Hannay Robertson Financial Planning Limited (“we”, “us”, or “our”) is committed to protecting your privacy and the information you or others share about you.
Why should you read this document?
During the course of dealing with us, we will ask you to provide us with detailed personal information relating to your existing circumstances, your financial situation and, in some cases, your health and family health history (Your Personal Data). This document is important as it allows us to explain to you what we will need to do with Your Personal Data, and the various rights you have in relation to Your Personal Data.
What do we mean by “Your Personal Data”?
Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date of birth, National Insurance number.
Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.
In the context of providing you with a fully comprehensive financial planning service Your Personal Data may include:
- Title, names, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity
- Employment and remuneration information, (including salary/bonus schemes/overtime/sick pay/other benefits)
- Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure
- Details of your children and dependents (we will require the consent of a legal guardian and our interaction will be with the legal guardian until the child reaches eighteen, or the term will be determined by a legal arrangement whichever is the later. For example, trust, power of attorney, ward of court
- Details of family members and other parties. For example, joint applications, trustees, beneficiaries
- Any pre-existing investment/pension and/or insurance products and the terms and conditions relating to these
Your Special Data – some data is particularly sensitive and has special treatment in law. In order for us to provide an effective financial planning service, we will often need to collect data that falls under this category, particularly in relation to health, and we will only collect or use this type of data if you explicitly consent to us doing so.
The basis upon which we will deal with Your Personal Data
We will only use Your Personal Data where the law allows us to in one or more of the following circumstances:
- When we have your explicit consent to do so
- Where we need to perform the contract we have entered into with you – To provide you with a fully comprehensive financial planning service which will include an annual progress meeting to review your circumstances and needs to ensure that our advice and recommendations remain suitable
- Where we have a legal obligation – On occasion, we will use Your Personal Data for contractual responsibilities we may owe our regulator The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing Your Personal Data in order to meet a legal, compliance or other regulatory obligation to which we are subject
- Where it is necessary for our legitimate interests (or those of a third party) – In the course of initial discussions with you or when the contract between us has come to an end for whatever reason, we have the right to use Your Personal Data provided it is in our legitimate business interest to do so and your rights are not affected. For example, we may need to respond to requests from products providers or our compliance auditor relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.
How do we collect Your Personal Data?
We will collect and record Your Personal Data from a variety of sources, but mainly directly from you. You will usually provide information during the course of our initial meetings or conversations with you to establish your circumstances and needs and preferences in relation to investment/financial planning, pensions and insurance. You will provide information to us verbally and in writing, including email. In some circumstances we will voice record our meetings with you. We will always inform you that this is happening and request your permission before recording takes place.
We may also obtain some information from third parties, for example, contacting organisations where you have pension, investment or protection arrangements either arranged by us or by a previous financial planner, HMRC, Department for Work and Pensions or a previous tax adviser/accountant, or other organisations should regulations dictate such collection. In these situations, we will always make you aware of this contact. In addition, the organisation releasing your data will require your authority before it is provided.
We have regulatory requirement to ensure that our services are not being used for financial crime, and where possible we will use a credit referencing agency for this purpose. We will only share the necessary date required to conduct their search, which would normally be your full name, known address(es) and date of birth. Using this service allows us to confirm your identity, prevent financial crime, comply with regulations and fulfil our contract with you.
Additionally, we collect personal information (e.g. your name and contact details) from you when you complete one of our online enquiry forms. We will use this to keep you updated about our activities and services. You may withdraw your consent for us to store this information at any time by emailing us at email@example.com
What happens to Your Personal Data when it is disclosed to us?
In the course of handling Your Personal Data, we will:
- Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees and consultants within Hannay Robertson Financial Planning Limited and only when it is necessary to provide our service to you and to perform any administration tasks associated with or incidental to that service
- Submit Your Personal Data to product providers both in paper form and on-line via a secure portal. The provision of this information to a third party is essential in allowing us to progress any enquiry or application made on your behalf and to deal with any additional questions or administrative issues that providers may raise.
- Use Your Personal Data for the purposes of responding to any queries you may have in relation to any investment/pension product or insurance policy you may take out, or to inform you of any developments in relation to those products and/or polices of which we might become aware.
Sharing Your Personal Data
To deliver our services effectively, from time to time we may share Your Personal Data with other organisations such as:
- Product and Platform providers that we use to arrange financial products for you.
We envisage that the performance by us of our service the majority of Your Personal Data will be processed within the European Economic Area. However, from time to time some of your information may be processed by the third parties we work with outside of the EEA, including countries such as the United States.
Security and retention of Your Personal Data
Your privacy is important to us and we will keep Your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or in instances whereby we have a legal right to such information we will retain records indefinitely.
Your rights in relation to Your Personal Data
- request copies of Your Personal Data that is under our control
- ask us to further explain how we use Your Personal Data
- ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request)
- ask us to send an electronic copy of Your Personal Data to another organisation should you wish
- change the basis of any consent you may have provided to enable us to market to you in the future (including withdrawing any consent in its entirety)
How to contact us in relation to the use of Your Personal Data
If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact:
Duncan Hannay Robertson
Hannay Robertson Limited
Cambridge CB1 1BH
Tel: 01223 269 405
If we feel we have a legal right not to deal with your request, or to action, it in a different way to how you have requested, we will inform you of this at the time.
You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own regulatory obligations.
If you have any concerns or complaints as to how we have handled Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
This document was last updated May 2018