: the right to be informed that processing is being undertaken; the data subject's right of access to their personal information; the right to prevent processing in certain circumstances; the right to correct, rectify, block or erase information which is regarded as wrong information); take appropriate technical and organisational security measures to safeguard personal information; and ensure that personal information is not transferred outside the EEA without suitable safeguards.

OTCscoop will ensure that: everyone managing and handling personal information understands that they are responsible for following good data protection practice; this policy is available to each member of staff and our IT supplier; everyone managing and handling personal information is appropriately trained and supervised; and queries about handling personal information are promptly and courteously dealt with and clear information is available to all staff.

Definition of data protection terms

Data is information which is stored electronically, on a computer, or in certain paper-based filing systems. Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal data. Personal data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as an appraisal as to their actions when interacting with us).

Data controllers are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed. They have a responsibility to establish practices and policies.

 

 

Data Retention Policy

We wish to keep Clients/Users of Bondrumours advised of our services and therefore retain data for marketing purposes. From time to time Clients/Users request that we stop providing them with information about our services. In the event that this request is made then the data is anonymised & frozen within our system and put ‘beyond use’; this means that apart from the Data Protection Officer, the data will no longer appear to exist to all other members of staff, or be visible on any of our computer systems save for, the system checks carried out, which are compulsory in order for us to ensure they are not contacted again if they have asked not to be contacted or marketed to.

From time to time individual Users ask that their data be deleted. Once a User’s data falls outside of our ‘Legal Retention periods’, a User may insist that their data is deleted under the ‘right to erasure’ policy below. We will delete and advise the User that their employer may request that a User is added back into our database which may therefore mean that they could be contacted in a future marketing campaign. At that point, if they do not wish to be contacted they would be required to submit a request to invoke the company’s Right to Erasure Procedure contained herein. As part of this procedure a User can either choose the right to be forgotten whereby their data is anonymised and frozen or insist their data be deleted again.

In the unfortunate event that we have a legal requirement to produce data by the courts, the police or other public authority, that request should be made in writing to the Data Protection Officer, details of which can be found above. The Data Protection Officer will facilitate the unfreezing of the data within the system to comply with the public authorities to produce said data.

Data Retention

You give your consent for us to hold your information and contact you when you subscribe to our service or we are requested by your employer/our client to subscribe you to our service on the basis that you have contacted your market data department to receive access and, therefore, we have a legitimate reason to believe you have confirmed such request.  You will also receive a copy of our privacy policy when you are first entered as a subscriber including if it is as a free trial. We will retain your data for the following periods of time:

In addition to our obligations under the Limitations Act 1980 and to Statutory bodies we retain this information to protect ourselves against any legal claims which may arise.

 

Right to Erasure Policy

Introduction

This is a statement of the Right to Erasure policy adopted by the company. It applies to all its employees, suppliers and users of its online services.

Purpose

The purpose of this policy is to ensure that everyone handling personal information at OTCscoop is fully aware of the requirements and complies with data protection procedures and that data subjects are aware of their rights under the DPA and GDPR.

Scope: information covered by DPA and GDPR

‘Personal data’ covered by these regulations are essentially any recorded information which identifies a living individual. Personal data held by OTCscoop will include contact information for a variety of stakeholders and other personal data.

Relevance & Security

A key role as Service Provider is the provision of bond market information, we therefore have a duty of care to ensure the relevance and security of all involved. Our staff are therefore required to record the following contact details: full name, employer, department and position and email and telephone contact details of all Users so we can contact Users to ensure they can receive the service and if relevant, that their employer/our client can be made aware of a User that wishes to have access to the Bondrumours service. We can also ensure this User has sufficient market knowledge to have access to the information on the Bondrumours service which is not available to consumers/the general public.  

