data protection and privacy notice

In order to provide you with financial planning services we collect and hold your personal data. We are also required to comply with the General Data Protection Regulation (Regulation (EU) 2016/679 (the “GDPR”)) and as such hereby set out details as to how we process your data and your rights.

why we need your data

We need your data in order for us to:

  • Provide financial planning services to you in accordance with this agreement which includes making recommendations as to investments and financial products which are suitable for you and servicing these on your behalf.
  • Comply with our regulatory obligations imposed by the Financial Conduct Authority in regard to the relevant ‘Know Your Client’ obligations. In addition, to comply with the Regulator’s requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken and customer histories for prescribed periods of time as directed.
  • Respond to any legitimate legal requests for information about you to the Regulatory authority or pursuant to an order of any court or tribunal having relevant jurisdiction, or as required by law for the purposes of but not limited to combatting fraud, money-laundering and criminal activities.

general information about your data and your rights

Where we collect data directly from you, we will undertake:

  • To inform you and make clear the purposes for which the data is to be processed and the legal basis for that processing.
  • To inform you of the recipients or categories of recipients of data.
  • In the event that the data controller proposes to transfer the data to a country other than those covered by the GDPR, to provide you with details of the safeguards surrounding such transfers and how to obtain a copy of them.
  • To inform you of the period for which we propose to hold the data, or where this is not possible, the criteria which we will apply to data retention.
  • To remind you of your rights whereby you may:
    • request access to data of which you are the data subject
    • object to, or withdraw consent for, the processing of the same
    • obtain rectification of inaccurate data
    • prevent data processing for the purposes of direct marketing
    • object to decisions being taken by automated means and to have the logic behind
    • those decisions clearly explained
    • claim compensation for damages caused by a breach of the Act
    • request data erasure

Where you exercise your right to request (via email or post) access to data of which you are the data subject, we will undertake to respond to you within 1 month of receipt of your request. There will be no charge for this service.

You may at any time, by giving notice to us in writing, request that we cease to process your data. We will undertake to comply with any such request as soon as is reasonably practicable.

Where the legal basis for the processing of your data is to adhere to compliance with a statutory or contractual obligation, or the necessary precondition to entering into a contract, including compliance with the requirements of any Regulator, we will inform you as to:

  • Whether you are legally required to provide such data, and
  • The consequences of failing to provide such data

Where we obtain your data otherwise than directly from you, you will have the same or equivalent rights to those set out above.

Save in the circumstance as detailed below, we will inform you which source the data originated from and whether it came from publically accessible sources. The information to be provided will be in accordance with the following time periods, whichever shall occur first:

  • As soon as practicable after obtaining the data and in any event within 1 month
  • At the time of our first communication with you using the data
  • When the data is first disclosed to another person

We shall not be obliged to provide you with the information:

  • Where you already have this information
  • Where we are subject to an obligation of professional secrecy prohibiting the disclosure of the information
  • Where disclosure would render impossible or severely impair the achievement of the reasons for which the data is to be processed. In such cases, we will do what we can to protect your rights and freedoms with respect to our processing of the data

You have the right to complain in regard to any aspect of the processing of your data and any breach of the above rights to the relevant supervisory authority, who in the case of the United Kingdom is the Information Commissioners Office, whom may be contacted at:

Online: ico.org.uk

Phone: 0303 123 1113

holding your data

We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. In the course of any review, we will:

  • Delete any data which is trivial or transitory in nature, or which in our opinion is no longer required for the purposes set out above.
  • Update the data to ensure that any errors or inaccuracies are corrected.
  • Archive data as detailed below.
  • Subject to the data retention periods, as detailed below, securely delete the data when it is identified that we no longer need to hold it.
  • Where you have children who are deemed minors we will also hold their personal data in line with what you have disclosed to us.

