Skip to main content

Privacy and online security

Privacy notice

This notice was updated in March 2024 following changes to the Artemis Cookie Policy and international data transfers.

The following privacy notice (the “notice”) is issued by Artemis Investment Management LLP and any holding company or subsidiary company (including but not limited to Artemis Fund Managers Limited) as defined in section 1159 of the Companies Act 2006, referred to in this notice as "we", "our", "us" or "Artemis".

Please note that a separate privacy notice is issued by Artemis Funds (Lux); view the Artemis Funds (Lux) privacy notice.

We act as data controller in respect of the processing of the information we gather about you.

In this policy, “personal data” includes any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, Artemis or its representatives or service providers. We collect and use personal data and where applicable this may include information related to your spouse/partner, directors, partners and owners (your “representatives”).

Certain personal data is considered particularly sensitive and is subject to stricter rules regarding its processing. These categories of personal data are referred to as “special category data” and include any personal data relating to the racial or ethnic origin of the data subject; their political opinions; their religious (or similar) beliefs; their physical or mental health condition; details of criminal offences or criminal convictions (including the commission or alleged commission of any offence, any proceedings for any offence committed or alleged to have been committed and the disposal of such proceedings or the sentence of any court in such proceedings) and genetic and biometric data.

This notice applies to any personal data we receive from you, create or obtain from other sources and explains how it will be used by us. It is important that you take the time to read and understand this notice so that you understand how we will use your personal data and your rights in relation to your personal data.

If you fail to provide certain information when requested, we may not be able to perform any contract we may have with you, or we may be unable to deal with you.

If you have any questions regarding our use of personal data or this notice, including any requests to exercise your legal rights, you can contact our Privacy Officer using the details in the “Contact us” section below.

Personal data that we collect from you

We will collect and use the following personal data about you and your representatives:

Information you give us

Information we collect or generate about you and your representatives 

Information we receive from other sources

For the avoidance of doubt, in the case of institutional investors, personal data includes personal data of individuals linked to such institution.

When you are no longer our client, we continue to process your information as described in this notice, subject to our record retention policies and applicable law.

Purposes for which we process your personal data and the legal grounds for this

We may process your personal data in line with one of the following legal bases:

We will only use personal data for the purposes for which we collected it or as otherwise described in this notice.

Sharing your personal data

We may disclose your personal data within Artemis and to third party service providers in the circumstances described below:

We will take steps to ensure that the personal data is accessed only by personnel that have a need to do so for the purposes described in this notice.

We may also share your personal data outside of Artemis:

These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice.

We may also share your personal data outside of Artemis to the extent required by law, for example if we are under a duty to disclose your personal data to comply with any legal obligation (including disclosures made to tax authorities, regulators, credit agencies and Companies House), and to establish, exercise or defend our legal rights.

Transfer of personal data outside the UK and European Economic Area (“EEA”)

On 28 June 2021, the EU Commission announced that it had ruled that the UK’s data protection regime is adequate under the EU’s General Data Protection Regulation. The UK government has also adopted adequacy regulations in relation to the EU/EEA regime. This means that most data can continue to flow between the UK and the EU/EEA without the need for additional safeguards. The UK has also adopted adequacy regulations in relation to Switzerland, meaning that the Swiss data protection framework has been assessed as providing ‘adequate’ protection to the rights and freedoms of UK individuals in respect of their personal data. The majority of the information you provide to us will be transferred to and stored on secure servers in the United Kingdom or the European Economic Area. However, from time to time, personal data may be transferred to, stored in, or accessed from a destination outside the EEA. It may also be processed by authorised staff operating outside of the EEA who work for one of our suppliers.

Where we transfer your personal data outside the UK and EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the UK and EEA. This can be done in a number of ways, for instance:

In other circumstances the law may permit us to transfer your personal data internationally. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.

You can obtain more details of the protection given to your personal data when it is transferred internationally by contacting us in accordance with the “Contact us” section below.

How long we keep your personal data

How long we hold your personal data for will vary. We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

Your rights

You have a number of rights in relation to the personal data that we hold about you. These rights include:

You can exercise your rights by contacting us using the details set out in the “Contact us” section below.

