Your Personal Data – A Statement of Our Practice
This Statement explains to our customers, and potential customers, how we will gather, keep safe and process their personal data.
The lawful bases on which we may collect and process personal data
We (and those working for us) may process your personal data because:
- We must do so in order to fulfil our contractual obligations to you.
- We have a legal or regulatory obligation to do so.
- We believe there is a legitimate interest in doing so (after giving due consideration to the possible detriment to you and the potential benefits to all parties).
- Exceptionally to protect the vital interests of you or your dependents – for example to process a claim on a policy when we become aware that you are not capable of initiating it yourself.
Why we collect personal data
Like many businesses, we need to know who our customers are and how to contact them.
As a financial services business, though, our responsibilities are greater than most.
We have to:
- Take precautions against our business being used to facilitate criminal activities or disposing of the proceeds of crime.
- Comply with financial services regulations – including making sure that any product we recommend is suitable.
If we agree to arrange a financial product for you, we must:
- Liaise with the product provider.
So, unless you are prepared to provide that personal data – including, where necessary, proof of your identity and residency – we are not lawfully able to do business with you.
We will also use it to meet any contractual or regulatory requirement to review your plans or deal with any query or complaint you may have.
If we review your plans we may take the opportunity to make you aware of any other product which the information available to us indicates may be suitable or appropriate for you but we will not use your data for any other marketing purpose. Nor will we pass on your data to anybody else for marketing purposes.
Your details might be used to guide us to identify the type of customer base we have and the type of products for which they are likely to be suited generally (but we would not specifically market it to you without your consent).
In the unlikely event of a complaint, details would be used to analyse the circumstances to see if lessons could be drawn and to promote consistency. General details might be shared with other firms to do this across our industry but unless a complaint to another firm involved you personally we would only provide your personal details to a recognised dispute resolution body such as an Ombudsman.
What personal data we gather
Clearly we need your name and address. We also need a variety of details about you, your health, your earnings, your aims and aspirations, your ethical views and your family so that we can build up a full picture about you. Some of this personal data may be sensitive.
You do not have to answer any question you do not wish to but it may affect the advice we give you and we would not normally be held at fault if we failed to take account of a fact that you had not told us about.
Who we share your personal data with
We may share your personal data with:
- Any person to whom you have granted specific consent to see it within the last six months unless you specify a different period when granting consent or it is apparent that the purpose behind granting the consent has not yet been fulfilled.
- Any product provider with whom you have had, or apply for a financial services product to enable them to meet their contractual, regulatory or legal obligations.
- Any facilitator of such a financial product – this includes companies with whom you have an investment account that allows you to diversify your investments with different providers. This includes self invested personal pensions and vehicles known as “wraps” or “platforms” and similar accounts.
- People or organisations working for us at any time to meet our legal and/or regulatory obligations.
- Regulators, such as the Financial Conduct Authority
- Law enforcement agencies, including the Police.
How we hold your data
We hold your data electronically. That is to say, it is in a digital format readable by a computer. This has the advantage that:
- It takes less space than a paper file.
- It is less prone to damage than a paper file – sheets cannot get dog eared or fall out.
- It is easier to retrieve, copy and where permitted, share it with you or somebody else.
- It is encrypted so that even if stolen it cannot be easily read.
- We are able to keep secure off site backups.
So we will only normally retain paper records whilst we are actually working on your file for example whilst an application for a policy or plan is being processed.
Your rights over your personal data
You are entitled to:
- Expect us to keep your personal data safe
- Know what personal data we hold on you.
- Know the reason we hold the data we do – and how we are processing it.
- Ask us to correct any personal data that is incorrect.
- Ask us to stop processing your personal data.
- Ask us to “forget” you.
Limits on your rights over your personal data
- If we arrange for documents to be sent to the last address you have given us, we do not think it is reasonable that we should be held responsible if you no longer live there if you have not told us that you have moved.
- We cannot normally charge to provide details of your personal data, or how we use it (as at May 2018) unless the requests are excessive. “Excessive” is not defined in the regulations but we would give consideration to whether a request was excessive if it was less than six months since you last made such a request. In doing so, we would have regard to whether you wanted further copies of data previously provided or simply details of any changes since the last request.
- We will correct data if you tell us it is incorrect or out of date. However, for regulatory and legal reasons, we need to retain records of the basis of any recommendation we make or any product we arrange for you.
- Similarly, if you ask us to “forget” you, we will stop processing your personal data but we need to be able to explain any recommendation we have made to you – and why we have discontinued any contractual, regulatory or legal obligation to provide ongoing advice in the event of a query or dispute in the future. There may also be other legal or regulatory queries we are asked to address. Therefore we will retain your file but not action it.
- Under current regulations, there is no time limit on how long after the event such a query might be raised so we will need to retain the data indefinitely but it will be encrypted and will only be opened if we have good cause to do so.
Refusal to provide details of your personal data
There are some exceptional circumstances in which we may be justified in refusing to provide details of your personal data. These include:
- If we are not properly satisfied that the person requesting the personal data is actually you. This is more likely to occur if we have lost touch with you. If this is the case, we may ask for evidence of your identity and/or your current address. We appreciate that this may inconvenience you but it is done for your protection.
- We cannot provide the data without revealing the personal data of another person unless that person has given their consent for us to do so.
- We have good reason to believe that releasing the personal data to you could cause you harm.
- The data is the subject of regulatory or legal action which prevents us from releasing it.
- We have recently provided the same data to you.
Releasing personal data to your representatives
We will normally release personal data to somebody we are satisfied is acting on your behalf and in your best interests and to whom you have consented to us sending it. However, we will not:
- Release data that we have recently provided to you or any other person acting for you – because you already have it.
- Anybody we are not satisfied has proper consent to receive it or is acting in your best interests – including if they are in breach of any relevant law or code of practice. In such circumstances, if we consider it appropriate we may send the data directly to you so that you have control over whether you decide to release it to them or not.
Requesting details of your personal data
You can request copies of your personal data by writing to:
The Data Protection Officer
Thomas & Co Financial Services
98 Ock Street
If you are a current customer of ours you can also ask your current adviser to arrange for it to be provided.
Income or Growth
Areas of Expertise
© 2018 Thomas and Co Financial Services
Thomas & Co Financial Services is Authorised and Regulated by the Financial Conduct Authority.
Thomas & Co Financial Services is entered on the Financial Services Register under reference 137287 (https://www.fca.org.uk/register)