- THE PURPOSE OF THIS NOTICE
- WHAT IS THE GENERAL DATA PROTECTION REGULATION?
- WHAT ARE MY DATA PROTECTION RIGHTS?
- DO I NEED TO DO ANYTHING?
- WHAT TYPES OF PERSONAL INFORMATION WILL BE PROCESSED & WHY?
- WHEN WE RECORD COMMUNICATIONS
- WHO MIGHT MY PERSONAL INFORMATION BE SHARED WITH?
- OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
- INTERNATIONAL DATA TRANSFERS
- DATA RETENTION
- UPDATES TO THIS NOTICE
- ONGOING SERVICES & MARKETING
- HOW TO CONTACT US
THE PURPOSE OF THIS NOTICE
In collecting and using your data as described herein, Smith & Pinching and its staff (“we”, “us” or “our”) are acting as a “data controller” of your personal information.
When we provide our services to you, we will collect personal information about you (and others). We want to be open and transparent with you as to the types of information we collect, why we collect it, how we use it and with whom we may share it and your rights.
If you have any questions or concerns about our use of your personal information, please contact us via the details provided in the “How to contact us” section of this Notice.
WHAT IS THE GENERAL DATA PROTECTION REGULATION?
The General Data Protection Regulation (GDPR) is European legislation that was designed to achieve the following:
- Shape how organisations across the European Union (EU) approach data privacy.
- Enhance existing data privacy rights for EU citizens.
- Establish new data privacy rights for EU citizens.
You have more control of your data under GDPR and we have to be more transparent in our dealings with you and more accountable in terms of how we manage your data.
WHAT ARE MY DATA PROTECTION RIGHTS?
- Access: you can ask us whether we are processing any of your data, what it is, how we obtained it, why it is being processed and details of any person or organisation with whom we share it. You can also request a copy of the data.
- Portability: move or transfer your personal data for your own purposes across different services.
- Objections and restrictions: under certain conditions, you can require us to stop (or not to begin) the processing in question or to restrict the use of your information. We may not always agree to this, but we will explain why.
- Corrections, updates and erasure: under certain conditions, you can have inaccurate personal data rectified, blocked, erased or destroyed. We may not always agree to this, but we will explain why.
- Consent withdrawal: if we have collected and processed your data with your consent, you can withdraw it at any time.
- Complaints: you can complain to a data protection authority about our collection and use of your data. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
We respond to all requests we receive from individuals wishing to exercise their rights in accordance with applicable laws.
DO I NEED TO DO ANYTHING?
No. We have always taken our data protection responsibilities very seriously and have always collected and processed your data for the same purposes. Primarily, this means obtaining data from you and sharing it with certain trusted third parties in order to provide you with appropriate financial advice and recommendations and to deliver any agreed ongoing services to you.
WHAT TYPES OF PERSONAL INFORMATION WILL BE PROCESSED & WHY?
We have tried to provide lists and examples that are accurate and representative of the business that we conduct with you, whether that is in your capacity as an individual client, a corporate client or a member of staff of a corporate client. However, any such lists and examples are unlikely to exhaustive – we may require more, less or different data in order to provide you with appropriate and agreed advice, products and services.
We may ask you to provide personal information by the following means:
- Completing hard copy or online paperwork, such as applications, declarations and medical questionnaires.
- Corresponding with us by telephone, email, letter or text message.
- Giving us information in face-to-face in meetings.
You may also choose to ask us a question or send us your CV through our website.
|Types of personal information||Why we collect it|
|Identity details including your name and date of birth.|
We may ask for copies of identity documents, in which case we may collect details including your place of birth and residential address.
- To carry out money laundering and financial checks and for fraud and crime prevention and detection purposes.
- We will only ever use copies of identity documents for this purpose.
- We collect and process this personal information in order to comply with our legal and regulatory requirements.
|Your contact details, including your name, postal, telephone and email address(es).|
Other personal details, including your title, marital status, date of birth and job title/description.
- To provide advice and recommendations.
- To manage and administer our ongoing services.
- To manage and administer your details and products.
- To discuss products or services for which you apply or which we think may be of interest, benefit or necessity.
- To manage any applications you make for products or services.
- To communicate any changes to our services, our charges, the terms and conditions of any services we have provided to you, any changes to this Notice and to our websites.
- To contact you in order to ask for your feedback on our services and to participate in related surveys.
- To provide you with market updates, taxation updates and regulatory updates.
- To answer any questions you might have regarding any of the above.
|Financial information relating to you, such as:|
- Pension and ISA contributions and current value.
- Investment contributions and current value.
- State Pension entitlement.
- Property value.
- Salary, interest, dividend.
