The General Data Protection Regulation
Please also refer to Section 16 of our Client Agreement Document
Background to the GDPR
GDPR, which stands for General Data Protection Regulation, has been described as the “biggest overhaul of online privacy” since the birth of the internet. It is designed to give all EU citizens the right to know what data is stored about them (and request that it be deleted) and also protect them from privacy and data breaches. It is effective from the 25th May 2018.
What we need
Sandle Nash Limited will be known as the “Controller” of the personal data you provide to us. In our conduct of business with you we will need to collect information about you which we will hold as data controllers under the General Data Protection Regulation (GDPR). We will use this information to ensure that our advice is suitable in your circumstances. Unless otherwise agreed, we will usually only collect basic personal data about you. If health, life insurance or enhanced annuity contracts are being applied for, we may request medical information including family medical history. This is known as “sensitive personal data”.
If you wish to see a list of the data which we hold about you, please contact our Data Protection Officer – Tim Whyte, at Sandle Nash Ltd, Yeo Business Park, Clyst St Mary, Exeter, EX5 1DP
What we do with it
We will use this information to ensure that our advice is suitable in your circumstances. All the personal data we hold about you will be processed by our staff and selected third parties in the United Kingdom. It may also be disclosed to the Financial Conduct Authority (FCA) who regulate us, the Financial Ombudsman Service (FOS) who are an independent arbitrator and wherever there is a legal obligation that we do so. Additionally, it may also be disclosed to our Compliance Consultants, Haven Risk Management Ltd, who help to ensure that, in your interests, we abide by the rules of the Financial Services and Markets Act, (FSMA) 2000 and any other regulations.
Please also be aware that your information may be stored on a cloud-based system whose services are located within the European Union.
How long will we keep it?
The FCA requires us to keep records of our business transactions for specified periods and as long as it is in your interests that we do so. We will generally keep your personal data for no less than the duration of our business relationship. Your data will be updated and amended if necessary at the regular review meetings that you have with your financial adviser and/or if you specifically notify us of any changes to your personal details.
Our Lawful Basis for Processing your Personal Data
We intend to rely on you having given your consent to our processing of your data, for one or more specific purposes, via you acknowledging receipt of our ‘Client Agreement’ document. Alternatively, our basis will be that processing your data is necessary for the performance of a contract (e.g. arranging a policy or an investment) to which you are party.
Under the General Data Protection Regulation, you have various rights regarding the use of your personal data which are as follows:
- The right to be informed – of any and all matters pertaining to your data.
- The right of access – to any or all of your data at all times.
- The right of rectification – of any mistakes or inaccuracies.
- The right to erasure – of data we hold on you. Please note that this right is not absolute. If you require details of when the right to erasure does not apply, please contact our Data Protection Officer – Tim Whyte.
- The right to restrict the processing of your personal data – if for example you have contested its’ accuracy and whilst this is being verified by us.
- The right to data portability – to have your data transferred to another firm.
- The right to object – to any aspect of how we use, or handle your data.
- The right not to be subject to automated decision making.
How to complain about the use of your data
If you wish to raise a complaint about how we have handled your personal data, including in relation to any of the rights mentioned above, you can contact our Data Protection Officer – Tim Whyte, at Sandle Nash Ltd, Yeo Business Park, Clyst St Mary, Exeter, EX5 1DP and he will investigate your concerns.
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office (ICO). You can find further information about the ICO and their complaints procedure at the following link: www.ico.org.uk/concerns
Using your personal data for marketing purposes
We may contact you from time to time by post, e-mail or telephone to bring your attention to additional products or services that we think may be of benefit to you. If you do not wish to be contacted in this way, then please ge in touch with us.
You have the right to alter this consent at any time, and if you ever have any queries about the collection and use of your data, or your rights under the GDPR, you should contact the firm’s Data Protection Officer as mentioned above.
Personal Information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address, an e-mail address or other contact information, whether at work or at home. In general, you can use the Sandle Nash web site without telling us who you are or revealing any Personal Information about yourself.
If you choose to provide us with your Personal Information on the web, we may transfer that Information, within Sandle Nash, but the information will be held within the UK, in accordance with the Data Protection Act 1998. In no case is data shared or sold to, any third party.
Cookies and Other Tracking Technologies
Some of our web pages utilise “cookies” and other tracking technologies. A “cookie” is a small text file that may be used, for example, to collect information about web site activity. Some cookies and other technologies may serve to recall Personal Information previously indicated by a web user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them.
The Sandle Nash website web site is not structured to attract or intended for children. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 18 years of age.
We are committed to privacy and support current industry initiatives to preserve individual privacy rights on the Internet. Protecting your privacy on-line is an evolving area and this website will constantly evolve to meet these demands