Right to Erasure (i.e. the right to be forgotten)

We will only retain information for as long as we need to, to ensure we have dealt with all aspects of supplying the service and any enquiry or complaint. In practice, this means that we are legally required to retain data. Once you have supplied information in our industry a “subscription’ has taken place. This being the primary reason for which data may be retained in accordance with the regulations. OTCscoop has a secondary legal requirement to retain data for the provision of data to public authorities & in order to comply with legislation or regulations included but not limited to those listed below.  The Terrorism Act 2000 (as amended by the Anti-Terrorism, Crime and Security Act 2001 & the Terrorism Act 2006) , The Bribery Act 2010, The Proceeds of Crime Act 2002 (as amended by the Crime and Courts Act 2013 and the Serious Crime Act 2015), Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Criminal Finances Act 2017.

We therefore adopt a policy on request of Right to Erasure that the data is put ‘beyond use’. The data is anonymised & frozen within our system; this means that apart from the Data Protection Officer, the data will no longer appear to exist to all other members of staff, or be visible on any of our computer systems save for the compulsory automated system checks which are carried out to ensure you are not contacted again if you have asked not be contacted or marketed to.

In the unfortunate event that we have a legal requirement to produce data by the courts, the police or other public authority, that request should be made in writing to The Data Protection Officer, details of which can be found above. The Data Protection Officer will facilitate the unfreezing of the data within the system to comply with the public authorities to produce said data. Responsibility for OTCscoop’s compliance with the DPA and GDPR is with the Data Protection Officer but the individual members of staff are responsible for the proper use of the data they process.

Staff Responsibilities for Right to Erasure

OTCscoop will ensure that there is someone with specific responsibility for data protection in the organisation. The nominated person is the Data Protection Officer who may be contacted at adele.ottinger@otcscoop.com or written to at Data Protection Officer, Otcscoop.com Ltd, 4 Ashfield Close, Richmond, TW10 7AF.

 

 

Complaints Procedure

OTCscoop aims to comply fully with its obligations under the Act. If you have any questions or concerns regarding OTCscoop’ management of personal data, including your right to access data about you, or if you consider OTCscoop holds inaccurate information about you, you should contact OTCscoops’ Data Protection Officer. If you have any questions or concerns that have not been dealt with adequately or where a subject access request you have made to OTCscoop has not been fulfilled please contact OTCscoops’ Data Protection Officer. If you are still dissatisfied, you have the right to contact the office of the Information Commissioner, the independent body overseeing compliance with the Act: http://ico.org.uk.

 

Information Asset Register

Office - locked cabinet/password protected on server and available only to Data Protection Officer

Current Employee Information

Name, addresses, email, postcode, national insurance number, bank details

We hold the data for accounting and tax purposes for 6-years

Restricted

 Office - locked cabinet/password protected on server and available only to Data Protection Officer and essential staff access

 

Expenses forms

Name, addresses, email, postcode, national insurance number, bank details

We hold the data for accounting and tax purposes for 6-years

Restricted

 Office - locked cabinet/password protected on server and available only to Data Protection Officer and essential staff access

Client contract Files

Sensitive personal data on clients and their staff, Users, who have subscribed to Bondrumours. This is normally limited to name, department or section, employer email address, usually work telephone number unless User has given us mobile number, work address and request for email or web-only access.

To maintain a record of contact with the client & their staff.  Unsubscribed clients are held under a secondary highly restricted file only accessible by the DPO except for the legitimate business of limited marketing to past users in the bond markets who may find the service useful to their business. Records must be kept for 6 years.

 

Restricted with limited exception

 Office - locked cabinet/password protected on server and available only to Data Protection Officer

Applications for recruitment

Names, addresses, email address, date of birth, NI numbers

We hold as we entitled to hold the information for 1 year to ensure that any feedback is given

 

Protect

 Office - locked cabinet/password protected on server and available only to Data Protection Officer

Past Employee Information

Name, addresses, email, postcode, national insurance number, bank details

We hold the data for accounting and tax purposes for 6-years

Restricted