- Bank account balances.
- Credit card balances.
- Loans, store card balances, any other debt.
- Mortgage details.
- Payment card details.
- National Insurance Number.
- We collect and process this personal information for our legitimate business interests. This means that it is necessary forthe entry into and performance of any agreements between us, e.g. to assess whether you are eligible for products and to enable you to make payments for our services after they have been agreed.
- To evaluate your eligibility for products, including making credit searches with credit reference agencies and fraud searches with fraud prevention agencies.
- To enable us to advise you on your financial circumstances and the appropriateness of specific courses of action and products.
|Information relating to your investment preferences, such as:|
- Attitude to risk.
- Ethical views, e.g. alcohol, tobacco, firearms, political.
- To enable us to advise you on the appropriateness of specific courses of action and products.
|Details of your dependants or death beneficiaries (relationship, name, address and date of birth).|
Details of the fund/asset to be left to the dependant/death beneficiary.
- To enable us to provide you with advice and services that you have requested that would involve, or have an impact on, yourdependants or death beneficiaries (who may be adults or minors). Where those dependents are adults, please ensure you have their permission to give us their personal information.
|Details of any person or trust over whom or which you have control or influence, e.g. as Power of Attorney or Trustee.|
If you require advice in such a capacity, we require sight of the original or a legally-verified copy of the form, deed or will.
- To enable us to provide you with advice and services that you have requested on behalf of a third party in your capacity as Power of Attorney or Trustee.
|Details of contact that we have had with you, such as meetings, factfinding discussions and documentation, recommendations, referrals and quotes.|
Details of services you have received.
- We collect and process this personal information for our legitimate business interests.
- To allow us to provide a professional service to you and to contact you with information about products or services for which you apply or which we think may be of interest, benefit or necessity.
|Client experience and other feedback and information you provide to us.|
Information about complaints, breaches and similar incidents in which you may express feelings of dissatisfaction.
Recordings of calls we receive or make.
- To review your feedback and experience, so that we can improve our products and services for you and other clients.
- To resolve complaints fairly and efficiently.
- We collect and process this personal information for our legitimate business interests.
- We record calls to comply with our legal and regulatory obligations
|All of the personal information described above.|
- We may disclose your personal information to third parties where we are required to do so to comply with applicable laws and regulatory requirements, including in circumstances where we are required to do so by a Court Order, regulatory authority or any other third party with the lawful right to request and receive the personal information we hold about you (including law enforcement agencies and tax authorities).
- We may also use your personal information where it is necessary for us to take legal advice in order to establish our legal rights, to bring a claim against you or any related parties or to defend a claim from you or any related parties.
- We collect and process this personal information for our legitimate business interests including to carry out our own internal business planning, compliance, training and audit purposes.
Depending on the types of products and services you require, we may also need to collect information from and about you which the law considers to be sensitive, which we refer to as special category personal data. The special category personal data that we may ask you to provide, and the reasons why we ask you to provide it, are as follows:
|Types of special category personal data||Why we collect it|
- Information about your physical or mental health or condition.
- Information about medication.
- Information about your lifestyle, such as alcohol consumption, drug use and smoking habits.
- Certain products and services that you request may require this information.
- Specifically, in order for us to advise you on and to submit applications for products and services relating to health insurance, life insurance and annuities, we will need to collect information relating to your physical health, mental health and lifestyle.
- We need this in order to obtain accurate quotes and to advise on the suitability of the products. Insurance premiums and eligibility will in part depend on your physical health, mental health and lifestyle.
- We will usually collect this information in the course of meetings with you, on specific questionnaires or in the process of completing an application form for such products and services.
|Information about your sex life or sexual orientation.|
- Some providers may ask for this information in the course of your application for their products or services.
|Information about your racial or ethnic origin.|
- Some providers may ask for this information in the course of your application for their products or services.
|All of the special category personal information described above|
- We will never ask for this information for our own purposes
We only collect and process special category personal data with your explicit consent. You may choose not to provide us with this consent, but if you do not, the following may apply (especially when considering life and/or health insurance):
- We may not be able to advise you fully in respect of certain products and services which require this information.
- Your application may be rejected by the providers of products and services which require this information.
- The quotes for such products and services may show higher prices and premiums than would be the case if this information were provided.
In some circumstances, we may receive the following information about you from third parties:
- Information from Credit Reference Agencies and Fraud Prevention Agencies.
- Details of the products and services you have applied for.
- Details of lenders, finance and credit organisations with whom you have (and have had) an agreement, the amounts advanced, the amount and frequency of repayments and whether you have made your repayments on time and in full.
