In order to provide you with financial planning services we will collect and hold personal data about you. We are also required to comply with the General Data Protection Regulation (the ‘GDPR’) and as such hereby set out details as to how we process your data, and your rights in relation to that data.
Although as your advisers we may need to collect a lot of personal data, of which some will be very sensitive information, we think it is important you understand why we need the information, what we do (and don’t do!) with it, and what your rights are.
Why we need your data:
We need your data in order for us to:
- Provide financial planning services to you which may include giving you financial advice and making recommendations as to investments and financial products which are suitable for you. For example, we may ask you sensitive data about your health in order to assist you in applying for certain types of protection for you and your family.
- Comply with our regulatory obligations imposed by the Financial Conduct Authority (FCA) in regard to the relevant ‘Know Your Client’ obligations. In addition, to comply with the Regulator’s requirements for record keeping for prescribed periods of time as directed.
- Respond to any legitimate legal requests for information about you to the FCA or pursuant to an order of any court or tribunal having relevant jurisdiction, or as required by law for the purposes of, but not limited to, combatting fraud, money laundering and criminal activities.
- Carry out our legitimate business and professional management responsibilities which include providing you with suitable advice, ensuring your portfolio and financial products continue to be suitable, and adhering to anti-money laundering requirements.
General information about your data and your rights:
Where we collect data directly from you, we will undertake:
- To inform you, where appropriate, of the contact details for our Data Protection Officer.
- To inform you about the purposes for which data is to be processed and the legal basis.
- To inform you of the recipients or categories of recipients of data.
- In the event that the data controller proposes to transfer the data to a country other than those covered by the GDPR, to provide you with details of the safeguards surrounding such transfers and how to obtain a copy of them.
- To inform you of the period for which we propose to hold the data, or where this is not possible, the criteria which we will apply to data retention.
To remind you of your rights whereby you may:
- request access to data of which you are the data subject.
- object to, or withdraw consent for, the processing of the same.
- obtain rectification of inaccurate data.
- prevent data processing for the purposes of direct marketing.
- object to decisions being taken by automated means and to have the logic behind those decisions clearly explained.
- claim compensation for damages caused by a breach of the law.
- request data erasure (where no exemptions apply) often referred to as a ‘right to be forgotten’.
Where you exercise your right to request access to data of which you are the subject, we will aim to respond to you within 30 calendar days of your request. There will be no charge for this service.
You may at any time, by giving notice to us in writing, request that we cease to process your data. We will undertake to comply with any such request as soon as is reasonably practicable.
You have the right to complain in regard to any aspect of the processing of your data and any breach of the above rights to the relevant supervisory authority. In the case of the United Kingdom this is the Information Commissioners Office, who may be contacted at:
Phone: 0303 123 1113
Holding your data:
We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. In the course of any review, we will:
- Delete any data which is trivial or transitory in nature, or which in our opinion is no longer required for the purposes set out above.
- Update the data to ensure that any errors or inaccuracies are corrected.
- Archive data as detailed below.
- Subject to the data retention periods, as detailed below, securely delete the data when it is identified that we no longer need to hold it.
We may retain and process your data for the following periods. In the event that more than one period applies to the same data, we will retain the data to the last such period to expire:
- We will process data relating to investments which we have provided advice on and / or arranged for you. We will process such data throughout the entire period you are and remain a client of the firm and for a period of not less than 6 years following our ceasing to provide service to you in regard to those investments.
- We will hold data as required by any Regulator until the end of any limitation period imposed by that Regulator, which in the case of the Financial Conduct Authority is currently 6 years for most types of business but some data retention periods shall be indefinite.
- We will hold data as required by any relevant third party until the end of any limitation period imposed, which in the case of H M Revenue & Customs (HMRC) shall be 7 years, unless we are notified that any period is considered ‘open’ by HMRC in which case it will be until the period is ‘closed’.
- We will hold data as required for the purposes of any legal proceedings for a period of 6 years following the conclusion of any such proceedings unless a longer period is required pursuant to any court rule or enactment.
- We will hold any agreements between you and us for a period of 6 years from the termination or expiry of the agreement unless we have been notified of any claim or circumstance which might give rise to a claim under or by reference to such agreements.
We will regularly review data and where, in our opinion, such data has ceased to be Active we will archive it and process it only as Archived Data. Any data which is deemed Archived Data will only be processed in limited circumstances.
All storage of data, whether Active Data or Archived Data will be in accordance with good industry practice and will be undertaken in accordance with organisational systems and procedures, which will be regularly reviewed, to maintain the security of data.
On the termination or expiry of any agreement to provide services to you and on your written request, we will, subject to our right to retain copies of data for the purposes set out above, agree to return any data you have provided to us in a structured, commonly used machine-readable format, or transfer the same to a new data controller nominated by you.
Whom we may share your data with:
In order to carry out our legitimate business and to provide you with financial planning services, we have entered into agreements with and will share your information with the following companies, for the purposes of IT systems security, data management and control and auditing. Full details of these companies addresses (all UK based) and contact details are available on request:
- Intelligent Office
- Voyant UK
- Phelan Barker
- Oliver Computing Limited
- Risk IT Solutions Limited
- O&M Pension Solutions Limited
- O&M Life and Pensions Limited
- GBG Group Plc
In addition to the above listed companies you understand that the companies offering your investments/pensions/wrap accounts/protection plans will share information in the delivery of our/their services to you and they may be the data controller. They will confirm their own Data Protection and Privacy policies with you.