We’ll collect personal data about you so that we can deliver the products and services you’ve requested from us.
Data and how we use it
Your personal data includes things such as your name, your address and, if you go through our BiggerPicture process, your personal and financial circumstances. We use data like this to help us deliver services, to let you know about any changes to our services and other purposes set out in the In detail section below.
As a financial planning business, we have to keep your data for lots of lawful reasons too. We’ll usually keep your personal data for at least six years after we’ve stopped working with you, but our regulator or insurers may require us to keep it for longer than this.
With your permission, we might supply your data to other people you work with too, but we only give them what they need and it’s under strict confidentiality.
You have lots of rights when it comes to your data. You can see what data we have about you at any time. You can withdraw your consent to us keeping it too. And of course, you can ask us a question about it at any time.
You can do this by sending an email to our Compliance Officer, Edward Rands, on firstname.lastname@example.org.
We’ll only use your personal data to deliver the products and services you’ve requested from us.
2. We’d collect personal data about you when:
3. Here’s the kind of information we might keep hold of:
4. How we use personal data we hold about you
We may process your personal data:
We might use your personal data for more than one of these purposes at the same time.
We might use your personal data to:
5. How long do we keep your personal data?
We’ll hang on to personal data after we have used it, as set out below.
When assessing how long we keep your personal data, we think about:
We’ll keep your data for at least six years too – even if we stop working with you
Legislation, regulations and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you. The period of data retention varies but for some types of service, it’s indefinitely.
6. Where there’s a change of purpose
If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one.
If we think it’s necessary to use your personal data for a new purpose, we’ll let you know and tell you about the legal side of things before we start any new processing of your data.
7. Who has access to your personal data?
We won’t sell or rent your information to third parties.
We won’t share your information with third parties for marketing purposes.
Any of our people with access to your information have a duty of confidentiality. These fall under the ethical standards, which we’re all required to follow.
8. People (or “Third Party Service Providers”) working on our behalf
In some cases, we use other people (or what we call “third party service providers”) to deliver professional advice and cloud-based information storage facilities.
Whenever we use third party service providers, we disclose only the personal information that’s necessary to deliver the service. We also have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.
We’ll not release your information to other third parties unless you’ve requested that we do so, or we’re required to do so by law. For example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.
9. Security measures in place to prevent the loss, misuse or alteration of your personal data
We’ve put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They’ll only process your personal data on our instructions and they’re subject to a duty of confidentiality.
We’ve put procedures in place to deal with any suspected data security breaches. If this happens, we’ll notify you and any applicable regulator of a suspected breach where we’re legally required to do so.
Your data will usually be processed in our offices in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK. When we do this, your data remains within the European Economic Area (EEA). We’d never transfer your data to somewhere outside the EEA.
10. Your duty to inform us of changes in your personal data
It’s important that the personal data we hold about you is accurate and current. If it changes, please let us know of any changes of which we need to be made aware by getting in touch with your usual PKF Cooper Parry contact or using the contact details below.
11. Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
If you wish to exercise any of these rights, please get in touch with us. Our contact details are below.
It’s worth mentioning: you won’t have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. It’s not like us, but we might even decline to comply with the request in such circumstances.
Also, to confirm your identity, we might need to request specific information from you. This is to ensure your right to access the information or to exercise any of your other rights, and to make sure your personal information isn’t disclosed to anyone who has no right to receive it.
12. Your right to withdraw consent
You have the right to withdraw your consent for us to collect, process and transfer your data at any time. This applies to specific circumstances too, where you might’ve provided your consent. To withdraw your consent, please get in touch using the contact details below.
Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to. That’s unless we have another legitimate basis for doing so.
13. Changes to this privacy notice
We keep this privacy notice under regular review and will place any updates on our website at www.creaseyswealth.com/privacy-notice . You can get paper copies of this privacy notice by sending an email to email@example.com .
This privacy notice was last updated on 21 May 2018.
14. Contact details
If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please email our Professional Standards Partner, Edward Rands, on firstname.lastname@example.org.
You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Here are the ICO’s contact details:
Information Commissioner’s Office
Telephone: (0303) 123 1113 (local rate) or (01625) 545 745