Westcotts Financial Management Limited’s Privacy Notice – Clients
Data Controller
Westcotts Financial Management Limited
26-28 Southernhay East
Exeter EX1 1NS
Any reference to ‘Westcotts Financial Management Limited’ or the ‘Firm’ as Data Controller within this privacy notice also refers to the wider firm which includes ‘Westcotts Chartered Accountants’, ‘Westcotts Business Recovery and Insolvency LLP’, ‘Westcotts Financial Management Limited’ trading as ‘Westcotts Chartered Financial Planners’ and ‘Westcotts Secretarial Limited’.
Data Protection Officer
To enquire about any aspect of this document or your associated data protection rights please contact Westcotts’ Data Protection Officer:
Mr P Tigwell
26-28 Southernhay East Exeter
Devon EX1 1NS
Email: patrick.tigwell@westcotts.uk
All initial contact should be in writing (by post or email).
General
Westcotts Financial Management Limited collects and processes personal data relating to its Clients to manage the client relationship. We are committed to being transparent about how we collect and use that data and to meet our data protection obligations.
Lawful reason for processing client personal data
The processing of personal data for and on behalf of existing clients will be carried out for the performance of the contractual arrangement as set out in our Engagement Terms which consist our Engagement Letter, Client Agreement and Terms & Conditions.
Westcotts Financial Management Limited may act as either the data Controller or Processor in accordance with GDPR. Unless the engagement terms makes it clear that Westcotts Financial Management Limited is the Processor, Westcotts Financial Management Limited is to be treated as the data Controller.
Categories of personal data collected by Westcotts Financial Management Limited
We collect and process a range of information about you. This includes:
• Name
• Gender
• Date of birth
• Place of birth
• Marital status
• Address
• How long at current address
• Country of residence
• Country of domicile
• NINO
• Telephone number
• Email address
• Medical conditions (including Health and Smoker status)
• Medication details
• Hazardous Pastimes
• Spouse details
• Dependants details
• Guardianship details (if guardian of anyone else’s children)
• Attorney details (if acting as attorney for someone else)
• Employment/self-employment details
• Details of employment benefits
• Income details
• Expenditure details
• Assets held (and associated info)
• Details of liabilities
• Planned retirement date
• Specific retirement plans
• Target pension income
• Details of pension provision
• Details of known or anticipated future changes to circumstances
• Details of emergency funds
• Power of Attorney details
• Details of existing protection policies
• Details of Will
• Details of gifts made in the last 7 years
• Details of trusts created
• Details of financial objectives and priorities
• Details of other professional advisors
• Bank/lender information
• Bank account details
• Financial Status details (arrears, CCJs, IVAs or bankruptcy orders)
• Attorney details (if acting as attorney for someone else)
The information held will depend upon the type of engagement. Some special categories of personal data are processed to carry out the terms of our contract.
The organisation may collect this information in a variety of ways. Most data will be supplied by the data subject (or the data controller in respect of engagements where the firm acts as data processor), representatives of the data subject or authorised third parties.
Intended recipients of the personal data
The engagement terms will make it clear where data must be supplied by Westcotts Financial Management Limited directly to third parties to include:
– Providers of professional service (e.g. outsourced paraplanning firms);
– Product or service providers.
– Third party agents of the client.
– The Pension’s Regulator
– Banks
– Westcotts Financial Management Limited Insurers
– Etc
Where Westcotts Financial Management Limited receives a request to submit data to a third party other than those specified by the engagement terms the consent of the data subject must be obtained before any data is released.
Legitimate interest of the controller
Whilst we may be primarily engaged by clients to carry out a specific task in accordance with the terms of the engagement there is an expectation that, alongside that specific task, we will be processing personal data more generally on an ongoing basis and to advise as necessary on other matters.
In addition to the primary purpose we are permitted to process personal data for direct marketing purposes in pursuing the legitimate interests of the Firm.
Processing of clients’ personal data for any purposes other than to complete the task set out within the engagement terms or direct marketing activities for anyone other than the firm is not permitted without obtaining the clients’ consent.
Retention period
Prior to engagement, where the firm holds data pending an instruction to act the firm intends to hold files for a period of 6 months from the date of the last correspondence relating to that potential instruction.
Upon engagement the firm intends to hold all files indefinitely unless it deems certain files to not be of any ongoing interest in which case these may be destroyed.
