Privacy Policy

Where we have obtained your personal information from a marketing list from a third party, we will have undertaken rigorous checks to verify that those third parties have obtained appropriate consent for us to market to you.

We will use also your personal information to provide you with information about our wealth management services and any newsletters and event invites where you have providedyour consent for us to do so. We will also provide you with information of St. James’s Place wealth management products and other third party products which we think may interest you where you have indicated that you would like to receive this.

2.    Where you are an existing client

We will use your personal information to provide you with information about our wealth management services and any newsletters and event invites where it is part of the ongoing wealth management services we offer or where you have provided your consent for us to do so.

We will also provide you with information of St. James’s Place wealth management products and other third party products which we think may interest you where you have consented to receive this.

General marketing practices

If you wish to opt out of marketing, you may do so by clicking on any “unsubscribe” link or responding to any marketing email communication confirming you would like to opt out or telling us when we call you. Otherwise you can always contact us using the details set out in section 12 to update your contact preferences.

Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we offer you.

There are a small number of instances where your personal information is transferred to countries outside of the European Economic Area (“EEA”) such as whenwe transfer information to our other companies in the SJP group or to third party suppliers who are based outside the EEA or when third parties who act on ourbehalf transfer your personal information to countries outside the EEA. Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:

• entering into data transfer contracts and using specific contractual provisions that have been approved by European data protection authorities otherwiseknown as the “standard contractual clauses”. You can find out more about standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside- eu/model-contracts-transfer-personal-data-third-countries_en;
• we will only transfer personal information to companies in non-EEA countries who have been deemed by European data protection authorities to have adequate levels of data protection for the protection of personal information. You can find out more about this https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside- eu/adequacy-protection-personal-data-non-eu-countries_en

We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA where it is necessary for theperformance of the contract we have with you.

Depending on our relationship and your particular circumstances, we might transfer personal information anywhere in the world. An example of our regular datatransfers outside the EEA is set out below:

At St. James’s Place, we take our responsibility to look after your personal information and privacy seriously. In today’s world, we have all seen a growing trend in cybercrime and security breaches. We have a number of security measures in place to help prevent fraud and cybercrime.

If we become aware that a personal data breach has occurred and is likely to result in a high risk to the rights and freedoms of our clients, Partners oremployees, we will inform them without undue delay.

We have a dedicated group, the ‘Information Security Oversight Committee’, that provides oversight and guidance to our information security and privacy programme.

The executive body responsible for privacy and data security is the Information Security Oversight Committee (ISOC) – chaired by the Data Protection Officer.ISOC has a reporting line that enables effective escalation of issues up to the Board where appropriate.

We educate and train our employees, Partners and contractors on their information security, fraud prevention and privacy obligations annually.

We also educate our employees in identifying potential financial crime and internal fraud; any suspicious activity is reported to our Financial Crime Prevention team.

When you login, or send us information on the internet we protect the security of this information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL). When you use your web browser to login, view or share information with us, all electronic information exchanged is encrypted using2048bit SSL (Secure Sockets Layer) certificate. You can identify this by looking for the HTTPS:// and the padlock in the address bar at the top of your browser:

We will always interact with you in a safe, secure and consistent manner

To keep your information secure and to protect our clients from fraud, St. James’s Place will only interact with you in the following ways. If in doubt, call your St. James’s Place Partner directly or alternatively email the St. James’s Place Data Protection Office at dpo@sjp.co.uk.

When interacting with you, we will:

• Only send funds that you have requested to be withdrawn to a verified bank account in your name.
• Verify who you are when speaking to you on the phone, by asking you security

We will not:

• Ask you for your password over the
• Send you an unsolicited email with a link to our login page asking you to enter your Online Wealth Account credentials.
• Ask you for payment or credit card details by email or
• Call you to notify you of a problem, and then request you call us back immediately to discuss the problem further.

We continually review our physical and logical security controls in place across the business.

Our employees, Partners and contractors take part in an annual Information Security training and awareness program and must agree to adhere to the Data Protection Act and our own Information Security Policy that are designed to keep your information safe. These are refreshed each year to reflect the current trends that are being observed across the information security landscape. Information Security awareness also forms part of our new employee induction program.

Physical controls – As well as protecting your digital information, St. James’s Place also protects their premises and physical locations where personal data may be used and stored. These measures include security guards, security entrances, secure disposal of confidential waste and hardware, CCTV, personal cardaccess and locks on doors and file storage cabinets, with a ‘clear desk’ policy to ensure all information is locked away and protected.

Logical controls – St. James’s Place uses technical security measures to make sure our systems where we store and use personal information are protectedfrom unauthorised access. Tools such as authentication controls, antivirus, firewalls, malware detection and back-up procedures are used across the business.

All employee emails and devices are encrypted to enable secure transfer and storage of personal information.

We conduct security testing of our applications and services in a controlled testing environment before they are made available for our clients to use on anongoing basis. We perform security risk assessments for each of our sites to identify and control risks. External technical assessments are conducted by an independent external 3rd party. Security audits and vendor due diligence are conducted on a continual basis.

We have a business resiliency plan with disaster recovery and business continuity testing. The purpose of Business Continuity Management and the St. James’s Place Business Continuity Plan, is to provide an effective, predefined and documented framework to respond to an incident affecting the Group’s activities. The key drivers in developing the business recovery plans are;

• To mitigate the risks that could lead to the significant disruption of our products and services to our clients.
• To provide a recovery plan that supports a timely and full restoration of our products and services for our clients.

However, whilst we take appropriate technical and organisational measures to safeguard your Personal Information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.

The St. James’s Place website uses cookies – small text files that are stored on your computer or in your browser – to help us to monitor how visitors use our site and allow us to maintain the optimum experience for website users. The website does not store or capture personal information about you when you visit it, it merely records traffic information. This means information about all of our visitors collectively, for example the number of visits the website receives. In order to respect our visitors’ rights of privacy, this information is anonymous and no individual visitor can be identified from it.

You can disable and delete cookies by changing the appropriate setting within your browser’s ‘Help’, ‘Tools’ or ‘Settings’ menu. Please note that by disablingcookies you may not benefit from some of the features of our site. You can find out more about deleting or controlling cookies by visiting About Cookies.

Facebook advertising

We use the “Custom Audience pixel” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows us to track what users do after they see or click on our Facebook advertisements. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found

here https://www.facebook.com/about/privacy/. We also utilise Facebook Custom Audiences. Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network. You can allow Facebook and itspartners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes.

Please click here if you would like to withdraw your consent https://www.facebook.com/settings/?tab=ads#_=_

Facebook adhere to the Self-Regulatory Principles for Online Behavioural Advertising and participate in the opt-out programmes established by the Digital Advertising Alliance, the Digital Advertising Alliance of Canada and the European Interactive Digital Advertising Alliance. You can opt out of all participating companies through these sites.

Google Ads

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where requiredto do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You have several rights which you can exercise at any time relating to the personal information that we hold about you and use in the ways set out in thisnotice. Please contact us at any time using the details set out in section 12 if you wish to exercise these rights; we will not usually charge you.

We respect your rights and will always consider and assess them but please be aware that there may be some instances where we cannot comply with a requestthat you make as the consequence might be that:

• in doing so we could not comply with our own legal or regulatory requirements for example we are under obligations to hold records of our dealingswith you for certain periods of time; or in doing so we could not provide services to you and would have to cancel your client agreement, for example we could not enter into investments on your behalf if wehad deleted your personal information.