Chartered Financial Planners
This Privacy Notice explains how we collect, use, disclose and protect your personal information in compliance with prevailing data protection legislation. From 25th May 2018 the relevant legislation will be the General Data Protection Regulation (Regulation (EU) 2016/679) (‘the Regulations’), replacing the Data Protection Act 1998.
‘Personal data’ in this Privacy Notice, means personal information that identifies you (a ‘data subject’) as an individual, or is capable of doing so.
HDA processes personal data under the legal basis known as ‘legitimate interest’. As the legal basis for processing ‘legitimate interest’ is appropriate where data is processed in ways that data subjects would reasonably expect and where there is minimal privacy impact, or where there is a compelling justification for the processing.
What personal data will we collect?
We may collect the following:
- Information about who you are, such as your name, date of birth and contact details;
- Information that is classified as ‘special category information’ being sensitive personal information, such as information about your health and marital or civil partnership status;
- Your national insurance number, residency for tax purposes;
- Identification documentation to verify your identity in order for us to meet our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, the Criminal Justice (Proceeds of Crime) and any other applicable legislation and for the purposes of crime prevention and fraud prevention;
- Information about your contact with us such as meetings, emails, letters and phone calls;
- Information connected to your product or service with us such as your bank account details;
- Information about your employment, company benefits, your sources of income and your liabilities;
- Information you may provide us about other people, such as your spouse and dependants. You must obtain consent from the individual(s) concerned to provide information;
- Limited information on children for setting up a policy on their behalf;
- Other information that is necessary to provide you with the firm’s services in accordance with your expectations; and
- Information that is automatically collected when you visit our website.
When do we collect your personal data?
- We will collect information from when you contact us to use our services and when we contact you during the provision of those services;
- We may collect information about you from fraud prevention agencies and other organisations when we undertake checks such as identification verification checks.
- Information may also be collected about you when you visit our websites (for example, via cookies), such as your IP address and other browser-generated information.
In order for some of the technologies we use on our website to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, we use several persistent cookies for purposes of session and user authentication, security, keeping the User’s preferences (e.g., regarding default language and settings), connection stability (e.g., for uploading media, using e-Commerce features, etc.), monitoring performance of our services and marketing campaigns, and generally providing and improving our Services.
The cookies implemented on our website are as follows:
If you want to delete or block any cookies, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Information on deleting or controlling cookies is also available at www.aboutcookie.org (please note that we cannot ensure the accuracy, completeness or availability of this website). Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience.
How is your personal data used?
We will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only where it is in the legitimate interests of HDA.
We may collect your personal data to:
- Provide the product and/or service you have requested in accordance with your expectations;
- Meet our regulatory obligations;
- provide the product and/or service your employer has requested;
- Meet our contractual, legal or regulatory obligations;
- Meet our responsibilities in the event of a complaint;
- Verify your identity; and
- Satisfy any other purpose related to or ancillary to any of the above.
Please note that if you do not wish us to collect and use your personal information in these ways, we will be unable to provide you with our products or services.
How we protect your information
You may be assured that we (and any company associated with us) will treat all personal and special category data as confidential and will not process it other than for a legitimate purpose.
Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary.
We take appropriate security measures (including physical, electronic and procedural measures) to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the data.
Disclosure of your information
We may disclose your information to:
- Providers of investments or services we recommend, including providers of pensions, offshore bonds, onshore bonds, trusts, investment platforms, discretionary management services, mortgages, mortgage protection products, insurance products or other such products or services. We may also be required to share information with auditors appointed by the providers of such products or services;
- Third parties, such as credit reference agencies for the purpose of processing your applications;
- To any statutory, governmental or regulatory body for legitimate purposes; including, where relevant, to solicitors or accountants;
- Our regulators the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO)
- Law enforcement, credit and identity check agencies;
- IT providers, services providers and agents in order to provide and maintain the provision of the services;
- To our appointed auditors, accountants, lawyers and other professional advisers, to the extent that they require access to the information in order to advise us;
- To fraud prevention agencies and other organisations to allow us to undertake the checks set out below. We will supply details of such agencies on request; and
- In the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets.
We may carry out automated checks using your personal data, such as your name, postal address, date of birth, telephone numbers and employment status to verify your identity. This information may be accessed by law enforcement agencies.
We are committed to only keeping your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this notice, and for as long as we are required or permitted to keep it by law.
Where applicable, we will keep records of pension transfers, pension conversions, pension opt-outs or Free Standing Additional Voluntary Contributions indefinitely.
We take extra precautions to protect the privacy and safety of children using our services. Children under the age of 13 are not permitted to use our services, unless their parent provided verifiable consent.
If we find that we have collected the personal information of a child under 13 without consent, we will take steps to delete the information as soon as possible.
HDA’s clients have the following rights (unless exemptions apply):
- To ask HDA not to process their personal data for marketing purposes;
- To access the personal data held about them and to obtain a copy of it;
- To prevent any processing of personal data that is causing or is likely to cause unwarranted and substantial damage or distress to them or another individual;
- To request the rectification or completion of personal data which are inaccurate or incomplete;
- To restrict or object to the processing of their personal data*;
- To request its erasure under certain circumstances;
- If appropriate, to receive their personal data, which they have provided to the firm, in a machine-readable format;
- If appropriate, the right to transmit or have transmitted that data to another data controller where technically feasible;*
- To be informed about any use and impact of their personal data to make automated decisions about them; and
- To complain about the way in which their personal data is being used to the Information Commissioner’s Office.
*From 25th May 2018 onwards
Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time.
If you have any queries or requests regarding this Notice or you would like to exercise any of your rights set out above, please contact the Data Protection Manager on 01242 514563 or in writing at HDA, New Barn Manor Farm Courtyard, Southam Lane, Southam, Cheltenham GL52 3PB
Contacting the Information Commissioners’ Office (ICO)
You can contact the ICO for advice and information about your information rights by telephone by calling 0303 123 1113 or via their website:
Changes to our Privacy Notice
We keep our Privacy Notice under regular review and we will place any updates on this webpage. This Privacy Notice was last updated in May 2018.