This privacy notice explains how we use any personal information we collect about you.
We are committed to keeping your personal data safe and to ensuring the integrity and security of any personal data we may process.
You should read this privacy notice very carefully as it contains important information on the way in which we will process your personal data, in particular:
- The personal information we collect about you
- Our legal bases for processing your personal information
- What we do with your personal information
- Who your personal information may be shared with
- Your rights as a data subject under the Data Protection regulation
This statement also explains how we protect any personal data we obtain directly or passively from you or which we obtain indirectly from other sources.
We have done our best to present the information in this policy in clear and plain language, and we have structured it in a way to allow you to quickly find the information that is most important to you.
What information do we collect about you?
We collect information about you when you engage us for financial planning/financial advice/mortgage advice/investment management services. This information will relate to personal identifiable information (such as name, date of birth), contact information (such as telephone number, address, email), and financial circumstances. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us.
Why do we need to collect and use your personal data?
We will only process your data where have a legal basis for doing so. We may rely on a number of legal bases for collecting and further processing your personal data, which are:
- Contractual Necessity
- Legal Obligation
- Legitimate Interest
You have the right to restrict the processing of your personal data. You have ability to choose which promotional communications you wish to receive and how you would like to receive them. To remove yourself from our emailing list please email email@example.com or unsubscribe via the email.
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. We will also process your personal data to allow us to comply with our legal and regulatory obligations, including the prevention, detection or investigation of financial crime. Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations.
Where special category data is required we’ll obtain your explicit consent in order to collect and process this information. You have the right to withdraw this consent at any time by contacting us
How will we use the information about you?
We collect information about you in order to provide you with the services for which you engage us.
Who might we share your information with?
We may email you about other products or services that we think may be of interest to you. If you do not want to receive these communications please email firstname.lastname@example.org.
We do not process your data outside of the EU and we won’t share your information for marketing purposes with other companies.
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you.
Where third parties are involved in processing your data we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions. We will ensure that all third-parties have adequate data protection measures in place that align with the requirements of the data protection regulation.
Where it’s necessary for your personal data to be forwarded to a third party we’ll use appropriate security measures to protect your personal data in transit, including password protection, uploading via secure sites and via secure email.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
How long do we keep hold of your information?
In principle, your personal data shouldn’t be held for longer than is required under the terms of our contract for services with you. However, we’re subject to regulatory requirements to retain data for specified minimum periods. We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us. In any case, we’ll not retain your personal data for longer than 6 years after the termination/closure of your policy, whichever is the earlier.
You have the right to request deletion of your personal data. We’ll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
Your rights in respect of your personal data.
As a data subject, you can exercise certain rights in relation to the processing of your personal data, under the relevant data protection regulation, as detailed below:
Right to request access: You can request a copy of the personal information that we hold about you.
Right to understand the source of data gained indirectly: You have the right to be informed of the source of any personal data that are not collected directly from you.
Right to request rectification of your personal information: We take reasonable steps to keep your information accurate, but you can also ask us to change any information we hold about you to keep it accurate, complete and current.
Right to request erasure (‘to be forgotten’) of your personal information: In some circumstances you have the right to have your personal data erased and no longer processed.
Right to portability: You have the right to receive the personal data concerning you, which you have provided to us and have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, where:
- The processing is based on consent or on a contract and
- The processing is carried out by automated means.
Right to request restriction on our processing of your personal information: You have the right to obtain the restriction of processing where one of the following applies:
- The accuracy of the personal data is contested, for a period enabling the verification of the accuracy of the personal data;
- The processing is unlawful and you object to the erasure of the personal data and request the restriction of their use instead;
- We no longer needs the personal data for the purposes of the processing, but are required by you for the establishment, exercise or defence of legal claims;
- You have objected to processing pending verification of whether our legitimate grounds override yours.
Where you have obtained restriction of processing you have the right to be informed by us before the restriction of processing is lifted.
Right to raise an objection to our processing of your personal information: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on our legitimate interest.
You also have the right to object to processing for direct marketing purposes. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to complain to a Supervisory Authority: If you are dissatisfied with our use or management of your personal information, you have the right to complain to an EU Data Protection Supervisory Authority. In the UK, this is the Information Commissioner’s Office (ICO) and you can contact them via their website: www.ico.org.uk or by telephone: 0303 123 1113.
We’d like to send you information about our related products and services which may be of interest to you. If you’ve agreed to receive marketing information, you may opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please contact us by email email@example.com or by post.
What can you do if you are unhappy with how your personal data is processed?
We will be more than happy to help should you have any complaints about the processing of your personal data. You have the right to lodge a complaint with the Supervisory Authority, ICO, who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website (ico.org.uk) or through their helpline (0303 123 1113).
Our retention policy
We will review the personal data we hold in line with our retention policy, to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If the personal data is no longer necessary, or where we no longer have the legal basis for processing we will delete or fully anonymise the data we hold about you, in line with our Data Protection Policy. If your data becomes inaccurate, we will update it accordingly.
How to contact us
By email at: firstname.lastname@example.org
Or write to us at: Employee Benefit Solutions Limited, St Johns House, 18 St Johns Road, Penn, Bucks, HP10 8HW.