Privacy and online security

Privacy notice
Staying secure online

Privacy notice

This notice was updated in March 2024 following changes to the Artemis Cookie Policy and international data transfers.

The following privacy notice (the “notice”) is issued by Artemis Investment Management LLP and any holding company or subsidiary company (including but not limited to Artemis Fund Managers Limited) as defined in section 1159 of the Companies Act 2006, referred to in this notice as "we", "our", "us" or "Artemis".

Please note that a separate privacy notice is issued by Artemis Funds (Lux); view the Artemis Funds (Lux) privacy notice.

We act as data controller in respect of the processing of the information we gather about you.

In this policy, “personal data” includes any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, Artemis or its representatives or service providers. We collect and use personal data and where applicable this may include information related to your spouse/partner, directors, partners and owners (your “representatives”).

Certain personal data is considered particularly sensitive and is subject to stricter rules regarding its processing. These categories of personal data are referred to as “special category data” and include any personal data relating to the racial or ethnic origin of the data subject; their political opinions; their religious (or similar) beliefs; their physical or mental health condition; details of criminal offences or criminal convictions (including the commission or alleged commission of any offence, any proceedings for any offence committed or alleged to have been committed and the disposal of such proceedings or the sentence of any court in such proceedings) and genetic and biometric data.

This notice applies to any personal data we receive from you, create or obtain from other sources and explains how it will be used by us. It is important that you take the time to read and understand this notice so that you understand how we will use your personal data and your rights in relation to your personal data.

If you fail to provide certain information when requested, we may not be able to perform any contract we may have with you, or we may be unable to deal with you.

If you have any questions regarding our use of personal data or this notice, including any requests to exercise your legal rights, you can contact our Privacy Officer using the details in the “Contact us” section below.

Personal data that we collect from you

We will collect and use the following personal data about you and your representatives:

Information you give us

This is information about you (and your financial adviser/representative or beneficial owner which may include a child for whom you have parental responsibility, if applicable,) that you (and/or your financial adviser/representative, if applicable) give us by filling in forms or by corresponding with us by phone, e-mail, electronic messaging, voice and/or videoconferencing or otherwise. The information you give us may include your name, address, e-mail address and phone number, financial and debit card information, credit history, identification records.

Information we collect or generate about you and your representatives

We sometimes record telephone conversations, electronic messaging, voice and/or video conferencing and monitor email communications to resolve complaints, improve our service and in order to comply with our legal and regulatory requirements. We generate data to improve our service, to manage, administer and take decisions about your account, and to help us market our products. The information we capture in this way may include your name, address, e-mail address and phone number, financial and debit card information, credit history and identification records.

Information we receive from other sources

Verifying your identity – we will use information provided by third parties (e.g. fraud prevention agencies) when verifying your identity and when carrying out anti money laundering checks. Such information may include some details about any criminal convictions and any allegations regarding criminal activity that relate to you, as well as details of your status as a politically exposed person. It may also include your nationality and identification records (e.g. passport information).
Cookies - when you visit the Artemis website, cookies are used to collect information about the services that you use, and how you use them. These are used to monitor and improve our services, and may be used to help us market our products to you. For more information on the cookies used by Artemis please see our Cookie Policy on our website.
Intermediaries – we may receive information from dealers, brokers and introducers for the purposes of entering in to and administering your agreement. This may include your name, address, e-mail address and phone number, financial and debit card information, credit history and identification records.
Public databases – we may obtain information about you from public databases.

For the avoidance of doubt, in the case of institutional investors, personal data includes personal data of individuals linked to such institution.

When you are no longer our client, we continue to process your information as described in this notice, subject to our record retention policies and applicable law.

Purposes for which we process your personal data and the legal grounds for this

We may process your personal data in line with one of the following legal bases:

in order to perform our obligations under our contract with you, such as:
- managing your investments and administering your account(s);
- verifying your information, including your identity as part of our client onboarding process;
- to communicate with you in order to provide you with services or information about Artemis and our products and services; and
- to make payments or distributions.
where we have obtained your consent, such as:
- to send promotional information about our products and services via the methods you specify (to the extent such consent is required by law); and
- to allow events and webinars to be delivered.

to comply with our legal and regulatory obligations, such as:
- to fulfil our legal, regulatory, and compliance obligations, including identity verification, know your client (KYC), terrorist financing, anti-money laundering, and sanctions checks;
- to respond to governmental (including tax authorities) and regulator inquiries or examinations, court orders and legal investigations; and
- to establish, exercise or defend our legal rights and / or for the purpose of (or in connection with) legal proceedings.
the use of your personal data is necessary for our legitimate business interests, such as:
- allowing us to effectively and efficiently manage and administer the operation of our business;
- maintaining compliance with internal policies and procedures;
- marketing our products and services (where consent is not required);
- for ongoing review and improvement of the information on the Artemis Website, including analysing the data of visitors to our site and capturing metrics about the journey of users, and preventing any potential disruptions or cyber-attacks;
- enforcing the terms and conditions of any agreement we have with you; and
- the recovery of outstanding debts from you.

