Privacy Notice

We are committed to protecting the privacy and security of your personal data. This Privacy Notice sets out how we may process personal data about past, prospective, present clients, intermediaries or clients of intermediaries and any associated parties¹ (“you”) of the following legal entities and their subsidiaries where applicable:

• RBC Europe Limited
• Royal Bank of Canada, London Branch
• Royal Bank of Canada (Channel Islands) Limited
• RBC Trust Company (International) Limited
• Royal Bank of Canada Trust Corporation Limited

For the purposes of this Privacy Notice, we shall refer to these entities as “the RBC Entity”, “we”, “our” or “us”.

You may also know us as RBC, RBC Wealth Management, RBC Brewin Dolphin, or Epoch Consulting.

“RBC” means Royal Bank of Canada (the “Bank”) and includes any company that is directly or indirectly a subsidiary of the Bank and any company that is directly or indirectly a subsidiary of any such subsidiary and in this definition reference to “company” or “subsidiary” shall be interpreted as a reference to a corporate body wherever incorporated.

¹ “Associated parties” means any other person whose personal information is collected or otherwise processed in connection with a past, prospective or present client or service of an RBC Entity.

Data Controller

Depending on your relationship with us the relevant RBC Entity set out above, will be a ‘controller’ of your personal data (i.e., any information from which you can be identified).

This Privacy Notice is effective from 4th November 2024.

If you have any questions, feel free to get in touch via one of the methods set out in the “Contact us” section below.

What personal data do we collect about you?

The information we may collect about you will depend on the nature of your relationship with us and may include:

• Personal details: Information establishing your identity and personal background (for example, your name, address, phone number, date of birth etc.); this may include personal data concerning your family members e.g., family circumstances, if provided to us. This may also include biographical data, gender, marital status, official identification documents, internal client identification codes, national identification numbers, behavioural and lifestyle information, education and employment history, organisational roles including trusteeships, directorships and partnerships, records of communications and correspondence including phone and video recording, marketing and communication preferences, dietary requirements, CCTV footage, opinions, comments and feedback.
• Financial data: Information relating to transactions or financial information arising from your relationship with and through us, and from other financial institutions including payment history and credit worthiness and information about your bank account(s) such as the account name, sort code and account number. This may also include information regarding your current financial situation, financial history, financial planning, source of wealth and source of funds, billing and banking, tax, pension, insurance policies and positions, credit status, risk appetite and score, portfolio position and performance, records, logs of activities on your accounts, ethical and investment restrictions.
• Anti-Money Laundering (“AML”) data: Documentation to verify identity including identification documents which may include photographic identification and signature, official documentation to verify address (e.g., bank statements, utility bills), details for conducting politically exposed person and sanctions checks against relevant lists, adverse media reports, criminal convictions and judgments relating to, or resulting from the above checks or which you have told us about.
• Anonymised and aggregated data: We may produce anonymised and aggregated data and information that is not processed by reference to a specific individual.
• Cookies and technical data: Our websites and apps use cookies and similar technologies. Cookies are text files that download on your device when you visit our website or use our apps. Cookies help us to understand your preferences and improve our online services to you as well as ensuring our websites and apps function properly. When you visit our website and apps we may collect your browsing history, search history, information regarding your interaction with a website, app or advertisement on RBC owned properties.
  We collect device information such as device model, browser type, IP address, security cookie and approximate physical location of device, knowledge-based information (e.g., username, password, and account information).
  For more information on how we use cookies please read the associated cookies policy on our websites and apps.
• Information about others: We collect information relating to corporate or institutional clients (including other legal arrangements such as trusts, charities or partnerships): details about persons with an interest in that client, including but not limited to shareholders, directors, partners, trustees, settlors, protectors, beneficiaries, staff, and corporate contacts (including their individual customers and such customers’ family members).
• Information you choose to provide us: We collect and process information you provide to us on an application form / or any other method to facilitate your products and services.
• Special category data: Certain categories of personal data require special protection under data protection laws and are known as “Special Category data.” The following are examples of the types of Special Category data we may process:
  • Information relating to vulnerability and health when providing financial services to you and to ensure suitability for financial products and services, where applicable.
    We may process health or disability information when organising events and to inform how we communicate and engage with you.
  • Information about your nationality e.g., collected through the onboarding process for AML / sanctions screening.
  • Information about criminal convictions and judgments: this information will be collected through the process of AML checks and will include the history of any criminal convictions or criminal offence you may have committed and the fact that criminal proceedings have taken place.
  • Biometric information such as fingerprint, signature, voiceprint, video surveillance, photo / video self footage used for example for verification purposes.
  • Any other Special Category data that you choose to share with us such as your political or religious views.

