Skip to content
;

Privacy Policy

1. Introduction

As an online discretionary investment manager, nearly everything you do with us on our website or app will involve the collection, creation, use or sharing of data. Our objective with this policy is to explain how and why we collect, create, use, share, store and delete data as well as to outline the controls we offer to help you take advantage of the important rights you have in regard to your data including privacy settings, notifications, marketing elections, website cookies management, and client services.

2. About this Policy

This Policy is provided by Nutmeg Saving & Investment Limited, trading as Nutmeg (25 Bank Street, Canary Wharf, London, E14 5JP, UK) as a so-called data controller under the UK Data Protection Act. The terms that cover your Nutmeg account can be found in our Terms and Conditions.

Over time, we’ll improve Nutmeg’s services. We also expect to develop new ones. If this materially changes how we collect, create, use, share, store and delete your data, we’ll update this policy. If you ever have questions or concerns, please get in touch.

This policy applies to:

  • Nutmeg clients
  • anyone who downloads our app
  • anyone who browses our website or social media pages
  • anyone who has specific permissions on accounts including power of attorney or appointed third parties
  • applicants for a Nutmeg account
  • anyone who contacts us either online, by telephone, post or any other method.

3. Your Rights

3.1.  The right of access     

You have the right to access the personal data that Nutmeg holds on you and request a copy of it.

3.2.  The right to rectification        

You have the right to have inaccurate personal data rectified, or incomplete data completed respectively.

3.3.  The right to erasure (“the right to be forgotten”)

You have the right to request erasure of the data held by Nutmeg. Nutmeg is required to balance this right with its obligations under law and regulation with respect to record retention.

3.4.  The right to object     

You have the right to object to the processing of your personal data when this is based on legitimate interest, including profiling.

3.5.  The right to restrict processing          

You have a right to request Nutmeg restrict the processing of your personal data, for instance while we process other requests under your rights as a data subject such as the right to object and the right to rectification detailed above.

3.6.  The right not to be subjected to automated decision-making

Where it is not necessary for the performance of the contract or based on your explicit consent, you have the right not to be subject to a decision based solely on automated decision-making and profiling.

3.7.  Right to data portability

You have a right to request a portable copy of your personal data which can be shared with a third party.

3.8.  The right to withdraw your consent

Where you gave your consent to process your data, you can withdraw it any time.

3.9.  Complaints     

Should you have any complaints about how we process your personal data you can get in contact by emailing us at icb.privacyteam@jpmchase.com You also have the right to complain to the Information Commissioner’s Office, by visiting their website or calling their helpline on 0303 123 1113.

You may seek to exercise any of these rights by emailing us at icb.privacyteam@jpmchase.com

4.   Personal Data We Collect and Create

These are the types of data we collect, create, use, and share:

4.1.  Personal Details and Identifiers

Your full name, home address, email address, phone number, and information that is used to verify your identity. Your gender is collected when you onboard and will only be taken into consideration where you have a pension product with us to meet our legal obligations. This can be photo ID, passport number, national insurance number, driving license number, tax residency, and nationality.

4.2.  Authentication Data

The data used to access the Nutmeg Services. It includes your password, security questions and answers. It also includes your unique account and user profile identifiers used for accessing the Nutmeg app.

4.3. Investment Suitability and Affordability Information

Information used to assess your tolerance to investment risk and whether the investment products offered by Nutmeg are suitable and affordable for you. This includes, but is not limited to, your investment experience, risk appetite, the timeframe you are looking to invest for, and your monthly incomings and outgoings.

4.4. Financial Information

Information used to assess financial situation. This will include your income, residential status, employment information, credit rating, and may include County Court Judgements or bankruptcy if applicable.

4.5.   Account Information 

Details relating to the account that you hold with us. This includes your account information, payment settings, nominated bank account, unique identifiers, alerts, language set, contact and marketing preferences. 

4.6. Transaction History and other Reports

Events like contributions, transfers and withdrawals made on your account (including those via third parties such as Apple Pay and Google Pay).

