The purpose of this Notice
As part of our arrangement with you, ASTUS Financial Planning Limited (“we”, or “us”, or “our”) has certain obligations under privacy laws, including the General Data Protection Regulation (GDPR) to notify individuals how it will process any personal information it collects about them. This Notice will inform you of what personal information is used, where it is transferred, and how you may view, amend and delete such information. You may be assured that we will treat all personal information as confidential and will not process it other than for a legitimate purpose. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss of destruction or damage to the information.
What type of personal information will be processed?
We collect and process various data about you for the purposes of providing advice, administration and management services which are explained in more detail below. “Processing” is defined in the Act but could include obtaining, recording or holding information of data. “Personal data” is information which can identify you as a living individual, including where used in conjunction with other information. Common examples of personal data which may be collected and used by us in our day to day business activities include: name; date of birth; gender; ethnicity; marital status; address; telephone number and other contact details (including email addresses); job title; and bank account and other financial details.
Depending on the types of products and services you require, the information collected and processes may also contain “sensitive personal data” for the purposes of the GDPR which includes information held by us as to: your physical or mental health or condition; the commission of alleged commission of any offence by you; any proceedings for an offence committed or alleged to have been committed by you, including the outcome or sentence in such proceedings; sexual life; in limited circumstances, your membership of a Trade Union; your political opinions, religious or similar beliefs.
Any information which we receive fairly and lawfully relating to one of the above categories constitutes sensitive personal data. Examples of likely items which may contain sensitive personal data (although this is not an exhaustive list) are life insurance questionnaires, medical reports and SSP self-certification forms.
Please note that as with personal data, you have freedom of choice when it comes to your decision as to whether you provide us with sensitive personal data, and you have an opportunity at the end of this Notice to opt in to allow us to process this. You have the right to request that we stop processing your personal data and sensitive personal data at any time. You should however note that if you exercise this right or subsequently request that we stop processing all or part of your personal data and/or sensitive personal data, this could impact upon our ability to provide you with certain types of product and services and may ultimately result in us being unable to provide them to you at all.
How will my personal data be collected and used?
We collect personal data from you to the extent necessary to provide advice, administrative and management services and (subject to the provisions below) related to marketing activities.
We may process your personal data and sensitive personal data for the following reasons:
- The administration, management and provision of advice in relation to financial services products
- Our legitimate business processes and activities including internal audit, accounting, business planning and proposed and actual transactions 9including joint ventures and disposals of business)
- Compliance with legal (including dealing with claims), regulatory and other good governance obligations
This list is not exhaustive and may be updated from time to time as business needs and legal requirements dictate. Some of the personal data that we maintain will be kept in paper files, while other personal data will be included in computerised files and electronic databases.
We may obtain sensitive or personal data from other sources, such as your current policy holders. We use this information in order to provide you with direct financial advice. This means the legal basis for obtaining and holding your personal data is for legitimate interest. The provision of this information is subject to you giving us your express written consent.
We undertake at all times to protect your personal data, including any financial, health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the GDPR concerning data protection. We will also take reasonable security measures to protect your personal data storage.
Who might my personal data be shared with?
Your personal data will be made available for the purposes mentioned above and only to responsible management, human resources, accounting, audit, compliance, information technology and other corporate staff. It may also be made available to third parties providing relevant services to us, such as Paradigm Partners LLP who provide us with certain support services, including regulatory support.
Certain personal data will also be reported to government authorities where required by law and for tax or other purposes. Personal data may also be released to external parties as required by legislation, or by legal process, as well as to companies you authorise us to release your personal data to. We will not sell your personal data to any third party.
What are your rights?
Every individual has the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
If you want to access your data, you must make a subject access request in writing to firstname.lastname@example.org. Under special circumstances, some information may be withheld. We shall respond within 20 working days from the point of receiving the request and all necessary information from you. Our response will include the details of the personal data we hold on you including:
- Sources from which we acquired the information
- The purposes of processing the information
- Persons or entities with whom we are sharing the information
You have the right, subject to exemptions, to ask to:
- Have your information deleted
- Have your information corrected or updated where it is no longer accurate
- Ask us to stop processing information about you where we are not required to do so by law or in accordance with the FCA and CII guidelines
- Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, without hindrance from us.
- Object at any time to the processing of personal data concerning you
We do not carry out any automated processing, which may lead to automated decision based on your personal data.
If you would like to invoke any of the above rights then please write to the Data Controller at Astus Financial Planning Ltd or email email@example.com.
What safeguards are in place to ensure data that identifies me is secure?
We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
In line with the common law duty of confidence, we will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Astus Financial Planning Ltd is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).
How long do you hold confidential information for?
We are obliged by the Financial Conduct Authority to hold confidential information relating to advice given for an indefinite period.
We may wish to provide you with information about new products, services, promotions, and other information in which we think you may be interested. We may send you such information by postal mail, fax and telephone; unless you have registered with the appropriate Preference Service (we would be grateful if you could let us know if this is the case). If you engage with us we may retain your address for future mailings.
We may also like to provide you with the above information by email. However, we appreciate that email “spam” has become a problem in recent years. If you are a customer or you have previously asked us for information on our products:
- We may wish to contact you regarding your purchase or other matters regarding transactions between us, or your customer relationship with us, or send you information on our products by email.
- We may also wish to use your email address to send you information about our products and services that we think may be of interest to you by the way of informational emails.
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
How to request that we cease processing your personal data
If at any time you wish us to cease processing your personal data or sensitive personal data, or contacting you for marketing purposes, please contact us.
If you have a complaint regarding the use of your personal data then please contact us by writing to the Data Controller at Astus Financial Planning Ltd or email firstname.lastname@example.org and we will do our best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the ICO, you can contact them on 01625 545745 or 0303 1231113.