If you provide personal data to us about other individuals, you agree that you will inform them about the contents of this Privacy Notice.

Children’s personal data: Our services are generally not directed towards children. We typically process children’s data where they are named on a portfolio or account as dependants or beneficiary or with regards to trusts (e.g., succession planning).

How do we obtain your personal data?

We may collect personal data directly from you during the course of our relationship with you.

Personal data may be collected through paper or web forms or in face-to-face, phone or email communication.

We may also collect personal data indirectly during our client onboarding process and throughout our relationship with you.

We may process personal data that is provided to us about you by Associated Parties, for example, where financial planning involves understanding a client’s dependants and family circumstances.

We may also obtain your personal data indirectly from service arrangements you make with or through us, from public sources such as the electoral roll, pension or product/service providers, intermediaries, from financial institutions / advisers, dealers, brokers, introducers, and authorised representatives acting on your behalf such as a family member or legal representative registries, from references you provide to us and from other sources. We may make searches with licensed credit reference agencies such as Equifax and Experian, who will keep a record of those searches and provide their findings to us. For more information see the section headed Credit Reference Agencies.

Where our client is a corporate or institutional client, we may also make enquiries with licensed credit reporting or fraud prevention agencies, such as Equifax and Experian, about persons with an interest in that client such as your directors or partners (as the case may be) and the credit reporting or fraud prevention agency will keep a record of that search. In connection with any request for credit or an authorised overdraft, we may make searches on public registers of mortgages, charges, liens or other security interests, and the relevant registrar may keep a record of those searches.

If you communicate with us using email or by other electronic means, then we may monitor email or other electronic traffic to gather information for the purposes of security, statistical analysis and systems development.

How do we use your personal data?

We may use or process your personal data for the following purposes:

• To complete:
  • (i) our ‘know your client’ procedures (e.g., for client onboarding purposes) including verification of identity and to conduct credit checks with third parties including credit reference agencies (please see the section headed “Credit Reference Agencies” for more information) and relevant anti-money laundering screening, where appropriate and/or
  • (ii) payee checks carried out by third party service providers to reduce the risk of making misdirected payments.
• To facilitate or otherwise assist in the provision of your account with us or any service provided by us such as administering and operating contractual arrangements with you, providing investment management and financial planning services.
• To service any of your other relationships with RBC, where appropriate or other reporting obligations in the UK, Channel Islands or in any other jurisdiction (as applicable).
• To monitor the use of copyrighted material and comply with internal policies and procedures.
• To prevent or detect fraud / crime, money laundering, terrorist financing or other criminal conduct (including, without limitation, compliance with our internal ‘know your client’, AML and anti-bribery and corruption policies).
• To recover a debt.
• To assess and manage our operations and financial and insurance risks.
• In the context of a potential or actual sale, merger reorganisation or restructuring of the business or if RBC sell or buy any business or any assets.
• To maintain the accuracy and integrity of information held by a credit reporting agency and to perfect any security interest
• granted over an account with us.
• To develop new products and services.
• To provide tailored information on our offerings to you as a prospective client and to market our services.
• To bring or defend any dispute or litigation concerning your account with us or the services
• provided by us to you. To respond to complaints, legal claims, data breaches or data protection rights requests.
• To determine your suitability for products and/or services offered by us or RBC.
• To satisfy any health, education, social work, or related regulatory requirements, or for the sake of research or history or to prepare or contribute to high-level anonymised statistical reports.
• As a record of any information obtained from or about you in the course of our relationship with you.
• To allow for certain efficiencies including operating and managing systems, systems back-up and data recovery and risk evaluations. To analyse, test, develop and improve our systems and services.
• To enable share issuing companies, including RBC’s clients and others, to identify and communicate with their shareholders.
• To manage and administer pensions or transfer your pension to or from a third-party pension provider.
• Recording of telephone and video calls to comply with regulatory monitoring requirements and recording communications for training, quality and products and service development and improvement. These recordings may also be used as evidence in the event of a dispute in court.
• To carry out marketing activities which may involve the use of segmentation tools provided by third parties. To advertise our products and services using digital channels on the internet and social media.
• To capture and review CCTV footage at some of our locations for monitoring and the security of our premises, assets, staff, and visitors.
• To collect, through our technology security services, traffic and security reports, information, and activity logs on the usage of our systems and services. For example, websites visited by users, documents downloaded, security incidents and prevention measures undertaken. To collect, analyse and report on technical information about the services that you interact with when visiting our websites, applications, and online advertisements. For more information on how we use cookies please read our associated cookies policy on our websites and apps.