We will only use personal data for the purposes for which we collected it or as otherwise described in this notice.

Sharing your personal data

We may disclose your personal data within Artemis and to third party service providers in the circumstances described below:

to ensure the delivery of products or services to you;
to ensure the safety and security of our data; and
for internal research and statistical analysis purposes.

We will take steps to ensure that the personal data is accessed only by personnel that have a need to do so for the purposes described in this notice.

We may also share your personal data outside of Artemis:

in order to enforce or apply the terms of use and other agreements you have with us;
with an insurer or insurers for administration, claims handling and fraud prevention (which could include passing it to other insurers);
with any broker or introducer of an agreement with us;
with tracing and repossession agents;
if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;
if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer; and
with third party agents for the purposes of providing services to us.

These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice.

We may also share your personal data outside of Artemis to the extent required by law, for example if we are under a duty to disclose your personal data to comply with any legal obligation (including disclosures made to tax authorities, regulators, credit agencies and Companies House), and to establish, exercise or defend our legal rights.

Transfer of personal data outside the UK and European Economic Area (“EEA”)

On 28 June 2021, the EU Commission announced that it had ruled that the UK’s data protection regime is adequate under the EU’s General Data Protection Regulation. The UK government has also adopted adequacy regulations in relation to the EU/EEA regime. This means that most data can continue to flow between the UK and the EU/EEA without the need for additional safeguards. The UK has also adopted adequacy regulations in relation to Switzerland, meaning that the Swiss data protection framework has been assessed as providing ‘adequate’ protection to the rights and freedoms of UK individuals in respect of their personal data. The majority of the information you provide to us will be transferred to and stored on secure servers in the United Kingdom or the European Economic Area. However, from time to time, personal data may be transferred to, stored in, or accessed from a destination outside the EEA. It may also be processed by authorised staff operating outside of the EEA who work for one of our suppliers.

Where we transfer your personal data outside the UK and EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the UK and EEA. This can be done in a number of ways, for instance:

Adequacy Decisions - the country that we send the data to might be approved by the UK as providing ‘adequate’ protection for people’s rights and freedoms in respect of their personal data;
UK International Data Transfer Agreement (IDTA) or Addendum to EU Standard Contractual Clauses (SCCs); SCCs can be used which the sender and the receiver of the personal data can both sign up to. These clauses comprise a number of specific contractual obligations designed to provide legal protection to individuals when their personal data is transferred to ‘third countries’;
The recipient of the data might be a signatory to binding corporate rules;
Other safeguards, which may include:

Approved codes of conduct;
Approved certification mechanisms; and
Legally binding and enforcement instruments between public authorities or bodies.

In other circumstances the law may permit us to transfer your personal data internationally. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.

You can obtain more details of the protection given to your personal data when it is transferred internationally by contacting us in accordance with the “Contact us” section below.

How long we keep your personal data

How long we hold your personal data for will vary. We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

the amount, nature, and sensitivity of the personal data;
the potential risk of harm from unauthorized use or disclosure of your personal data;
the purposes for which we process personal data; and
whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

You have a number of rights in relation to the personal data that we hold about you. These rights include:

the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
the right to request that we rectify your personal data if it is inaccurate or incomplete;
the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
the right to request that we restrict our processing of your personal data in certain circumstances. Please note that there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request;
the right to object to our processing of your personal data where we process your personal data in line with our legitimate business interests. Please note that there may be circumstances where you object to our processing of your personal data but we are legally entitled to refuse that request;
the right to object to any automated decision making (including profiling) which we conduct based on your personal data, which significantly affects you. Please note that there may be circumstances where you object to us conducting automated decision making but we are legally entitled to refuse that request;
the right to object to the processing of your personal data in certain circumstances; and
the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contact us” section below.

You can find out more information about your rights by contacting the data protection regulator, the Information Commissioner, or by searching its website.

Changes to our privacy policy

We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

Contact us

We are registered in the UK and our registered address is at Cassini House, 57 St. James's Street, London, SW1A 1LD.

Please contact us if you have any questions about our privacy policy or personal data we hold about you:

Write to us at our address: Artemis Investment Management LLP, Cassini House, 57 St. James's Street, London, SW1A 1LD
By telephone on 020 7399 6000
By email to [email protected]

Within our group, we also have Artemis entities based in Germany and Switzerland. If you are based outside the UK and would prefer to contact our German or Swiss entities in connection with your data privacy rights, please write to:

AI Management (Europe) GmbH, Maximilianstraße 13, 80539 Munich, Germany
Artemis Investment Services (Switzerland) GmbH, Talacker 41, 8001 Zurich, Switzerland

You can also contact these entities by email at [email protected].