4.7. Health and Disability Data

Data that you may provide to us relating to a disability or health issue(s) which is relevant to your use of the Nutmeg Services. This might include the accessibility of our website or app or a change in your health status that impacts your use of the Nutmeg Services.

4.8. Communications Data

Records and results of any communications between you and us. This includes email, telephone, chat, secure Nutmail, social media and letter. This might include open rates and dates/times, whether it was forwarded, and your interaction with the communication.

4.9. Device and Technical Data

Data such as unique device identifiers, IP addresses, device type and model, as well as operating system and version. This might also include network connection type, browser type, advertising ID and non-precise location data. We might infer that from other data such as IP address.

4.10. Location Data

Your IP address and location data. This might include location data from your device if you allow location sharing in the app.

4.11. Usage Data

Data generated from your website or in-app activity, such as what screens or product features you use and how long you spend using features within the app or on our site.

4.12. Cookies

We collect information from the devices you use to browse the Nutmeg website or app, or store information on your devices, in the form of cookies. We use this information to:

  • help maintain the security of Nutmeg Services
  • help ensure that our website and app communicate correctly with our other services
  • remember your choices and settings
  • collect and compile anonymous, aggregated information for statistical and evaluation purposes to help us understand how users use our services and help us improve those services
  • provide you with a personalised web experience and more relevant ads.

Our Cookie Policy is available in the legal section on our website and in our app.

Although your provision of personal information to us in connection with this notice is voluntary (unless we inform you otherwise), we may be unable to provide you with our products/services (or any part thereof) or comply with any applicable laws or regulations or guidelines and codes issued by regulatory or other authorities, if you choose not to do so.

5.   Automated Decisions

5.1.  Identity Verification

We use automated processes to check your identity when you sign-up. Where our process is not able to automatically confirm your identity, it will be reviewed by an agent. 

5.2.  Onboarding Fraud

When you open a Nutmeg account, we screen your personal details against fraud databases. The results could prevent you from using the Nutmeg Service. Where our process identifies a positive fraud match, it will be reviewed by an agent.

5.3. Suitability

As a regulated investment manager, we are required to assess whether the investment products you are looking to take up are suitable for you, this includes understanding your tolerance for investment risk and current financial situation.

To comply with our regulatory obligations, where the Suitability process identifies that an investment product is not suitable, we may not be able to offer you any Nutmeg product. If you would like to understand more about this decision, or you believe there has been an error, you can discuss the suitability outcome with our Client Support Team.

You can ask for information about any automated decision making that has a legal or similarly significant effect on you. We’ll explain the logic involved, how we use the decision and any potential consequences. You can also object, give us extra information or ask us to review a decision. In certain circumstances you also have the right not to be subject to a decision based solely on automated processing.

6.   How We Use Your Data

These are reasons we might use your data:

6.1.  Client onboarding

This includes setting up your account with us and fulfilling our regulatory compliance obligations including ‘Know Your Customer’ (KYC) checks and your investment risk level. It also includes confirming and verifying your identity. In order to create an account with Nutmeg we need to collect some personal information which allows us to verify your identity and assess your tolerance to investment risk. You may provide us with this information as part of the account opening process through our website or mobile app. We authenticate your use of our services and check against sanctions lists and other legal restrictions. It also includes taking all other necessary steps to make Nutmeg Services available to you.

What it is

  • Personal Details and Identifiers
  • Account information
  • Authentication data
  • Device and technical data
  • Suitability and affordability assessment information

Why we need to do it

  • We use your data to meet a legal obligation
  • We might also use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us or
  • We might also use your data as part of our pre-checks as part of our onboarding process where we are entering into an agreement with you.

6.2.  Providing you with client support and communicating with you

We record all interactions with our Client Support Team including, but not limited to, emails, phone calls, web chat and Nutmails. We will also generate and keep a record of any mandatory or ad hoc statements and reports we produce for you.

What it is

  • Personal Details and Identifiers
  • Authentication details
  • Account data
  • Transaction history and other reports
  • Communication data

Why we need to do it

  • We use your data to meet a legal obligation
  • We might also use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us or
  • We might also use your data as part of our pre-checks as part of our onboarding process where we are entering into an agreement with you.