We may wish to send you information on services or other offerings which we believe will be of interest to you. Using your personal data helps us to make our communications with you more relevant, selective, and personalised to you, and to make your experience of our services efficient and effective. If you would like to update your contact or communication or marketing preferences, you can unsubscribe from marketing emails using the opt out provided within them or by notifying your usual RBC contact.

On what legal basis do we use your personal data?

Data protection laws require companies to have a lawful basis to collect and use personal data. For RBC Entities, the relevant ‘lawful basis’ for processing are:

• It is necessary to comply with legal and regulatory obligations.
• It is necessary for the performance of a contract, to meet fiduciary or other obligations or take steps at your request prior to entering such contract.
• It is necessary for our legitimate interests, where these are not outweighed by your rights. Using your personal data helps us to operate and improve our business and minimise any disruption to the services that we may offer to you. See the “How do we use your personal data” section for further details on the legitimate interests for which we process personal data.
• Because you have given your consent (if we expressly ask for consent to process your personal data for a specific purpose).
• To prevent and detect crime, or for reasons of substantial public interest, or for the establishment, exercise or defence of legal claims or proceedings.

With whom do we share your personal data?

We will only disclose or transfer your personal data for the purposes set out in this document to:

• The relevant RBC Entity’s employees, agents and service providers.
• RBC, affiliates of RBC as well as third parties including RBC business partners, service providers, government bodies, regulatory authorities and agencies.
• Companies and organisations that assist us to process transactions including, but not limited to, stock exchanges and clearing houses.
• Regulatory, police authorities or law enforcement and fraud prevention agencies, where we or RBC are compelled, permitted, or required to do so by order of a court or governmental or administrative tribunal or by law, regulation, or any other legal requirement.
• Credit reference agencies such as Equifax and Experian. For more information, see the section headed “Credit Reference Agencies”.
• We may undertake an electronic check to verify the personal identity information you have provided. The check will be undertaken by a reputable Credit Reference Agency or AML company which will retain a record of that check according to their retention policy. This information may be used by other firms or financial institutions for fraud prevention purposes.
• Approved third party service providers that carry out payee checks (where you have not opted out of the service). To verify payments are sent to the intended recipient, your details are shared with the Payment System Regulator ’s Open Banking Directory. You have the option to opt out, but we recommend that you speak to your Relationship Manager in advance of doing this. Once you have opted out, it will not be possible for other people to verify your account details when they try to make a payment to you.
• Our third-party service providers such as (but not limited) to accountants, professional advisers, debt collection agencies, IT suppliers, document management providers, software providers and information security providers.
• Any joint client with whom you hold a joint account, and/or any person you nominate in an application form (or otherwise) as having authority on your account with us.
• Any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition of RBC or any of its direct or indirect subsidiaries, provided that the recipient uses the information for the same purpose as it was originally supplied to us and/or used by us.
• Any companies that are in the process of joining RBC, for example due to a merger, restructuring/re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers to manage such transactions.
• Such persons as we believe is necessary where a failure to make such disclosure would result in damage to our reputation or good standing, expose us to civil or criminal prosecution in any jurisdiction or where failure to make such disclosure would in our opinion be prejudicial to us, our nominees, our advisers or agents or to such other person that we believe in good faith has a right to make a request for disclosure.
• The issuer of shares listed on a relevant European market (either directly or via an intermediary) where we are required by law to provide such a company with details of its shareholders.
• We may share data with our business partners including intermediaries, financial advisers and pension or product/service providers, who provide you or your organisation with services alongside or related to those provided by us. Your information may be shared for the purpose of facilitating and hosting faceto- face and online events and webinars. We may also share information to co-operate in response to complaints, legal claims, regulatory authority requests, data breaches or data protection rights requests.
• For Brewin Portfolio Services (BPS): We deliver this service with our software partner SEI Investments (Europe) Limited (“SEI”) who process data shared by us, on our behalf, to do so. SEI operate data centres in Europe and the United States of America. Please see below section for safeguards we have in place for “Transfers of your personal data”.
• We may share information with authorised representatives acting on your behalf, such as a family member or legal representative.
• Any other person where disclosure is made at your request or with your consent (including your advisers or agents) or if otherwise permitted under our agreement with you.

