This Privacy Notice contains important information about what data we collect, what we do with it, whom we may share it with (and why) and your choices and rights when it comes to the data you’ve given us. Below is information about who the data controller is and our contact details:
|Data Controller||Brighton Financial Ltd|
|Post||Brighton Financial Ltd, 337 Kingsway, Hove, East Sussex BN3 4PD|
If you’re not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO) which is the UK supervisory authority for data protection issues (www.ico.org.uk). We’d be grateful if you would contact us first, however, so we can try to resolve things for you.
It’s very important that the data we hold about you is accurate and up to date. Please let us know if at any time your data changes by emailing us at firstname.lastname@example.org.
2. What Information We’ll Collect from You
We’ll collect the following data from you:
|Type of Data||Example|
|Who you are||Your name, date of birth and contact details|
|Your existing financial products||Your bank account details, ISAs, pensions|
|Your contact with us||Meetings, phone calls, emails, letters|
|Data that’s automatically collected||Cookies when you visit one of our websites|
|Data you might give us about other people||Joint applicants or beneficiaries for products you have with us|
|‘Sensitive’ personal data||Health, marital or civil partnership status. This information will only be collected and used where it’s needed to provide the service you’ve requested or to comply with our legal obligations|
|Data on children||Where a child is named as a beneficiary on a financial product taken out by a parent or guardian on their behalf. In these cases, we’ll collect and use only the data required to identify the child|
What Are Cookies?
A cookie is a small file which is saved on your computer or other device when you visit our website (www.brightonfinancial.co.uk). Cookies store small pieces of information e.g. they’ll remember you’ve visited our website or performed a certain action.
Persistent cookies stay valid and will work until their expiry date (unless you delete them before they expire). Session cookies expire when you close your web browser.
3. Where We Collect Your Information
We’ll collect your personal information directly from you in the following ways:
- Meetings with us
- Phone conversations with us
- Emails or letters you send to us
- An application form for a product or service
- Registering for one of our events e.g. client evenings
We may also collect personal information on you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to give better contact information if we’re unable to contact you directly.
4. What We Collect and Use Your Information For
We take your privacy seriously and we’ll only ever collect and use information which is personal to you where it’s necessary, fair and lawful to do so. We’ll collect and use your information only where:
- You’ve given us your permission [consent] to send you information about our services offered
- It’s necessary to provide the service you’ve requested
- It’s necessary for us to meet our legal or regulatory obligations e.g. to sending you valuations
- It’s in the legitimate interests of us to deliver appropriate advice so you’re aware of the options that will help you get the best outcome from your product or investment
- it’s in the legitimate interests of a third party e.g. sharing information with your employer’s adviser for the governance of a pension scheme of which you’re a member
If you don’t wish us to collect and use your personal information in these ways, it might mean we’ll be unable to provide you with our products or services.
5. Whom We May Share Your Personal Data With
We may share your personal data as set out below for the purposes set out in the table above:
|Type of Organisation||Reason|
|Fund research||To enable us to carry out fund research on your behalf when delivering advice and ongoing services to you|
|Cashflow modelling||To enable us to build projections of your future financial position when advice and ongoing services to you|
|Paraplanning services||Assist us in carrying our research and analysis work during the process of delivering advice and ongoing services to you|
|Compliance services||Ensuring our business is regulatorily compliant and for the purposes of auditing our recommendations|
|Professional advisers||Including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services|
|HMRC & regulatory authorities||Who require reporting of processing activities in certain circumstances|
We require all third-parties to whom we share your data to respect the security of your data and to treat it in accordance with the law. We only allow such third-parties to process your personal data for specified purposes and in accordance with our instructions.
6. Where Your Information Is Processed
Countries outside of the European Economic Area (EEA) don’t always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We’ll only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You’ll have the right to withdraw this consent at any time.
Please email us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. How We Protect Your Information
We’ve put in place appropriate security measures to minimise the risk of your data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your data to those employees, agents, contractors and other third-parties who have a business need to know such data. They’ll only process your personal data on our instructions and they’re subject to a duty of confidentiality.
We’ve put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. How Long We Keep Your Information
We’ll only retain your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your data, whether we can achieve those purposes through other means, and the applicable legal requirements.
All personal data will be deleted 25 years after any advice is delivered unless we receive a request for data erasure from you in the meantime, in which case, provided we’re complying with our legal and regulatory requirements for holding your personal data, we’ll delete the personal data.
Where we engage with a you and no relationship develops or advice is given, we’ll delete all your personal data after a period of 3 months.
In some circumstances we may anonymise your data (so it can’t be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your data. These include the right to:
- Request access to your data
- Request correction of your data
- Request erasure of your data
- Object to processing of your data
- Request restriction of processing your data
- Request transfer of your data
- Right to withdraw consent
You can see more about these rights at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org.
You won’t have to pay a fee to access your data (or to exercise any of the other rights), however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights). This is a security measure to ensure that data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 1 month. Occasionally it may take us longer than 1 month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.