IFPC Ltd is the data controller. This means it decides how the personal data it holds is processed and for what purposes. We subscribe to the principles of the data protection legislation governed by the General Data Protection Regulation (the GDPR). We collect the minimum amount of information about you, commensurate with providing a satisfactory service.
Personal Data – what is it?
Personal data relates to any information relating to an identified or identifiable natural person; an individual who can be identified from that data, directly or indirectly. Identification can be achieved by using the person’s information on its own or in conjunction with any other related information available with the data controller.
What Information do we collect?
The types of personal data that may be collected include:
- Identity: name, marital status, date of birth, gender, national insurance number, driving licence, passport, nationality
- Contact: address, email address and telephone number
- Financial and professional: details about your work, financial position, status and history
- Relationships: information about your family
- Products and services: those you have and those we may provide to you
- Attitude to investment risk: collected via completion of a questionnaire
- Lifestyle information: hobbies and interests
- Special types of data: health, racial/ethnic origin, religious/philosophical beliefs
In addition, we may also obtain personal data from reputable sources, including:
- Social Media
- Relevant data in the public domain (Corporate websites)
- Referrals from existing clients
How and why we use this information?
We may use your information to:
- carry out our obligations arising from any contracts entered into by you and us
- communicate directly with you via telephone, e-mail, and other forms of electronic communication
- provide you with information about services we offer, or those you have requested and may be of interest to you
- process personal data you provide (if you have their permission) about others associated with you, such as a spouse, parent, guardian, child, other family member, a representative of our client, or a trustee, settlor or beneficiary
- deal with any complaints which may arise in the future
- if you are a candidate for role within our firm, we use your personal data as part of the recruitment process
- if you are viewing our website, some of your personal data may be collected by cookies. Please see the statement on our website relating to cookies under ‘Important Information’.
Legal basis for processing
The main legal basis we rely on for processing your personal data is the performance of our contract. The data that we collect is necessary for us to be able to provide you with the service you request. Data processing is also necessary for us to comply with legal obligations and for our legitimate interests such as providing a high-quality, tailored service being able to respond to future enquiries or claims.
Where is personal data stored?
All data is stored in the UK and EEA. Electronic data is backed up to discs and stored locally, but also to OneDrive for Business which currently stores data in Dublin or Holland. This data will be transferred to the UK in 2018.
How is your data shared?
We will not share your information with third parties for marketing purposes unless you have given us consent to do so. Your personal data will be treated as strictly confidential and will be shared only with our service providers for the purposes described in this statement. Personal data relating to health is only processed where it is necessary to fulfil our client’s instructions. We will ask you to consent to our obtaining of such information and to processing it for that purpose.
Third Party Product/Service Providers: We work closely with various third-party financial product and service providers to bring you a range of financial products and related services. As such, certain information may be shared with these third-parties for the purposes of completing tasks and providing products/services to you on our behalf, as requested by you. These include: financial product and service administrators e.g. product providers, custodian companies, compliance consultants, IT systems suppliers, accountants, lawyers, ID verification firms, marketing agencies, document management providers. However, we will disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We may disclose your personal data if we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. Your data may also be transferred to the Financial Conduct Authority or any other statutory, governmental or regulatory body if required.
How is your data processed?
IFPC complies with its GDPR obligations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from unauthorised access, loss, misuse and disclosure and by ensuring that technical measures are in place to protect personal data.
How long do we keep your data?
We have a legitimate interest to keep all records relating to our business for our internal purposes and to deal with queries or complaints which may arise. We keep personal data of clients only for so long as it is necessary to provide you with our products and services while you are a client and afterwards for so long as necessary to meet our legal or regulatory obligations or, if longer, for in relation to claims which could be made against us. However, as most of the data is stored electronically and backed up regularly, it cannot be selectively erased or destroyed. Consequently, personal data will be retained indefinitely. On receipt of a deletion request from you, data will be moved from a live to storage-only archive with restricted access
The GDPR provides the following rights for individuals:
- The right to be informed about the collection and use of your information
- The right of access to a copy of your personal information
- The right of rectification – please inform us if your data needs updating or correcting
- The right to erasure – if you believe that holding your data is no longer necessary or you withdraw your consent
- The right to restrict processing – if you consider that we no longer need to process your personal data
- The right to data portability – you may decide to use a third party of your choice and hence you can ask your personal data to be transferred accordingly
- The right to object – you can ask us to stop sending you any marketing or other messages at any time
- Rights in relation to automated decision making and profiling – in some cases e.g. ID verification, automated systems are used. You have the right to request that one of our employees make that decision.
Handling telephone calls and other electronic communications
Information Commissioner’s Office (ICO) contact details
You can contact the ICO on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or by post at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
To exercise all relevant rights for queries or complaints please contact Umesh Raj Daswani at IFPC Ltd;
T: 01727 837128