In considering whether documents should be destroyed management will consider, amongst other things, the legal retention period set out by statute and the firm’s professional indemnity insurance provisions.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the Firm during the engagement period. However, if you do not provide the information, the Firm may not be able to complete the process as set out within the engagement terms.
Use of Data Processors
• Financial market management tool
As data controller we use a third party data processor, Intelligent Office provided by Intelliflo Ltd, to provide us with details in respect of the key fund managers, product and tool providers in the UK financial services market. Some data held may be transferred to this platform to allow Westcotts Financial Management Limited to undertake necessary administration. For more information, please see Intelliflo’s privacy policy.
• Electronic mail
As data controller we use a third party data processor, Campaign Master UK Ltd, to deliver our electronic mail. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletters. For more information, please see Campaign Master’s privacy policy.
• Postal mail shots
As data controller from time to time we may use a third party data processor, Stormpress Ltd, to deliver circulations by post. Information is held by Stormpress Ltd for no longer than is necessary prior to being destroyed. For more information, please see Stormpress’s privacy policy.
• Event organisation
As data controller from time to time we may use a third party data processor, Eventbright, to issue tickets for events. Information is held by Eventbrite, Inc., a Delaware corporation. Eventbrite, Inc. participates and complies with the EU-U.S. Privacy Shield Framework. In the event that payment is required for an event then this information is held and managed by Eventbrite Operations (IE) Ltd.
For more information, please see Eventbrite’s privacy policy.
Information held by Eventbrite will be held within that platform for no longer than is necessary prior to being removed.
Information in respect of Event attendances may be held for a longer period outside of Eventbrite but again, this will be held for no longer than is necessary prior to being removed.
Your rights as data subject
Right of access – where Westcotts Financial Management Limited is processing or has processed your personal data you have rights as an individual to get a copy of the information that we hold about you. This is known as a subject access request.
For these to be managed effectively, subject access requests must be made in accordance with the guidance issued by the Information Commissioner’s Office (www.ico.org.uk/for-the-public/). All requests should be submitted to Westcotts’s Data Protection Officer.
Failure to submit a subject access request in this format may result in the request being rejected.
The right to rectification – you have the right to request rectification of your personal data where errors have been identified.
Any such request must be made verbally or in writing by post or via email to the Firm and a response will be issued within one month of receipt.
Please note that there may be instances where such requests cannot be fully satisfied and in such cases a full explanation will be provided within the response.
The right to erasure – you have the right to request erasure (also known as ‘the right to be forgotten’) of your personal data.
Any such request must be made verbally or in writing by post or via email to the Data Protection Officer and a response will be issued within one month of receipt.
Please note that there may be instances where such requests cannot be fully satisfied and in such cases a full explanation will be provided within the response.
Right to restriction of processing – you have the right to obtain from us a restriction of processing where one of the following applies:
a) The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
b) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.
c) We no longer need the personal data for the purposes of processing, but you require us to retain the data for the establishment, exercise or defence of legal claims.
d) An objection to the processing of personal data has been raised by you, for a period enabling us to consider whether your rights are overridden by our legitimate reasons to retain the data.
Right to data portability – where it is practicable to do so we will provide an active secure self-service system to provide your personal data held by us.
Where it is not practicable to provide an active self-service system, upon receipt of a ‘right of access request’ information held will be made available via a secure self-service system and direct access will be granted to you.
Where possible the data will be provided in a suitable electronic format which complies with the GDPR guidelines on data portability. Where this is not possible this will be explained.
Please note that the right to obtain access to personal data through a remotely accessed secure system should not adversely affect the rights and freedoms of others.
The right to object – you have the right to object to:
• processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
• direct marketing (including profiling); and
• processing for purposes of scientific/historical research and statistics.
Westcotts Financial Management Limited will adhere to the guidelines set by the Information Commissioner’s Office upon receipt of an objection. The objection can be made verbally or in writing to the firms marketing department or Data Protection Officer.
All processing will cease upon receipt of a relevant objection. The Data Protection Officer will issue a formal response to the objection within one month of receipt.
Automated decision making and profiling
The firm does not perform any tasks which rely solely on automated decision making or profiling.
Complaints or queries
Westcotts Financial Management Limited tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice has been drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Westcotts Financial Management Limited‘s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address above.
If you want to make a complaint about the way we have processed your personal information, in the first instance please contact the Data Protection Officer. If the Data Protection Officer is unable to satisfactorily deal with your complaint, or you are not satisfied with our response or believe our processing of your personal data is not in accordance with the law you can complain to the Information Commissioner.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.