Data Protection and Privacy Notice

Introduction:

The following information applies to those who receive services from us (Collingbourne Wealth Management Ltd) or who may consider doing so. To deliver our services to you we need to collect and hold personal data about you. We take your privacy very seriously and will only use your personal information and data carry out those services. If you would like more information or to discuss any aspect of this Notice, please get in touch with us.

To comply with the General Data Protection Regulation, (“GDPR”) (Regulation (EU) 2016/679), this Notice sets out your rights and details as to how we process your data.

Why we need your data:

We need your data so that we may:

  • Provide financial planning services to you in accordance with our Terms of Business and/ or Client Agreements which may exist between us from time to time. These services require us to obtain and process detailed and extensive personal information about you, which may include but is not limited to your business interests, health, finances, relationships, attitudes, objectives, concerns, preferences and experiences. It is also important for us to understand how these may change over time.

  • Understand your legacy and estate planning, which may include Wills and Trusts, including any Trusts which may be established by your Will upon your death, as well as copies of Letters of Wishes to your Executors and Trustees.

  • Give you financial advice and make recommendations as to investments and financial products which are suitable for you, taking into account current financial markets and economic conditions, availability of products and the providers of those products.

  • Comply with our regulatory obligations imposed by the Financial Conduct Authority in regard to the relevant ‘Know Your Client’ obligations. In addition, to comply with the Regulator’s requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken and customer histories for prescribed periods of time as directed.

  • Respond to any legitimate legal requests for information about you to the Regulatory authority or pursuant to an order of any court or tribunal having relevant jurisdiction, or as required by law for the purposes of but not limited to combatting fraud, money-laundering and criminal activities.

  • Carry out our legitimate business and professional management responsibilities which include, but are not limited to providing you with suitable advice, ensuring your portfolio and financial products continue to be suitable for you, adhere to anti money laundering requirements and investigating and resolving complaints.


General information about your data and your rights:

Where we collect data directly from you, we will undertake:

  • In addition to those third-party companies expressly detailed in this notice, to inform you in writing of the name and contact details of the data controller for that data and their representative. For example, where we arrange an investment on your behalf with a third-party investment provider, the data controller may be the financial institution in question.

  • To inform you of the recipients or categories of recipients of data.

  • If the data controller proposes to transfer the data to a country other than those covered by the GDPR, to provide you with details of the safeguards surrounding such transfers and how to obtain a copy of them.

  • To inform you of the period for which we propose to hold the data, or where this is not possible, the criteria which we will apply to data retention.

  • To remind you of your rights whereby you may:

    • request access to data of which you are the data subject

    • object to, the processing of the same

    • withdraw your consent to receiving any marketing communication from us

    • obtain rectification of inaccurate data

    • prevent data processing for the purposes of direct marketing

    • object to decisions being taken by automated means and to have the logic behind those decisions clearly explained

    • claim compensation for damages caused by a breach of the Act

    • request data erasure

Where you exercise your right to request (via email or post) access to data of which you are the data subject, we will undertake to respond to you within 30 calendar days of receipt of your request. There will be no charge for this service unless the request is manifestly unfounded or excessive in which case we reserve the right to charge a fee or refuse to respond.

You may at any time, by giving notice to us in writing, request that we cease to process your data. We will respond to any such request as soon as is reasonably practicable.

Where the legal basis for the processing of your data is to adhere to compliance with a statutory or contractual obligation, or the necessary precondition to entering into a contract, including compliance with the requirements of any Regulator, we will inform you as to:

  • Whether you are legally required to provide such data, and

  • The consequences of failing to provide such data

Where we obtain your data otherwise than directly from you, you will have the same or equivalent rights to those set out above.

