Your information – what we collect and how we use it
We’ll collect personal data about you so that we can deliver the products and services you’ve requested from us.
Data and how we use it
Your personal data includes things such as your name, your address and, if you go through our BiggerPicture process, your personal and financial circumstances. We use data like this to help us deliver services, to let you know about any changes to our services and other purposes set out in the In detail section below.
We take our responsibility for keeping your data safe and secure very seriously. As such, we have implemented suitable technical and organisational measures ensure the confidentiality, integrity and availability of your data. As a financial planning business, there are lots of lawful reasons for having to process your data. We’ll usually keep your personal data for at least six years after we’ve stopped working with you, but our regulator or insurers may require us to keep it for longer than this. We may have to share your personal data with third parties (for example where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so). “Third parties” includes third-party service providers and other entities within our group and services such as IT and cloud services, third party agencies for identity verification purposes or product providers to help us with any recommendation.
Your rights You have lots of rights when it comes to your data. You can see what data we have about you at any time. Where you have previously provided consent to us processing your data, you can withdraw your consent to us keeping it too. (Please note: there are some areas where regulatory obligations or legitimate interest might prevent us from getting rid of all your data). And of course, you can ask us a question about it at any time. You can do this by sending an email to our Compliance Manager, Jane Lawson, on email@example.com.
– you request that we provide you with a service (particularly at your Discovery meeting) – you,your employer, or one of our clients (for example, a member of your family) engage us to provide our services. We’ll also collect data during the period we’re delivering those services – you get in touch with us. That could be by email, phone, post, social media or through our website – we consult third parties and/or review data which is available to the public. For example, we ask for data from your employer or find it on Companies House.
We may process your personal data:
We might use your personal data for more than one of these purposes at the same time. We might use your personal data to:
We’ll retain personal data after we have fulfilled the original purpose for which it was collected, as set out below. When assessing how long we keep your personal data, we consider:
We’ll keep your data for at least six years too – even if we stop working with you Legislation, regulations and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you. The period of data retention varies from one type of service to another – for some types of service (such as some types of pension transfer), it’s indefinite! (Feel free to ask us for more information about this if you have any concerns)
If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one. If we think it’s necessary to use your personal data for a new purpose, we’ll do so transparently by keeping you informed and reminding you of your rights before we start any new processing of your data.
We won’t sell or rent your information to third parties. We won’t share your information with third parties for marketing purposes. Any of our people with access to your information have a duty of confidentiality under the ethical standards that we are held to by the Financial Conduct Authority, which we’re all required to follow.
In some cases, we use other people (or what we call “third party service providers”) to deliver professional advice and cloud-based information storage facilities. Whenever we use third party service providers, we disclose only the personal information that’s necessary to deliver the service. We also have a contract in place that requires them to keep your information secure and not to use it for their own purposes. All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We’ll not release your information to other third parties unless you’ve requested that we do so, or we’re required to do so by law. For example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.
We’ve put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They’ll only process your personal data on our instructions and they’re subject to a duty of confidentiality. We’ve put procedures in place to deal with any suspected data security breaches. If this happens, we’ll notify you and any applicable regulator of a suspected breach where we’re legally required to do so. Your data will usually be processed in our offices in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK. Where this is the case, the data transfers are either:
It’s important that the personal data we hold about you is accurate and current. If it changes, please let us know of any changes of which we need to be made aware by getting in touch with your usual Cooper Parry contact or using the contact details below.
Under certain circumstances, by law you have the right to:
If you wish to exercise any of these rights, please get in touch with us. Our contact details are below. It’s worth mentioning: you won’t have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. It’s not like us, but we might even decline to comply with the request in such circumstances. Also, to confirm your identity, we might need to request specific information from you. This is to ensure your right to access the information or to exercise any of your other rights, and to make sure your personal information isn’t disclosed to anyone who has no right to receive it.
Where you have previously provided consent to our processing your data, you have the right to withdraw your consent at any time. To withdraw your consent, please get in touch using the contact details below. Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to. That’s unless we have another lawful basis for doing so.
We keep this privacy notice under regular review and will place any updates on our website at www.creaseyswealth.com/privacy-notice. You can get paper copies of this privacy notice by sending an email to firstname.lastname@example.org. This privacy notice was last updated on 24August 2021.
If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please email our Compliance Manager, Jane Lawson, on email@example.com. You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Here are the ICO’s contact details: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: (0303) 123 1113 (local rate) or (01625) 545 745 Website: https://ico.org.uk/concerns