We may retain and process your data for the following periods. In the event that more than one period applies to the same data, we will retain the data to the last such period to expire:

  • We will hold any agreements between you and us for a period of 6 years from the termination or expiry of the agreement unless we have been notified of any claim or circumstance which might give rise to a claim under or by reference to such agreements.
  • We will process data relating to investments which we have provided advice on and / or arranged for you. We will process such data throughout the entire period you are and remain a client of the firm and for a period of not less than 6 years following our ceasing to provide service to you in regard to those investments. In the case of long-term investments we may process your data until the date of maturation of such long-term investments.
  • We will hold data as required by any Regulator until the end of any limitation period imposed by that Regulator, which in the case of the Financial Services Authority is currently 6 years for all types of business undertaken except for Occupational Pension Schemes, which can include Defined Benefit Transfers and Scheme Money Purchase Transfers, whereby the data retention period is indefinite.
  • We will hold data as required by any relevant third party until the end of any limitation period imposed by that relevant third party, which in the case of HMRC shall be 7 years, unless we are notified that any period is considered “open” by HMRC in which case it will be until we are notified the period is “closed”.
  • We will hold data as required for the purposes of any legal proceedings for a period of 6 years following the conclusion of any such proceedings unless a longer period is required pursuant to any court rule or enactment. Proceedings will be taken to have concluded on the expiry of any period given for appealing any final judgment or on the date of concluding any settlement staying all relevant claims if the proceedings were settled before judgement.
  • Save for the above, we will hold data for a maximum of 80 years from the date we receive the data.

archiving data

We will regularly review data and where in our opinion such data has ceased to be Active we will archive it and process it only as Archived Data. Any data which is deemed Archived Data will only be processed in limited circumstances.

data portability

On the termination or expiry of any agreement to provide services to you and on your written request, we will, subject to our right to retain copies of data for the purposes set out above, agree to return any data you have provided to us in a structured, commonly used machine-readable format, or transfer the same to a new data controller nominated by you.

whom we may share your data with

In order to carry out our legitimate business and to provide you with financial planning services, we have entered into agreements with the following service companies that may involve some limited sharing of your personal data.

Appendix A attached lists these companies and provides a brief explanation of the service provided to us and data that may be shared.

marketing

We will not use your data for marketing purposes of any sort unless you have expressly given us your prior consent.

Please note that you may withdraw your consent to marketing at any time by giving us notice in writing.

legal terms

If any provision, or part thereof, of this agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.

In the event of any change in Data Protection Law occurring after the date of this agreement which requires the adoption of revised provisions dealing with data retention or portability, the parties will use all reasonable endeavours to agree such consequential changes to this agreement as may reasonably be required to comply with the requirements of Data Protection Law (“Compliant Terms”) and incorporate the same as an amendment to this agreement.

appendix a

Financial Conduct Authority (FCA)

We are authorised and regulated by the FCA. The FCA may request client file information as part of their monitoring process.

Compliance and Training Solutions Ltd (CATS)

CATS provide us with professional support services in relation to the FCA conduct sourcebook. CATS help us to interpret FCA rules and regulations and ensure our operations are aligned with the relevant rules. Client data is only shared when CATS complete a client file audit which normally lasts for a day, this data is not retained by CATS.

Giotech Ltd

Giotech provide us with a comprehensive IT support contract. Client data is not shared with Giotech, however if for example a client file becomes corrupt, then Giotech would help to repair it.

Reckon Ltd (Virtual Cabinet)

Reckon Ltd provides the software for our paperless office filing system. Client data is not stored with Reckon, however if we have a software issues, Reckon may need to log on to our system to resolve.

Defaqto

This is a tool which helps us to review products across the whole of the market place. The data input is limited to client name and date of birth.

iPipeline Portal; Assureweb & IRESS; Exchange

We use these portals to compare protection and annuity quotes. The extent of data input is limited to date of birth, health status and client name.

O&M Pensions Profiler & Selecta Pension

We use these tools to compare pension products and produce comparative data. Data input is limited to date of birth, health and client name.

Voyant Software

This is used for our comprehensive financial planning and extensive personal financial data is input into the system. Client date of birth is input but not home address. The only time Voyant will view client data is when they are helping to resolve a system bug or error.

Fina Metrica

This software is used to aid us in assessing a client’s attitudes towards investment risk. Only client name and emails address data are added (plus answers to questions).

FE Analytics

This software is used to review investment funds across the UK and Europe. Client data is rarely input but if so it would be limited to client name.