6.3.  Operating your account

On a day-to-day basis we process information necessary for your account to function correctly, for us to operate your investment account and to perform our contractual obligations. This can range from details required for us to trade your investments, to data necessary for our technology infrastructure to run. This information is usually generated automatically by your account and our systems or may be collected as a result of an interaction you have with our Client Support Team.

What it is

  • Personal Details and Identifiers
  • Authentication details
  • Account information
  • Communication data

Why we need to do it

  • We might also use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us or
  • We might also use your data as part of our pre-checks as part of our onboarding process where we are entering into an agreement with you or
  • We might use it if we have a legitimate interest in doing so to provide you with the Nutmeg Services. That interest isn’t overridden by your interests or fundamental rights and freedoms.

6.4.  Fraud Prevention

This includes detecting, preventing and investigating fraud throughout our relationship with you.

What it is

  • Personal Details and Identifiers
  • Account Information
  • Transaction history
  • Device and technical data
  • Financial Information

Why we need to do it

  • We have a legitimate interest in using your data to detect and protect against fraud. These interests aren’t overridden by your interests or fundamental rights and freedoms.
  • We use your data to meet a legal obligation or
  • We might also use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us.

6.5.  Facilitate your use of third-party services

With your permission, providing you services, such as Open Banking, with access to your account information.

What it is

  • Personal Details and Identifiers 
  • Account data
  • Transaction history

Why we need to do it

  • We use your data when we have your consent to grant access or
  • We might use it if we have a legitimate interest in doing so to provide you with Nutmeg Services. These interests aren’t overridden by your interests or fundamental rights and freedoms. 

6.6.  Marketing

For contacting you about Nutmeg investment updates, new features, and offers. This might be via email, in app notification or online through social media ads or ads we place on websites you visit. Understanding how you interact with our app, our website, social media channels and our online ads through analysing activity and behaviour allows us to understand our clients. It also helps us understand people who are interested in becoming clients and build our marketing campaigns and Nutmeg Services. It also includes understanding how you engage with our emails and the content we share via email. 

What it is

  • Personal Details and Identifiers
  • Device and technical data
  • Usage Data

Why we need to do it

  • We have a legitimate interest in using your data for marketing and prospecting or
  • We have your consent to market to you.

6.7.  Personalisation of our Services

We may employ common tracking technology, such as cookies and pixels, to understand how you interact with our website and app for the purpose of showing you content on it that we think is most relevant to you.

What it is

  • Usage Data
  • Identifiers 
  • Device and Technical data

Why we need to do it

  • We may have your prior consent or
  • We have a legitimate interest in using your data to provide services to you.

6.8.  To meet our financial operating standards

This includes internal and regulatory reporting and business oversight such as internal audits and to produce reports to analyse our performance and manage our finances.

What it is

  • Account data
  • Transaction history
  • Communication data

Why we need to do it

  • We have a legitimate interest in using your data to manage and operate the financial affairs of our business. These interests aren’t overridden by your interests or fundamental rights and freedoms or
  • We use your data to meet a legal obligation or
  • We might also use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us.

6.9.  Research

This  includes speaking to you to collect your views and opinions on our brand, new Nutmeg products and services we are looking to develop or how we are doing in relation to our existing Nutmeg products and your experience with us as a client. We will conduct our research directly with you or through a partnership with our research partners.

We will analyse your views and feedback to create insights that help us understand what people think about our brand and shape changes to our Nutmeg Services and marketing campaigns.

What it is

  • Personal Details and Identifiers 
  • Usage Data
  • Communications Data
  • Your feedback or opinions

Why we need to do it

  • We have your consent. This legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

6.10. Security

This includes maintaining the security of our website and our app.

What it is

  • Personal Details and Identifiers
  • Usage Data
  • Device and Technical Data
  • Location Data

Why we need it

  • We use your data here to meet a legal obligation or
  • We have a legitimate interest in using your data to ensure the physical and electronic security of our business, premises and assets. These interests aren’t overridden by your interests or fundamental rights and freedoms.