Staying secure online

Although the internet is a highly useful and valuable tool, it is also a place where fraudsters and crooks operate, so it is essential to at all times use it carefully and safely, be vigilant for potentially-fraudulent activity, maintain your security and look after your personal and financial data.

Here are some key best practices and resources for further assistance. Links go to the UK's National Cyber Security Centre website which provides further guidance and information.

Protect your email and online accounts by using a strong password

Cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable to identity theft. The same applies to accounts that you may create online (for example, shopping, banking). Many passwords are easy for fraudsters to guess or discover (for example, your date of birth, your mother's maiden name).

Use a strong password: one technique is to choose three random words to create a password that's difficult to crack
Don't use the same password for multiple accounts
Never save your passwords on your computer: if it is hacked, they can be found
Use a password manager, a technology tool that helps internet users create, save, manage and use passwords across different online accounts and services

Install the latest software and app updates

Software developers and those creating apps for mobile phones constantly improve the security of their software by releasing updates on a regular basis. These contain vital security updates to help protect your computer and other devices from cyber criminals.

Install the latest updates when they are released
You can often configure your computer or device/phone to do this automatically

Turn on 2-step verification (2SV)

Also called 2-factor authentication, 2-step verification is recommended to help protect your online accounts.

2-step verification means that when you go to log in to an online account, you don't just enter a password: you validate your login with a second security activity.

When you set up 2-step verification, this usually means you’ll be sent a PIN or code, often by SMS (text message) or email, after you have entered your password. You then need to enter this PIN on your computer or device to prove that it's really you.

More information about 2-step verification.

Regularly back-up your data

Safeguard your most important data, such as your photos, key documents, and financial contracts and records, by backing them up to an external hard drive or a cloud-based storage system. You should do this regularly (ideally after every time you update or change those files).

More information about backing-up your data

Tighten privacy settings on your social media accounts

Social media accounts can hold a surprising amount of personal information, especially if you include data like your date of birth, where you live, friends and relatives and so on. To help control who has access and what information can be seen, review the privacy settings on the online accounts you use regularly. Pay special attention to:

Location tracking: consider turning off automatic geolocation data on your social media posts, photos, and comments
Public information: think carefully about what information should be public, such as your birthday, family details, where you live, where you work
Likes, shares, and comments: your 'likes' and comments on other's posts are public information, allowing your profile picture, name and comments to show to companies and other people

Phishing and spam

Spam is a general term to indicate unwanted email and generally refers to mass-marketing emails, usually sent indiscriminately by automated programmes.
Phishing is the process of sending emails purporting or pretending to be from a person or organisation with the intention of fooling the recipient into disclosing information (such as passwords or personal confidential information) or downloading malicious files.
Spear-phishing is the same as phishing but is targeted at individuals and makes use of specific information relevant to the recipient.

How to recognise malicious emails

The following list details some of the things you should check when trying to assess if an email is genuine or not. If you answer ‘no’ to any of these, you should be suspicious.

Check	Things to consider
Were you expecting it?	Were you expecting an email from this person or organisation? Is this the normal type of email that the user would send? Is this the person that would normally send this type of email? Are you the person they would normally send this email to? Does this email require a deviation from your standard operating practice? (ie is it asking you to email a file that would normally be delivered by some other mechanism? Or to make a payment outside normal payment runs?)
Is the sender who they say they are?	If you hit Reply, is the Reply-To address of the email what you would expect?
Does it sound right?	Is the tone (eg formal, relaxed, urgent) and the content (eg spelling, grammar, vocabulary) of the email consistent with what you would expect from this sender? And for this type of request? Does the email contain real or implied threats (eg disconnection or a fine) if you do not reply instantly?
Does it have an unexpected attachment?	Were you expecting something to be attached to the email – for example, a photo, document, PDF, ‘zip’ file or other type of file? Does the attachment name look correct? Does the attachment ask you to override any security settings?
Do you know where any links are leading to?	Does the email contain a link to a website? If you hover over the link, does the website address look correct? Is the email asking you to log in to another system to do something?
Trust your instincts	Above everything else, does it pass the ‘sniff test’? Often our instincts are very good at alerting us that something is intuitively wrong, even though we can't put our finger on exactly why

Tell us about incidents involving Artemis

If you see or are the subject of any phishing or spam incidents that purport to be from or are related to Artemis, please let us know by any of:

email [email protected]
telephone: 0800 092 2051 (business days 8am to 6pm) or from outside the UK +44 1133 604500
post: Artemis Fund Managers Limited, Sunderland SR43 4BH

More information about staying secure online

Visit the National Cyber Security Centre