You can find out more information about your rights by contacting the data protection regulator, the Information Commissioner, or by searching its website.

Changes to our privacy policy

We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

Contact us 

We are registered in the UK and our registered address is at Cassini House, 57 St. James's Street, London, SW1A 1LD.

Please contact us if you have any questions about our privacy policy or personal data we hold about you:

Within our group, we also have Artemis entities based in Germany and Switzerland. If you are based outside the UK and would prefer to contact our German or Swiss entities in connection with your data privacy rights, please write to:

You can also contact these entities by email at [email protected].

Staying secure online

Although the internet is a highly useful and valuable tool, it is also a place where fraudsters and crooks operate, so it is essential to at all times use it carefully and safely, be vigilant for potentially-fraudulent activity, maintain your security and look after your personal and financial data.

Here are some key best practices and resources for further assistance. Links go to the UK's National Cyber Security Centre website which provides further guidance and information.

Protect your email and online accounts by using a strong password

Cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable to identity theft. The same applies to accounts that you may create online (for example, shopping, banking). Many passwords are easy for fraudsters to guess or discover (for example, your date of birth, your mother's maiden name).

Install the latest software and app updates

Software developers and those creating apps for mobile phones constantly improve the security of their software by releasing updates on a regular basis. These contain vital security updates to help protect your computer and other devices from cyber criminals.

Turn on 2-step verification (2SV)

Also called 2-factor authentication, 2-step verification is recommended to help protect your online accounts.

2-step verification means that when you go to log in to an online account, you don't just enter a password: you validate your login with a second security activity.

When you set up 2-step verification, this usually means you’ll be sent a PIN or code, often by SMS (text message) or email, after you have entered your password. You then need to enter this PIN on your computer or device to prove that it's really you.

More information about 2-step verification.

Regularly back-up your data

Safeguard your most important data, such as your photos, key documents, and financial contracts and records, by backing them up to an external hard drive or a cloud-based storage system. You should do this regularly (ideally after every time you update or change those files).

More information about backing-up your data

Tighten privacy settings on your social media accounts

Social media accounts can hold a surprising amount of personal information, especially if you include data like your date of birth, where you live, friends and relatives and so on. To help control who has access and what information can be seen, review the privacy settings on the online accounts you use regularly. Pay special attention to:

Phishing and spam

How to recognise malicious emails

The following list details some of the things you should check when trying to assess if an email is genuine or not. If you answer ‘no’ to any of these, you should be suspicious. 

Check Things to consider
Were you expecting it?
  • Were you expecting an email from this person or organisation?
  • Is this the normal type of email that the user would send?
  • Is this the person that would normally send this type of email?
  • Are you the person they would normally send this email to?
  • Does this email require a deviation from your standard operating practice? (ie is it asking you to email a file that would normally be delivered by some other mechanism? Or to make a payment outside normal payment runs?)
Is the sender who they say they are?
  • If you hit Reply, is the Reply-To address of the email what you would expect?
Does it sound right?
  • Is the tone (eg formal, relaxed, urgent) and the content (eg spelling, grammar, vocabulary) of the email consistent with what you would expect from this sender?
  • And for this type of request? Does the email contain real or implied threats (eg disconnection or a fine) if you do not reply instantly?
Does it have an unexpected attachment?
  • Were you expecting something to be attached to the email – for example, a photo, document, PDF, ‘zip’ file or other type of file?
  • Does the attachment name look correct?
  • Does the attachment ask you to override any security settings?
Do you know where any links are leading to?
  • Does the email contain a link to a website?
  • If you hover over the link, does the website address look correct?
  • Is the email asking you to log in to another system to do something?
Trust your instincts
  • Above everything else, does it pass the ‘sniff test’?
  • Often our instincts are very good at alerting us that something is intuitively wrong, even though we can't put our finger on exactly why

Tell us about incidents involving Artemis

If you see or are the subject of any phishing or spam incidents that purport to be from or are related to Artemis, please let us know by any of:

More information about staying secure online

Visit the National Cyber Security Centre