OUR DATA PROTECTION & PRIVACY NOTICE
In order to provide you with financial planning services we, PlanHappy Investment Management Limited trading as Joslin Rhodes Pension & Retirement Planning, will collect and hold personal data about and on you. We are also required to comply with the General Data Protection Regulation (Regulation (EU) 2016/679 (the “GDPR”)) and below we set out the details relating to your rights and how we process your data.
What information do we collect about you?
We collect information about you when you engage us for financial advice. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health and children, if this is necessary for the provision for the provision of our services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us.
Why do we need to collect and use your personal data?
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations.
Where special category data is required we’ll obtain your explicit consent in order to collect and process this information.
How will we use the information about you?
We need your data in order for us to
- Provide lifestyle financial planning services to you which may include but not limited to giving you financial advice and making recommendations relating to investments and financial products, taking into account individual suitability, current financial markets, economic conditions, availability of products and the providers of those products, as well as a detailed analysis of your personal circumstances and requirements.
- Comply with our regulatory obligations imposed by the Financial Conduct Authority in regard to the relevant ‘Know Your Client’ obligations. In addition, to comply with the Regulator’s requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken and customer histories for prescribed periods of time as directed.
- Respond to any legitimate legal requests for information about you to the Regulatory authority or pursuant to an order of any court or tribunal having relevant jurisdiction, or as required by law for the purposes of but not limited to combatting fraud, money-laundering and criminal activities.
- Carry out our legitimate business and professional management responsibilities which include but are not limited to preparing, verifying and auditing of statutory accounts and tax returns, monitoring and reviewing levels and types of business for marketing and quality control, assessing business risks and standards of services or investigating and resolving complaints.
- To use special categories of personal data (for example data concerning health), which, where appropriate, will be used to provide advice and/or recommendations for product(s) which are dependent upon the health of the life assured / policy holder etc (for example life assurance or Enhanced Annuities). Should we require any special category of personal data we will only gather this with your explicit consent.
- Where we collect data directly from you, we will undertake: To inform you, where appropriate, of the contact details for any Data Protection Officer appointed by us.
- To inform you and make clear the purposes for which the data is to be processed and the legal basis for that processing. In the event that the legal basis to be relied on is that of the legitimate interests of the data controller or any third party, we will inform you as to the nature of those legitimate interests.
- To inform you of the recipients or categories of recipients of data.
- In the event that the data controller proposes to transfer the data to a country other than those covered by the GDPR, to provide you with details of the safeguards surrounding such transfers and how to obtain a copy of them.
- To inform you of the period for which we propose to hold the data, or where this is not possible, the criteria which we will apply to data retention.
- To remind you of your rights whereby you may:
- request access to data of which you are the data subject
- object to, or withdraw consent for, the processing of the same
- obtain rectification of inaccurate data
- prevent data processing for the purposes of direct marketing
- object to decisions being taken by automated means and to have the logic behind those decisions clearly explained
- request data erasure
- you may have the right to have your data transferred to another service provider in an appropriate electronic format. Please note that we will have regulatory obligations to retain copies of the information as outlined previously.
You may at any time, by giving notice to us in writing, request that we cease to process your data. We will undertake to comply with any such request as soon as is reasonably practicable. Where the legal basis for the processing of your data is to adhere to compliance with a statutory or contractual obligation, or the necessary precondition to entering into a contract, including compliance with the requirements of any Regulator, we will inform you as to:
- Whether you are legally required to provide such data, and
- The consequences of failing to provide such data
Where we obtain your data otherwise than directly from you, you will have the same or equivalent rights to those set out above. Save in the circumstance as detailed below, we will inform you which source the data originated from and whether it came from publicly accessible sources. The information to be provided will be in accordance with the following time periods, whichever shall occur first:
- As soon as practicable after obtaining the data and in any event within 1 month
- At the time of our first communication with you using the data
- When the data is first disclosed to another person, we shall not be obliged to provide you with the information:
- Where you already have this information
- Where we are subject to an obligation of professional secrecy prohibiting the disclosure of the information
- Where disclosure would render impossible or severely impair the achievement of the reasons for which the data is to be processed. In such cases, we will do what we can to protect your rights and freedoms with respect to our processing of the data.
What can you do if you are unhappy with how your personal data is processed?