6.11. IT Operations

This includes the management of our communications systems, operation of IT security and IT security audits.

What it is

  • Communication data
  • Device and technical data
  • Personal Details and Identifiers
  • Account data

Why we need to do it

  • We have a legitimate interest in using your data to securely run our IT and communications systems. These interests aren’t overridden by your interests or fundamental rights and freedoms or
  • We use your data here to meet a legal obligation or
  • We might also use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us.

6.12. Improving Nutmeg services and products

This includes understanding how you interact with and use our app, website and social media pages. It also includes understanding how you interact with our app or website and allows us to improve on what works, what doesn’t and build new Nutmeg Services for you. We may also receive information relating to you from third-party analytics providers.

What it is

  • Personal Details and Identifiers
  • Device and Technical Data
  • Usage Data

Why we need it

  • We have a legitimate interest in using your data to improve the Nutmeg Services 
  • We may also have your prior consent
  • We might also use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us.

6.13. Investigations

This includes detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.

What it is

  • Transaction history
  • Usage Data
  • Social media and other public records and 3rd party data sources

Why we need it

  • We use your data here to meet a legal obligation.
  • We have a legitimate interest in using your data to detect and protect against breaches of our policies and the law. These interests aren’t overridden by your interests or fundamental rights and freedoms.

6.14. Legal compliance and legal proceedings 

For compliance with our legal and regulatory obligations under applicable law and for us to establish, exercise and defend our legal rights.

What is it

  • Personal Details and Identifiers
  • Account data
  • Transaction history

Why we need to do it

  • We use it in connection with a contract you may enter into with us, including in preparation of your entering a contract with us or
  • We use your data to meet a legal obligation.

7. Sharing Personal Information with Third Parties

We will disclose your data to certain third parties from time to time.

7.1.  Members of the J.P. Morgan Group

So they can help us provide you with the Nutmeg Services. We share data with Chase to understand where Nutmeg clients are also Chase customers. We also analyse this data to send Chase product marketing emails if you have opted into marketing messaging. It also allows them to meet legal or regulatory obligations, or because you asked us to.

7.2.  Banks and Payment Providers

To process payments from or to your account.

7.3.  Open Banking Providers

If you authorise them, we’ll share data about your account so their services work for you.

7.4.  Service Providers

So they can help us provide you with the Nutmeg Services. Examples include vendors who host our database, or vendors who assist us with our marketing efforts.

7.5.  Social and Search Advert platforms and Advertising Partners

We advertise our services on social media and search platforms and with our advertising partners. These advertising campaigns sometimes require sharing personal data to place advertisements.

The data we share is limited to two of the following data points:

  • Your email address
  • Your device ID

We protect your data using a technical process called “hashing” when we transfer data to an ad platform.

Your data is used to check if you have an account with our search and social advertising platforms or advertising partners when we place adverts. If you don’t have an account, your data is deleted immediately. If you do, we will ask the social or search ad platform to take one of the following actions:

  • A Nutmeg ad will be served to you where we believe you could be interested in our services
  • Serve ads to people who have similar interests to you. Here we ask our social media and advertising partners to show our adverts to people who, like you, are interested in investment services
  • Exclude you from our online marketing campaigns because you already use the services we are advertising
  • We may also advertise Nutmeg services with our advertising partners and ad platforms without sharing personal data. Here our ads will be displayed on websites and in response to search requests where people are looking for investment services or tax wrappers.

7.6.  Courts Service

We may be required to share your data in relation to a legal filing or claim in the exercise or defence of legal rights or obligations.

7.7.  Government Bodies, Agencies, Regulators and Authorities

We can be asked to share your data with these bodies on a regular or ad hoc basis. Examples include the UK Financial Conduct Authority and HM Revenue and Customs.

If you’re a tax resident of a country other than the UK, we may be required to share information about you and your accounts with the relevant tax authorities. The obligations can ask for us to share this information directly, or through the local tax authority. The relevant tax authorities can share that information with other appropriate tax authorities or government bodies. We may ask you to provide us with extra information or to fill in tax forms to help us with this.

