We are an outsourced paraplanning company, based in Bristol.
We provide high quality, technical research and reports to support your advice in a clear and easy to understand way.
Privacy Statement
This notice contains information about how we collect and use personal data.
What data we collect & what do we do with it
In order to provide paraplanning services we need personal information about your clients concerning their finances, circumstances, objectives and other relevant details. We will collect, store and process this information. We will also need information about your firm and processes to be able to tailor our work to your needs.
Legal basis
We collect, control and process personal information because this is necessary to provide you with information, answer any queries you may have and for the provision of our services to you. Contractual necessity is therefore the lawful basis for collecting, controlling and processing your personal details and those of your employees and service providers other than sensitive personal data for which we require individual consent. We do not normally request or process any sensitive personal data.
Sensitive personal data:
Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data
Data concerning health
Data concerning sex life or sexual orientation
We would discuss with you the need for the provision of sensitive data before you provide this information. The Data Protection Act 2018 allows sensitive information to be processed based on contractual necessity where it is required for the underwriting of insurance. For any other provision of sensitive personal data you will need to give us consent to processing.
Choosing to provide us with any personal information is entirely up to you. If you choose not to, we simply may not be able to assist you.
What data we collect & what we do with it
We collect and use information about you, which will include personal data in order for us to provide you with details of our services you and make arrangements for you. In order to communicate with you, we will require your contact details including personal email addresses. Your name, contact details and information relating to the work we undertake for you will be processed and stored.
If you contact us via the web form on our website your data will be protected by a secure socket layer (SSL). This site is hosted by Godaddy, and managed via Squarespace. For more information about how they process data, please see their respective privacy policies (Godaddy & Squarespace). If you enter details into our webform these will be transmitted to us via email and temporarily stored on a Microsoft Hosted Exchange. Your email will also be processed on iCloud: Apple Inc. in order for it to reach mobile devices.
Sharing your data
In order to fulfill our obligations under any contract for services we will need to share your data with third party Data Controllers and Data Processors.
Data controllers include:
Product & service providers in relation to investments, plans and pensions.
Our compliance monitoring services.
Any regulators where so required.
Research & sourcing services
We also use external Data Processors that will hold information for the following purposes:
Research
Secure file sharing
Data backup
Communications
Accounts
Forecasting
Record keeping
All external processors are only permitted to process your data in line with our instructions.
Data processors privacy
Below is a list of the processors used and the types of information processed. Please note that the Privacy & Security policies of the processors are aimed at the controllers who use them and may be updated.
Type of processing & data
We use Apple’s iCloud to synchronise calendar & contact details with smart phones to facilitate efficient communications. The information shared comprises contact information: name, phone numbers, email address, meeting dates.
We use Microsoft to manage e-mails and to securely store and share files and documents that contain or may contain personal data pertinent to the work we undertake for clients and for our staff.
Freeagent/Xero
We use Freeagent and Xero for invoicing and accounting. Your personal data pertaining to any business transacted is entered during this process and stored.
We use Teamwork to send secure messages, share documents and manage your work. Files, documents and messages may contain personal data pertinent to the work we undertake for you and your clients.
We use MailChimp in order to efficiently send email updates to you as part of our ongoing services. Your name and email address are stored to facilitate this.
In all cases we seek to minimise the amount of personal data shared . It is essential, however, that we can identify you quickly and easily so information shared may be identifiable as your personal data.
We will not share your personal information in any other circumstances than those necessary for the provision of service to you or where we are required to do so by law.
Where we store your Personal Data
All the data that we collect is stored on our encrypted server or encrypted back-up drives back up drives in the UK or with our listed processors under contract.
Cross border transfer
We do not expect any processor holding data on our behalf to do so outside of the EU. However, should any processor do so, we will take steps to ensure that it is held in a satisfactory jurisdiction. In the case of the US we will ensure that the EU-US Privacy Shield applies.
Marketing
The information we collect about you is used solely for the purposes for which it was provided. We will never use your data or share it for marketing purposes. If we have collected information from you for marketing purposes we will inform you and specifically gain your consent.
Retention
We will keep your personal data throughout our business relationship. At the end of any contractual relationship we are required to continue to hold personal data under current legislation for varying periods and in some circumstances indefinitely. We may also consider it necessary to keep data beyond these timescales in order to defend any future legal action. Where we no long need regular access to your data we will transfer your data to a secure archive in order to avoid any unnecessary processing.
Your rights
Under data protection law you have the right to ask us for a copy of the information we hold about you, and to have any inaccuracies corrected or removed. You may also ask us to delete or cease processing all personal data held by us or any processor with whom we have shared your data. We may not always be able to comply with a request for deletion, but you can ask us to cease processing your data.
In addition, you have the right to be informed about the data we collect, where is located and with whom it is shared and the processing we undertake and to question any automated decision-making processes.
To do this, or if you require more information please contact us.
Complaints
The UK Information Commissioner’s Office is our supervising authority where you can refer any complaints about data protection. Click here for more information.
If you have any queries, please do not hesitate to contact us.