You have the right to complain in regard to any aspect of the processing of your data and any breach of the above rights to the relevant supervisory authority, who in the case of the United Kingdom is the Information Commissioners Office, whom may be contacted at:
- Online: www.ico.org.uk
- Phone: 0303 123 1113
Holding your data:
We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. In the course of any review, we will:
- Update the data to ensure that any errors or inaccuracies are corrected.
- Subject to the data retention periods, as detailed below, securely delete the data when it is identified that we no longer need to hold it.
- We may retain and process your data for the following periods. In the event that more than one period applies to the same data, we will retain the data to the last such period to expire.
- We will hold any agreements between you and us for a period of 6 years from the termination or expiry of the agreement unless we have been notified of any claim or circumstance which might give rise to a claim under or by reference to such agreements.
- We will process data relating to investments which we have provided advice on and / or arranged for you. We will process such data throughout the entire period you are and remain a client of the firm and for a period of not less than 6 years following our ceasing to provide service to you in regard to those investments. In the case of long-term investments, we may process your data until the date of maturation of such long-term investments.
- We will hold data as required by any Regulator until the end of any limitation period imposed by that Regulator, which in the case of the Financial Conduct Authority (FCA) is currently 6 years.
- We will hold data as required by any relevant third party until the end of any limitation period imposed by that relevant third party, which in the case of HMRC shall be 7 years, unless we are notified that any period is considered “open” by HMRC in which case it will be until we are notified the period is “closed”.
- We will hold data as required for the purposes of any legal proceedings for a period of 6 years following the conclusion of any such proceedings unless a longer period is required pursuant to any court rule or enactment. Proceedings will be taken to have concluded on the expiry of any period given for appealing any final judgment or on the date of concluding any settlement staying all relevant claims if the proceedings were settled before judgement.
Save for the above, we will hold data for a maximum of 50 years from the date we receive the data.
Recording of Communications:
Where required we may monitor or record telephone and video conversations or other communications between you and us. Parts of that recording could count as personal data according to data protection laws. Personal data in recordings may include images of you (i.e. your webcam footage of you) and any opinions you contribute and anything you say about yourself. Recordings of telephone and video conversations may take place without the use of a warning tone. We use these recordings (or transcripts of them):
- To check your instructions to us
- To analyse, assess and improve our services to clients
- For training and quality purposes
- To help us investigate any complaint you may make
When you give us personal information, we take steps to ensure that it is retained securely and processed in a confidential manner. Your information may be accessed by your adviser and our support staff for the purposes of providing our services to you. In addition, it may be accessed by senior managers and our compliance consultants (or the FCA) for the purposes of ensuring compliance with our regulatory obligations and reviewing the quality of our advice.
Information may be transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information that passes between us, and you should consider the risk of this. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. If we do provide you with a password, it is your responsibility to change it on first use. We ask you not to share your password with anyone.
We will not use your data for marketing purposes unless you have expressly given us your prior consent. You may withdraw your consent to marketing at any time by giving us notice in writing. The use of your data as detailed in the remainder of this agreement is not affected by whether you choose to consent to the use of data for marketing purposes.
It is possible to switch off cookies by setting your browser preferences.
Note – Turning cookies off may result in a loss of functionality when using our website.
Whom we may share your data with:
In order to carry out our legitimate business and to provide you with financial planning services, we have entered into agreements with and will share your information with the following types of companies, for the purposes of advice suitability, Compliance, IT systems security, data management and control and auditing. Examples of whom your personal data may be shared with by us includes:
- Specialist advice businesses including firms specialising in Safeguarded Benefit Advice
- FCA Compliance related services
- Financial services software including (but not limited to) providing cashflow forecasts, pension, investments and retirement planning modelling and document storage
- ID verification services to comply with anti-money laundering regulation
- IT services and systems suppliers
- HMRC (UK Tax authority)
- Financial Conduct Authority (The UK regulator)
- Financial Ombudsman Service (Financial Services dispute resolution)
- Professional indemnity insurers
- Secure and confidential waste disposal services
- Investment platforms
- IRESS The Exchange
Full details of these companies, their addresses and contact details are available on request. We reserve the right to change this list from time to time, however you will be notified if this event occurs.
Links to other websites:
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Transferring your information outside of Europe:
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
If any provision, or part thereof, of this agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
We will occasionally update this Policy to reflect changes in the applicable Regulation, and/or relevant legislation as well as both company and customer feedback. Where applicable we will contact you to inform you of these changes. The current policy will always be available on our website.