Loveday and Partners (“we” “us” “our”) is committed to protecting and respecting your privacy. We are the data controller and will process your personal data in accordance with the Data Protection Act 1998 as amended or replaced by the General Data Protection Regulation 2016 and any national laws which relate to the processing of personal data (“data protection legislation”).
Please read the following carefully to understand our views and practices regarding Your Data and how we will treat it.
This policy applies to information we may collect about:
- Visitors to our website
Visitors to our website
We may collect and process personal data about you in the following circumstances:
- whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence; and
- whenever you disclose your information to us, or we collect information from you in any other way, through our Site.
We may also collect data in the following ways:
Cookies and IP Address
We may use your personal data for our legitimate interests in order to:
- provide you with information, or services that you requested from us;
- allow you to participate in interactive features of our Site, when you choose to do so;
- ensure that content from our Site is presented in the most effective manner for you and for your device;
- improve our Site and services;
- process and deal with any complaints or enquiries made by you; and
- contact you for marketing purposes where you have signed up for these (see the Marketing section below for further details).
Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. Please check before you submit your information to these websites.
We will collect details such as name, address, email address, contact number, date of birth, national insurance number and financial information in order to provide services to clients. We may also receive details of credit checks undertaken where you have supplied these to us.
We will share client personal information with our employees to manage our relationship with you and we will retain client personal data in accordance with the guidelines set down by our Regulators.
We will use your personal data provided to comply with our contractual obligations arising from the agreements we enter into with our Clients and share the data with financial institutions who can assist in the provision of financial services to clients including product providers, lenders, banks, insurers, fund managers, platform providers and third party compliance advisers.
We will use client personal data for our legitimate interests including:
- sharing personal data with our compliance services supplier;
- with your consent, marketing our other products and services by mail and email; and
- with your consent, obtaining your sensitive personal data from third parties including your health, ethnic origin, or criminal prosecutions from third parties such as employers and credit reference agencies, fraud prevention agencies and other similar organisations.
We will not transfer any client personal data outside the European Economic Area (“EEA”).
Special category data
Special category data is personal data which is more sensitive than Personal Data. This includes your racial or ethnic origin, political opinions, religious or philosophical beliefs. It also covers the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning health, a person’s sex life or sexual orientation.
It is almost certain that we will request some or all of the information covered under special category data during our relationship. In order for us to lawfully process Special Category Data, we require additional explicit consent from you, due to its sensitive nature, to enable us to process your specific information.
We will collect details such as contact names, address, email address and telephone number in order to contact you about goods and/or services we have ordered from you, to comply with our contractual obligations and to place further orders. We may share your personal data with our employees to manage our relationship with you and we will keep your personal data for as long as we require your goods and/or services subject to guidelines set down by our Regulators. We will not transfer your personal data outside the EEA.
We may use client personal data to provide you with details about our services, and business updates and events which we think may be of interest. We will not use your data for marketing purposes of any sort unless you have expressly given us your prior consent. The use of your data as detailed in this policy is not affected by whether you choose to consent to the use of data for marketing purposes.
We may also like to pass your details onto other Investment, Pension or Financial Institutions within the UK so that they may contact you with details of their products and services, which may be of interest and/or beneficial to you. Before passing on your details we will obtain your consent to do so.
You have the right to opt-out of receiving this information at any time. To opt-out of receiving such information you can:
- email us at [email protected]
- or call 01603 431740 providing us with your name and contact details
Where you have subscribed to receive marketing correspondence from us we will keep your personal data according to the guidelines set down by our Regulators, from when you subscribed to receiving marketing information from us or until you unsubscribe from receiving such correspondence from us (whichever is earlier).
Legal basis for processing your personal data
In accordance with data protection legislation we are required to notify you of the legal basis upon which we process your personal data. We process your personal data for the following reasons:
- for performance of a contract we enter into with you;
- where necessary for compliance with a legal obligation we are subject to; and
- for our legitimate interests (as described within this policy).
We will also process your personal data including personal sensitive data where we have obtained your explicit consent.
Disclosure of your data to third parties
In addition to the third parties mentioned previously in this policy, we may disclose your personal data to third parties for the following legitimate business purposes:
- staff members in order to facilitate the provision of services to you;
- Compliance consultants that support us;
- secure system providers we use to deliver our services to you;
- to a prospective buyer of some or all of our business or assets, in which case personal data including your data will also be one of the transferred assets.
Full details of these companies addresses (all UK based) and contact details are available on request.
We may disclose your personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect our rights, property, or safety of our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will not sell or distribute your personal data to other organisations without your approval.
Cross-border data transfers
We do not transfer personal data outside the EEA. Where this is required in the future, we will ensure that safeguards are in place so that such transfers comply with data protection legislation.
Information you provide to us is held on our secure servers and by 3rd party providers we use to deliver our services to you. We have implemented the current appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. We will continue to review and update these measures in line with regulations. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk.
Access to, updating, deleting and restricting use of your data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
Data protection legislation gives you certain rights in relation to your personal data. You have the right to object to the processing of your personal data in certain circumstances and to withdraw your consent to the processing of your personal data where this has been provided.
You can also ask us to undertake the following: update or amend your personal data if you feel this is inaccurate;
- remove your personal data from our database entirely;
- send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract;
- restrict the use of your personal data; and
- provide you with access to information held about you and for this to be provided in an intelligible form.
We may request specific information from you to help us confirm your identity. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Please send any requests relating to the above to [email protected] specifying your name and the action you would like us to undertake. Note that in relation to requests to access personal data, we reserve the right to charge a reasonable fee to comply with your request. We will undertake to respond to you within 30 calendar days of receipt f your request. This can be delayed by a further 2 months but only where deemed necessary e.g. for highly complex cases going back a long time. In this case we will inform you in the first instance.
We shall not be obliged to provide you with the information where you already have this information, where we are subject to an obligation of professional secrecy prohibiting the disclosure of the information, where disclosure would render impossible or severely impair the achievement of the reasons for which the data is to be processed. In such cases, we will do what we can to protect your rights and freedoms with respect to our processing of the data.
Holding your data
We will keep personal data for as long as you have a relationship with us or as defined by our Regulators who set requirements to retain your data for specified minimum periods. These are, generally:
- Five years for investment business
- Indefinitely for pension transfers and opt-out business
- Three years for insurance business
These are minimum periods, during which we have a legal obligation to retain your records.
After the relationship ends we will keep the data where we may need it for our legitimate purposes e.g. to help us to respond to queries or complaints, or for other reasons e.g. fighting financial crime and responding to requests from our Regulators. We will store your personal data until such time as we believe it is no longer required to be retained.
In addition to the reviews of data for accuracy and currency to be carried out, we will continually review data which we are processing, and where in our opinion such data has ceased to be active data, we will archive it and process it only as archived data.
Access to archived data will be restricted by us to senior personnel having specific duties and training with respect to Data Protection Law and will only be processed in the limited circumstances.
All storage of data whether of active data or archived data will be in accordance with good industry practice and will incorporate appropriate organisational and technological measures, which will be regularly updated, to maintain the security of data.
On termination or expiry of any agreement to provide services with you, on your written request, and subject to our right to retain copies of data for the purposes set out above, we agree to return to you any data you have provided to us in a structured format or transmit the data to a new data controller nominated by you.
Right to withdraw consent
Where you have provided your consent to the collection, processing and transfer of your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of data processing based on consent before it is withdrawn. To withdraw your consent please email [email protected]
If you have any questions, comments or requests regarding this policy or how we use your personal data please contact us at firstname.lastname@example.org. This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied with our response to any issues you raise