This Privacy Notice explains how we collect, use, disclose and protect your personal information in compliance with prevailing data protection legislation. From 25th May 2018 the relevant legislation will be the General Data Protection Regulation, replacing the Data Protection Act 1998.
'Personal data' in this Privacy Notice, means personal information that identifies you (a 'data subject') as an individual, or is capable of doing so.
Who are we?
Shirley Hughes Financial Services is a trading style of Protection & Investment Ltd, a firm of Independent Financial Advisers with offices located across the South East of England. We specialise in all areas of financial planning for both individual and corporate clients.
Protection & Investment Ltd is Authorised and Regulated by the Financial Conduct Authority (ref 222993).
Registered Office: Chandlers House, Ganders Business Park, Kingsley, Hampshire, GU35 9LU. Companies House Number is 03757929.
What personal data will we collect?
We may collect the following:
- information about who you are such as your name, date of birth and contact details;
- information that is classified as ‘special category information’ being sensitive personal information, such as information about your health and marital or civil partnership status;
- your national insurance number, residency for tax purposes;
- information about your contact with us such as meetings, emails, letters and phone calls;
- information about your employment, company benefits, your sources of income and your liabilities;
- information you may provide us about other people, such as your spouse and dependants. You must obtain consent from the individual(s) concerned to provide information;
- limited information on children for setting up a policy on their behalf; and
- other information that is necessary to allow us to provide you our firm’s services in accordance with your expectations.
How is your personal data used?
We will only process your personal data where there are lawful grounds for doing so;
- when it is necessary to perform the contract existing between us. This contract is represented by the Client Agreement which sets out the services we will provide you;
- to meet our legal and regulatory obligations;
- provide the product and/or service your employer has requested;
- meet our responsibilities in the event of a complaint; and
- verify your identity.
Please note that if you do not wish us to collect and use your personal information in these ways, we will be unable to provide you with our products and services.
Disclosure of your information
We may disclose your information to:
- providers of investments, pensions and Insurance, mortgage and other lenders of credit, investment platforms, Trusts and Discretionary Fund Managers;
- third parties contracted by ourselves to assist us with the advice and services we provide to you and meet our legal and regulatory obligations;
- our regulators, the Financial Conduct Authority (FCA) and the Information Commissioner's Office (ICO);
- law enforcement and fraud prevention agencies; and
- IT providers, services providers and agents in order to provide and maintain the provision of the services.
If you would like to know the names of the third parties mentioned above please ask for further information.
Special category data
Certain types of personal data are considered more sensitive and are subject to additional levels of protection under data protection legislation. These are known as 'special categories of data' and for our purposes include:
- Religious faith when providing intermediary services in relation to mortgage products; and
- Medical information and sexual orientation when providing intermediary services in relation to insurance products.
I hereby give my consent for Shirley Hughes Financial Services to collect and process my personal information recorded in the General Data Protection Regulation (GDPR) as special category or sensitive when this becomes necessary for the purposes recorded above.
Please note that you can withdraw your consent at any time. Our contact details are further down.
We may use the personal data we hold about you to help us identify, tailor and provide you with details of products and services from us that may be of interest to you. Examples include the issuing of Newsletters and contacting those who took out their mortgage with us and whose rate is coming to an end to go over the options available.
We will only process your personal data for marketing purposes where we have legitimate interests and we will do so in accordance with any marketing preferences you have provided to us. We will not share your personal information with other organisations for marketing purposes.
You can opt out of receiving marketing at any time. If you wish to amend your marketing preferences please contact us by:
Phone: 01635 46100
Post: 43 Cheap Street, Newbury, Berkshire RG14 5BX
How long your personal data will be kept
There are minimum retention periods, during which we have a legal obligation to retain your records. However, we reserve the right to retain data for longer where we believe it is in our legitimate interests to do so.
You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
Transfer of your information out of the EEA
The personal data of those who complete our electronic mortgage factfind and client files are stored outside of the European Economic Area (EEA), in the United States. The third parties in question are both members of Privacy Shield which is a US-EU framework endorsed by the European Commission. Organisations that join are obligated to adhere to the same set of standards that apply to firms based in the EEA.
You will be asked to give your Explicit Consent before completing the factfind. You will not be able to complete the form if you do not give your consent. If you do not wish to complete an electronic factfind please ask your adviser for a paper-based version.
You have legal rights under data protection regulation in relation to your personal data. These are set out under the below headings:
- To access personal data
- To correct / erase personal data
- To restrict how we use personal data
- To object to how we use personal data (where legitimate interests are cited as lawful grounds for processing data)
- To ask us to transfer personal data to another organisation
- To object to automated decisions where this occurs
- To understand how we protect information transferred outside Europe
- To find out more about how we use personal data
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
In order for some of the technologies we use on our website to work properly, a small data file ("cookie") must be downloaded and stored on your device. For more information please visit www.allaboutcookies.org You can set your browser not to accept our cookies and the website tells you how but if you do remove them some of the features may not work properly.
If you have any queries or requests regarding this Notice or you would like to exercise any of your rights set out above please contact Protection & Investment Ltd, Chandlers House, Ganders Business Park, Kingsley, Hampshire, GU35 9LU. Alternatively, please call 01420 470241 or email firstname.lastname@example.org
Contacting the Information Commissioners' Office (ICO)
If you require further information or if you are unhappy with the way your personal data is being processed you can contact the ICO on 0303 123 1113 or via their website at https://ico.org.uk/global/contact-us/ Protection & Investment Ltd's registration number is Z7572288.