7.8.  Fraud Prevention Agencies

To prevent fraud and money laundering.

7.9. Law Enforcement and Fraud Detection Agencies

To help with the detection, prevention and investigation and prosecution of criminal activities, including fraud and money laundering.

7.10. Professional Advisers

So they can provide services to us. This includes accountants, financial advisers, lawyers and other outside professional advisors.

7.11. Purchasers or Assignees of Our Business

If our business, or part of it, is sold or reorganised.

If you want to know more about any of these third parties, please get in touch.

8. Third parties we receive your data from

We may receive certain data about you from various third parties from time to time, including:

  • Members of the J.P. Morgan Group
  • Fraud prevention agencies/Financial crime agencies
  • Open Banking vendors
  • Central and local government
  • Research and advertising agencies and data marketplaces

9. Third Party Data: Fraud Prevention

We share data with search databases or receive data from fraud prevention and credit reference agencies, as part of our client onboarding process and during your relationship with us as a client.

10. International Transfers of Data

Nutmeg is part of the J.P. Morgan Group which uses shared technology. We also have governance and reporting obligations to the wider group as such, we will transfer your data within the J.P. Morgan group, and to third parties as set out above.

For this reason, we will transfer your data to other countries outside of the UK that may have different laws and data protection compliance requirements, including data protection laws of a lower standard to those enacted in the UK. These transfers will only take place for the purposes outlined in this policy.

Where we transfer your data to other countries outside of the UK, we will do so on the basis of:

  • Adequacy decisions, where a country has been deemed to provide adequate protections to individuals;
  • Binding Corporate Rules when transfers occur within the J.P. Morgan Group;
  • Standard contractual clauses; or
  • Other valid transfer mechanisms or derogations.

To receive more information about the safeguards that we apply to international transfers of your data, please get in touch.

11.   Other Information

This is any information that does not reveal your specific identity or relate to anyone identifiable:

  • Browser and device information
  • App usage data
  • Information collected through cookies, pixel tags and other technologies
  • Demographic information and other information provided by you that does not reveal your specific identity
  • Information that has been aggregated in a manner such that it no longer reveals your specific identity

Sometimes Other Information is associated to you or combined with your personal data. When this happens, it becomes Personal Data. If that happens, we treat it as Personal Data. We will treat it as Personal Data as long as it is combined and identifies you.

12.   Data Security

We have a global security program designed and implemented through our policies, guidelines and controls to protect your data from misuse. Our security program is designed to protect your data from misuse or accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access. Our people can only access as little of your data as they absolutely must. Anyone who can access your data must keep it confidential and only use it for shortest period required.

13.   Data Accuracy

We take reasonable steps designed to ensure that any data that we process are accurate and, where necessary, kept up-to-date. We also take reasonable steps to ensure that any of your data that we process that is inaccurate are erased or rectified without delay. From time to time, we may ask you to confirm the accuracy of your data.

14.   Data Minimisation

We take reasonable steps designed to ensure that your data that we process are limited to the data reasonably required in connection with the purposes set out in this notice.

15.   Data Retention

We will retain your data in line with our data retention policy and for the minimum period required. The duration of the retention period is determined by a number of criteria including the nature of our relationship with you, UK law, the type of data and the Nutmeg Services that the data relates to. Once we no longer need to retain your data in a form that identifies you, we will permanently delete or destroy it, archive and secure it so that it is beyond practical use; or anonymize it.

16.   Updates to this Policy

We will update this Policy from time to time for example when we change the data we collect or the ways in which we process it.

17.   Contact details

If you have any comments, questions or concerns about how we process your data, then please contact our privacy team at icb.privacyteam@jpmchase.com or via post at Unit 201, 1-45 Durham Street, Vox Studios, London, SE11 5JH.

You can contact our Data Protection Officer at EMEA.Privacy.Office@jpmchase.com  or via post at Unit 201, 1-45 Durham Street, Vox Studios, London, SE11 5JH.