Save in the circumstance as detailed below, we will inform you which source the data originated from and whether it came from publicly accessible sources. The information to be provided will be in accordance with the following time periods, whichever shall occur first:

  • As soon as practicable after obtaining the data and in any event within 1 month

  • At the time of our first communication with you using the data

  • When the data is first disclosed to another person

We shall not be obliged to provide you with the information:

  • Where you already have this information

  • Where we are subject to an obligation of professional secrecy prohibiting the disclosure of the information

  • Where disclosure would render impossible or severely impair the achievement of the reasons for which the data is to be processed. In such cases, we will do what we can to protect your rights and freedoms with respect to our processing of the data

You have the right to complain about any aspect of the processing of your data and any breach of the above rights to the relevant supervisory authority, who in the case of the United Kingdom is the Information Commissioners Office, whom may be contacted at:

Online:          www.ico.org.uk

Phone:          0303 123 1113

Holding your data:

We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. During such a review, we will:

  • Delete any data which is trivial or transitory in nature, or which in our opinion is no longer required for the purposes set out above.

  • Update the data to ensure that any errors or inaccuracies are corrected.

  • Archive data as detailed below.

  • Subject to the data retention periods, as detailed below, securely delete the data when it is identified that we no longer need to hold it.

We will only retain your personal information for as long as necessary to meet the reason your personal information was collected for. We need to keep your information long enough to make sure that we can provide our services to you, to comply with and/or satisfy all legal obligations including our obligations to keep records and to protect our interests.

If you do not become a client, we will keep your data for no more than two years, except for that necessary to evidence that we did not provide you with advice.

If you become or are already a client of ours, we will keep most personal information for at least 10 years after you cease to be a client. There may be instances where we will keep the information for longer periods of time depending on the nature of the data, or the purpose for the retention. In this regard, we have set out some examples of processing which we undertake and the reason why we will need to retain your personal information even after you cease to be a client of ours:

  • Retention in case of queries: We will retain the personal information that we need to keep in case of queries from you (for instance, if you apply unsuccessfully for a product or service);

  • Retention in case of claims: We will retain the personal information that we need to keep for the period in which you or your representatives might legally bring claims or complain to the Financial Ombudsman against us;

  • Retention in accordance to pension transfers: We will retain all personal information in relation to pension transfers advice for so long as this is required by law;

  • Retention in accordance with legal and regulatory requirements: We will retain the personal information that we need to keep even after the relevant contract you have with us has come to an end.


Archiving data:

We will regularly review data and where in our opinion such data has ceased to be active we will archive it. Any data which are archived will only be processed in limited circumstances.

All storage of data, whether active or archived will be in accordance with good industry practice and will be undertaken in accordance with organisational systems and procedures, which will be regularly reviewed, to maintain the security of data.

Data portability:

On the termination or expiry of any agreement to provide services to you and on your written request, we will, subject to our right to retain copies of data for the purposes set out above, agree to return any data you have provided to us in a structured, commonly used machine-readable format, or transfer the same to a new data controller nominated by you.

Whom we may share your data with:

In order to carry out our legitimate business and to provide you with financial planning services, we have entered into agreements with and will share your information with the following companies, for the purposes of service delivery, compliance, IT systems security, data management and control and auditing. Full details of these companies’ addresses and contact details are available on request:

  • Microsoft Office 365 (IT systems/solutions)

  • Cardium Outsourcing / Your Office Anywhere (Computer server provider)

  • Threesixty Services LLP (Compliance consultants)

  • Finametrica (Risk profiling software)

  • Voyant (Financial planning software)

  • iPipeline Limited (Insurance/annuity quotation portal)

  • Moneyinfo Limited (MyCollingbourne portal provider)

  • Pebbletree Limited (Telephone call recording)

  • Hubspot Inc (Marketing database)

  • Protean Risk (Professional Indemnity Insurance brokers)

In addition to the above listed companies you will be notified as to the name and contact details of the data controller for any other third-party entity with whom we share and/or transfer your data and their representative, including any investment providers we introduce you to.

Future changes to this privacy notice:

We reserve the right to update this privacy notice at any time. You will be able to review the current privacy notice by visiting www.collingbourne.com/privacy.