Credit Reference Agencies (CRAs)

As a routine part of the processing of an application, we may perform credit and identity checks on you with one or more CRAs such as Equifax and Experian. We may also, from time to time, carry out additional or updated checks or searches with the same or different CRAs to allow us to continue to manage your account with us.

To facilitate these checks, we share certain personal data with the CRAs including your full name, date of birth and residential address and if required, additional information such as your salary, residential address history and other information you provide as part of your application.

Please note that if you are making a joint application or tell us that you have a spouse or a financial associate, we, and CRAs, will link your records together. These links will remain on you and your spouse’s or financial associate’s files until such time as you or they successfully file for a disassociation with CRAs to break the link. You should discuss this with any spouses or financial associates, and share this Privacy Notice with them, and draw their attention to this section, before lodging the application.

When CRAs receive a search request from us they will place a search footprint on your credit file that may be seen by other lenders. CRAs will then match the information we provide to them with records they hold about you and provide us with publicly available information (e.g., information from the electoral register) and shared credit information regarding your financial situation, financial history, and fraud prevention.

We carry out these checks to:

• Assess your credit worthiness and whether you can afford to take the relevant product.
• Verify the accuracy of the data you have provided to us.
• Prevent criminal activity, e.g., fraud and money laundering.
• Manage your account(s).
• Trace and recover any debts.
• Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs whilst you have a relationship with us. We will also inform CRAs about your settled accounts. Please note that if you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

For more information on how CRAs process your personal data, please visit the Credit Reference Agency Information Notice (CRAIN) at www.equifax.co.uk/privacy-hub/crain and www.experian.co.uk/legal/crain/. Please note that CRAs may retain your personal data for a different time period than we do, so visit the CRAIN for more information.

Transfers of your personal data

In some circumstances, we may need to transfer your personal data to a country or jurisdiction outside the UK, the European Union /the European Economic Area and Channel Islands. These countries include but are not limited to:

• Switzerland
• Malaysia
• Canada
• United States of America

When we make such transfers, we will implement appropriate measures to ensure that your personal data is appropriately safeguarded and in accordance with applicable data protection and privacy laws. These measures include:

• Putting in place a data transfer agreement with the recipient of the information using the contractual wording as approved by the UK, Channel Islands and EU data protection authorities.
• Transferring personal data to a country or jurisdiction which has been deemed ‘adequate’ by the government of the exporting RBC Entity i.e., that country or jurisdiction provides an adequate level of protection to that of the country/jurisdiction from which personal data is being exported. Examples of ‘adequate’ countries/jurisdictions are Switzerland and Canada.