This type of information is most commonly associated with – but not limited to – mortgage/equity release advice.
This will help us make the best possible assessment of your financial situation before we decide whether we can provide you with our services and/or recommend any specific products and services. It is in our legitimate interests to process your personal information for this purpose. We may also ask you to provide Letters of Authority to allow us to receive information about you from providers.
WHEN WE RECORD COMMUNICATIONS
We, and persons or organisations acting on our behalf, may record and/or monitor communications between our staff and you. This may include telephone conversations over landlines and mobile phones, emails, instant messaging, fax, other electronic communications and face-to-face (via meeting notes).
We only record communications between us in order to comply with our legal and regulatory requirements – as a regulated financial adviser, the law requires us to record them.
WHO MIGHT MY PERSONAL INFORMATION BE SHARED WITH?
We may disclose your personal information to the following categories of recipients:
- Providers of financial services, insurance and investment products and services and mortgage/equity release products and services to whom you request us to submit applications on your behalf; also to receive updates from such providers in order for us to deliver our services to you throughout the lifetime of our relationship with you.
- Our suppliers and partners, in order for them to help us provide our services to you. This includes:
- Our back office systems providers (including IT, client management, scanning and telephone systems) to assist us with providing you with an efficient, modern and professional service.
- Our suppliers of audit and regulatory compliance support services who may review our records containing your personal information in order to audit and report to us on our compliance with applicable laws and regulatory requirements.
- Our accountants, solicitors, Professional Indemnity insurers and Professional Indemnity insurance brokers and any other provider of professional services to us. These firms may require us to provide your personal information to them in order to fulfil their contractual obligations to us, to assist us with pursuing or defending claims and to place various insurances as required by regulation.
- To Credit Reference Agencies and Fraud Prevention Agencies, to help us make the best possible assessment of your financial situation before we decide whether we can provide you with services. We are also required to provide information to such agencies so that they can update the information which they hold about you and which they may share with other organisations.
- To other financial institutions or regulatory bodies with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes.
- To a prospective buyer (and its agents and advisers) in the event that we intend to sell any part of our business or its assets, or if substantially all of our assets are acquired by a third party. If so, your personal information could form part of one of the assets we sell, provided that we inform the buyer it must use your personal information only for the purposes described in this Notice. We will never sell your personal information other than as part of a sale of our business.
- To any national and/or international regulatory body, enforcement body, government agency or court where we believe disclosure is necessary under the following circumstances:
- As a matter of applicable law or regulation (including where we are required by law to provide information to organisations such as
- To exercise, establish or defend our legal rights.
- To protect your vital interests or those of any other person.
- With your consent, to any other person, firm, body etc not described above.
- To any other person, firm, body etc not described above, where we are permitted or obliged to do so by law.
OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it.
We have confirmed the legal basis for the various types of personal information in the “What types of personal information will be processed and why?” section of this Notice.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you or with your explicit consent, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information,please contact us using the contact details provided under the “How to contact us” heading below.
INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
We store some client information on the servers at our offices in the UK.
Our back office client management system (Intelligent Office) stores client information on its own servers, which are located in the UK. Intelligent Office backs up to cloud storage via Amazon Web Services (AWS), which uses servers located in the European Economic Area (EEA).
Documents we produce and save on Intelligent Office are saved to AWS on servers located within the EEA.
Location in the EEA ensures that your personal information will remain protected in accordance with our own standards, this Notice and applicable law.
We retain personal information we collect from you where we have an ongoing legitimate need to do so, for example:
- To provide you with a product or service you have requested us to provide.
- To perform our contractual obligations to you.
- To comply with applicable legal, tax or accounting requirements.
- To defend or manage any claims or complaints between us, you and any relevant third party including taking legal advice in respect of such claims in order to establish, exercise or defend our legal rights or such claims. This would include complaints and claims which you may bring against us or which are submitted to a court, regulatory authority or ombudsman.
When we have no ongoing legitimate need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We have a regulatory obligation to retain data for specified minimum periods, but there are no specified maximum retention periods. We therefore reserve the right to retain data indefinitely for the reasons given above.
UPDATES TO THIS NOTICE
We may change or update this Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
ONGOING SERVICES & MARKETING
- Primarily, we will contact you about our advice, recommendations, products we manage for you and matters relevant to these, but please note that our ongoing service agreements include supply of certain standard items.
- We will only contact you by post, email, phone, or SMS about promotions or with other marketing material if you have asked us to do so. If you change your mind and would prefer us not to contact you, you can opt out at any time.
HOW TO CONTACT US
If you would like to contact us in relation to this Notice or if you have any other questions in respect of our processing of your personal information, please contact Scott Pinching at: