Heathcote Financial Planning (HFP) is a trading name of The Mortgage and Protection Partnership Ltd.
HFP takes the privacy and protection of personal data seriously – we therefore ask you to read the following important information which explains how we collect, store and use your personal data.
1. Who are we?
HFP is registered in England under company number 8734287 and our office
address is 15 Gloucester Road, Ross-on-Wye, HR9 5BU
HFP is authorised and regulated by the Financial Conduct Authority under Firm
Reference Number 612049.
2. Under the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and the Data Protection Act 2018, we are required to give you certain information about the way your personal information is used.
This notice (together with our Statutory disclosures and any other documents
referred to in it) (“Privacy Notice”) sets out the basis on how any personal
information we collect from you, or that you provide to us, will be processed by us.
3. What do we mean by Personal Data?
By personal data (or personal information), we mean information that relates to
you and is used to identify you, either directly or in conjunction with other material
we may hold.
Some Personal Data may identify you directly, for example your name, address,
date of birth, national insurance number. Other Personal Data may also identify
you indirectly, for example, your employment situation, your physical and mental
health history, or any other information that could be associated with your cultural
or social identity.
In the context of HFP providing you with advice and guidance in relation to your
requirements your Personal Data may include:
• Name, Date of Birth, Gender, Nationality, Civil/Marital Status, Contact Details,
Addresses and any documents that are necessary to verify your identity
• Employment and remuneration information
• Bank account details, tax information, commitments for liabilities such as loans
and credit cards, personal credit history, sources of income and expenditure
• If you have parental responsibility for children under the age of 13, it is also very likely that we will record information on our systems that relates to those children and potentially, to their Special Category Data.
In addition, when you visit our sites or use our services, we may automatically collect the following information.
Technical information, including information obtained cookies, the Internet Protocol
(IP) address used to connect your computer to the internet, your login information,
your geographic location, browser type and version, browser plug-in types and
versions, operating system and platform.
We may also receive personal information from third parties that we work with
including:
- Companies that introduce you to us Financial Advisers
- Insurers
- Comparison websites
- Fraud prevention and/or Credit reference agencies
- Payroll service providers (In relation to Auto-Enrolment Pension products)
- Public information sources such as Companies House
- Agents working on our behalf
- Market researchers
- Regulatory bodies
- Government and law enforcement agencies.
4. What is Special Category Data?
Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These are known as ‘special categories of data’ such as:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health
- A person’s sex life
- Sexual orientation
There are further protections in relation to Criminal Offence data which can be found https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawfulbasis/a-guide-to-lawful-basis/lawful-basis-for-processing/criminal-offencedata/.
The arrangement of certain types of insurance may involve disclosure by you to us of information relating to historic or current criminal convictions or offences (together “Criminal Disclosures”). This relates to insurance related activities such as underwriting, claims and fraud management.
We will use Special Category Data and any Criminal Disclosures in the same way as Your Personal Data generally, as set out in this Privacy Notice. In order to process your Special Category Data however, we do require explicit consent.
5. Why do we collect information from you?
In order to undertake our services for you, we have the right to use your Personal Data provided it is in our legitimate business interest. We may be required to share this data with third parties such as providers, Insurance Companies and Regulatory and Legal bodies etc.
We use your personal information to enable us to:
a. Provision of services and advice or to provide you with the information,
products and services you have requested from us under ‘Legitimate Interest’.
b. To retain records of any services or advice we provide to you in order to defend
potential legal claims or complaints and to comply with our Legal and
Regulatory obligations.
c. To provide you with details of products and services we may feel be of interest
to you in accordance with your preferences. For more information see
‘Marketing’ below.
6. How do we collect information?
Most information we obtain will be directly from you during our meetings and
discussions or this may be in writing, including via email.
We may also need to obtain information from third parties in relation to verifying your identity. With regards to electronic ID checks we would not require your consent but will inform you of how such software operates and the purpose for which it is used.
7. How do we protect your personal information?
We have strict safeguarding processes to ensure that we meet our obligations under the Data Protection Regulations 2018. Your privacy is important to us and we will keep Your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard your Personal Data against it being accessed unlawfully or maliciously by a third party.
We will:
- Record and store your Personal Data in our paper files and electronic files on our computer systems, which can only be accessed by our staff when it is necessary to provide our service to you and to perform any administration tasks associated with, or incidental to, that service
- Submit your Personal Data to providers both electronically or via paper-basedforms to allow us to advise you or process your application for a product, or to obtain information as required as part of our services
- Use your Personal Data to respond to any queries you have on your policies under our Agency.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us.
Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or in instances whereby we have a Regulatory or Legal obligation to hold such information indefinitely.
8. What are your rights surrounding your personal information?
Your enhanced rights under the GDPR include:
• The right of access – we will provide a copy of your personal data within 30 days of requests. Requests can be made in writing, by phone or by email. We will not charge a fee for this unless we think your request is unfounded, excessive or repetitive; in which case we will inform you before proceeding with your request.
• The right to rectification – you may ask us to rectify any of your personal data which you believe is inaccurate or incomplete. We will respond within one month (this can be extended by two months where the request for rectification is complex). Requests can be made in writing, by phone or by email.
• The right to erasure – you have the right to request ‘to be forgotten’, i.e. for us to delete all records of your personal data. We will comply with your request, unless we have a legal obligation to continue to hold your personal data (in which case we will inform you of the reason why we cannot delete the data).
• The right to request a transfer of personal data – you can ask us to provide you
with your personal data to another data controller in a recognised format.
• Please note; the Legal and Regulatory obligation can, in some circumstances, limit the amount of personal or special category data that can be removed from our records.
9. Who do we share your personal information with?
We will only share your personal data with third parties when it is necessary for the service you have asked us to provide, or if we are required to do so as a legal or regulatory obligation. We have contracts/safeguards in place to ensure that they comply with the GDPR and treat the privacy of your personal data with the same importance as we do.
Your Data may be transferred outside of the EEA as part of the normal processing of Data, but this will only be where necessary and where there are sufficient safeguards in place.
10. Who to contact at in relation to your Personal Data
If you have any questions or comments about this document, or wish to contact us in order to exercise any of your rights or notify us of an unauthorised disclosure, please contact:
Data Protection Officer by email on steve@heathcotefp.co.uk, by telephone on 0333 3356087 or by writing to Heathcote Financial Planning, 15 Gloucester Road, Ross on Wye, HR9 5BU
If we feel we have a legal right not to deal with your request, or to action it in
different way to how you have requested, we will inform you accordingly.
If you have any concerns or complaints as to how we have handled Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
By signing below, you are consenting to us retaining your data for the purposes
outlined above.
By ticking this box, you are consenting to us obtaining and retaining your
Special Category Data for the purposes outlined above ☐
Name
Signature
Date
Please tick the boxes below if you give consent for us or any company associated
with us to contact you for marketing purposes by e-mail, telephone, post or SMS.
Name Marketing
Email Phone/ SMS Post