How long will we keep your personal data?

We keep your data until the purpose for which it was collected is fulfilled. Such information may be retained after your account with us has been closed or our service ends, and for customer identification purposes in accordance with our retention schedule and where required by applicable legal or regulatory requirements.

Your rights

Under data protection laws, you have the right to make certain requests to us in relation to the personal data that we hold about you. You can exercise these rights at any time by sending a request by email to your usual RBC contact or by emailing dpo@rbc.com

Your rights under data protection laws are:

• The right to access your personal data:
  • You are entitled to a copy of the personal data we hold about you and certain details of how we use it.
  • We will usually provide you with your personal data by electronic means unless you request otherwise.
• The right to rectification: We take reasonable steps to ensure that the personal data we hold about you is accurate and complete, however, you can ask us to amend or update your personal data if you do not believe it is accurate or if your details change.
• The right to erasure: You have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors (for example, we may have legal or regulatory obligations which mean we cannot comply with your request in full).
• The right to restrict processing: In certain circumstances, you are entitled to ask us to stop using your personal data, for example where we no longer need to use your personal data or where you contest the accuracy of the personal data, we hold about you.
• The right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice.
• The right to object to marketing: you can ask us to stop sending you marketing messages at any time. You can exercise this right by clicking on the “unsubscribe” link which is contained in any email that we send to you or by getting in touch with your usual RBC Entity contact. Please note that exercise of this right does not extend to service-related communications which, where necessary, we will continue to send.
• The right to object to processing: where we process your personal data based on our legitimate interests (indicated in this Privacy Notice), you can object to our processing. This right, will, however, need to be balanced against other factors (for example, we may have legal or regulatory obligations which mean we cannot comply with your request in full).
• The right to withdraw consent: If you have provided your consent to the collection, processing, and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing. If you withdraw your consent, this will not invalidate the lawfulness of any processing carried out on the basis of consent before you withdrew it.
• Rights relating to automated decision-making: You have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant affects impacting you.
• Right to lodge a complaint: You have the right to lodge a complaint with the relevant data protection authority.

The rights summarised in this section are subject to any applicable lawful exemptions. Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements).

There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services and it may therefore result in the cancellation of our agreement with you. We will inform you of these consequences when you exercise your right.

Contact us

If you have any queries about how we handle your personal data, the contents of this Privacy Notice or your data protection rights, our Data Protection Officer can be contacted on the following address and email:

UK Entities
RBC Europe Limited
RBC London Branch
Royal Bank of Canada Trust Corporation Limited

Data Protection Office
100 Bishopsgate
London
EC2N 4AA
Email: dpo@rbc.com

Channel Islands Entities 
Royal Bank of Canada (Channel Islands) Limited
RBC Trust Company (International) Limited

Data Protection Office
Gaspé House
66-72 Esplanade
St Helier, Jersey
JE2 3QT
Email: dpo@rbc.com

Updates to this Privacy Notice

From time to time, we may need to make changes to this Privacy Notice, for example, as the result of changes to applicable law, technologies, our services, or other developments. Please check here for the most recent information on how we process your personal data.

RBC Europe Limited is registered in England and Wales No. 995939. Registered Address: 100 Bishopsgate, London, EC2N 4AA.
Royal Bank of Canada, London Branch is registered in England and Wales No. BR000548. Registered Address: 100 Bishopsgate, London, EC2N 4AA. Royal Bank of Canada (Channel Islands) Limited registered office: Gaspé House, 66-72 Esplanade, St Helier, Jersey JE2 3QT, Channel Islands. Registered company number 119162.
RBC Trust Company (International) Limited registered office: Gaspé House, 66-72 Esplanade, St Helier, Jersey JE2 3QT, Channel Islands. Registered company number 57903.
Royal Bank of Canada Trust Corporation Limited is registered in England and Wales No. 00849073. Registered Address: 100 Bishopsgate, London, EC2N 4AA. ® / ™ Trademark(s) of Royal Bank of Canada. Used under licence.