Mattinson Ginty & Partners (Employee Benefits) Limited (“we”, “us”, or “our”) are committed to respecting and protecting data privacy. This Privacy Notice (the “Notice”) explains how we will collect, store and use any personal data provided via our website, emails, meetings with our people and when Individual Clients, Corporate Clients, Employer Clients and/or Trustee Clients (“you”) otherwise communicate with us, including in the course of the financial services we provide or the running of our business.
Mattinson Ginty & Partners (Employee Benefits) Limited are registered with the Information Commissioner’s Office (ICO) as a Data Controller, registration number Z7285639.
Questions, comments and requests regarding this Privacy Notice can be:
Addressed to: Data Protection Compliance Manager
Mattinson Ginty & Partners (Employee Benefits) Limited
16 The Courtyard
Or telephoned to: 01925 765821
Or emailed to: firstname.lastname@example.org
Or sent via our Contact Us page on our website: www.mgpeb.co.uk/contact_us/
Please take the time to read this Notice, which contains important information about the way in which we process personal data.
For the purposes of this Notice, "European Data Protection Legislation" is defined as, for the periods in which they are in force, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) or any equivalent legislation amending, supplementing or replacing the GDPR.
This Notice may change from time to time and the up-to-date version will always be available on our website and becomes effective immediately.
Information we collect and use about you
We do not undertake any kind of marketing activities outside of our normal business activities and will therefore only ever collect personal data that is necessary for the type of product or service provided by us to you or serviced by us on your behalf and which meets both the requirements of the financial regulatory regime and the GDPR.
We collect information direct from you and/or from a variety of sources, including:
- Meetings with one of our Advisers
- Completion of Questionnaires
- Application forms for products or services or payment of benefits
- Phone conversations, emails or letters from you
- If you are a current or ex-worker of an employer who we currently, or have in the past, provided life and pension services to then your employer, or your employer’s other third-party providers (e.g. trustees, payroll providers etc), will have provided us with your data to enable us to fulfil our obligations in relation to those schemes which you are, were or may be entitled to become, a member of.
- We may also obtain personal information on you from other sources (such as product providers, HM Revenue & Customs, Department for Work & Pensions etc) to check or improve the information we hold.
Information we collect and use can include:
- Information about who you are e.g. title, full name and previous name(s), date of birth, national insurance number and contact details.
- Information about your employment details, e.g. employer, how long you have worked for them, your salary and benefit details.
- Information about advice we have provided to you.
- Information about products we have sold or serviced for you.
- Information about your contact with us e.g. meeting notes, phone calls, emails, letters etc.
- Information classified as ‘sensitive’ e.g. relating to health, lifestyle and marital or civil partnership status etc.
- Information you provide to us about other people, e.g. joint applications, beneficiaries or dependants etc.
- Any other personal data we are required to collect in the context of our work for you or in the course of operating our business, e.g. cookies on our website and data using your IP address (Google Analytics).
We will use your information for the following purposes:
- To provide advice and/or guidance in respect of life and pension matters.
- To provide products and/or services to you in respect of life and pension matters.
- To manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, accounting and relationship management purposes.
- To respond to any query that you may submit to us.
- To complete our contractual obligations to you, or otherwise taking steps as described in our engagement terms and/or our Retail Client Agreement (including any associated administration).
- To carry out any relevant conflict checks, anti-money laundering and sanctions checks and fulfilling our obligations under any relevant anti-money laundering law or regulation (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017).
- To send you any relevant information on the products and/or services you have entered into (or are about to enter into).
- To comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place.
- As we feel is necessary to prevent illegal activity or to protect our interests.
Legal grounds for processing your information
We will rely on the following legal bases under European Data Protection Legislation when processing Personal Data. That processing is:
- Necessary for the performance of a contract with you or to take steps preparatory to such a contract. We would not be able to act for you without personal data.
- Necessary for compliance with a legal obligation to which we are subject. Regulatory and other statutory requirements necessitate the collection and retention of personal data.
- Necessary for the purpose of legitimate interests. We have a legitimate interest as a financial services provider (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our clients, administering visits to our offices and ascertaining achievement of proper standards/compliance with policies, practices or procedures and in the context of the establishment, exercise or defence of legal claims.
We will rely on the following legal bases when processing Sensitive Personal Data. That processing is:
- By explicit consent of the data subject unless we can lawfully process this data for another reason permitted by the Data Protection Law. Data provided by you (in the course of completing application forms and questionnaires) or authorised by you to be divulged to us by a third party (medical reports etc). You will always have the opportunity to refuse to provide such data but you should bear in mind that this could preclude you from obtaining cover and/or enhanced benefits.
Sharing your information
The nature of our business means that your details, by necessity, will be shared with third parties to enable us to fulfil our contractual obligations to you.
If we share your information with any third parties they will process your information as either a Data Controller or as our Data Processor and this will depend on the purposes of our sharing your personal data. We will only share your personal data in compliance with the European Data Protection Legislation. We do not allow third party Data Processors to use your data for any other purposes than those we have agreed with them – we will not allow them to share your data with anyone else. Third Party Data Controllers (product providers, etc) dictate their own policy and you should satisfy yourself as to the content of their own Privacy Notices.
The third parties include:
- product providers & investment houses
- our insurers
- our auditors, including external accreditation bodies
- other professional advisors or third parties (including accountants & technical experts) with whom we engage as part of our work for our clients or who our clients separately engage in the same context
- our regulators e.g. the Financial Conduct Authority (FCA) including as permitted by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which, for the purposes of preventing money laundering or terrorist financing, may require us to disclose your personal data
- our data processors providing security, email security, data governance, archiving and other IT and business support services
- our internet service provider, email platform provider and our website platform provider
- analytics and search engine providers that assist us in the improvement and optimisation of our website
- any third party you ask us to share your data with.
We may also disclose your information to third parties when:
- you specifically request this, or it is necessary to provide our financial services to you (e.g. when we need to instruct experts in another jurisdiction to provide advice which you have requested)
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
- if our website or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of our website, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Our website may, from time to time, contain links to and from the websites of advertisers and partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We will never rent or sell your details to any other organisation.
Storage and retention of your personal data
Our processing (storage) is conducted in the UK for paper data and on servers based in the UK/EU for electronic data. We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our very best to protect your personal data, we cannot absolutely guarantee the security of your data.
The long-term nature of financial products means that it is necessary to hold data for very long periods of time but we will endeavour to not hold data for longer than is reasonably necessary or required by law or regulation or insurance. Typical retention periods would be:
- Data provided by, or in respect of, prospects which doesn’t materialise in advice and/or a product and/or a service will be deleted from our systems after 12 months.
- All other client/employer/trustee data will be stored in our systems for as long as we remain in business or a limitation period is introduced in respect of complaints to the ombudsman service. Data may be kept for longer periods if we cannot delete it for legal, regulatory or technical reasons (such as the business is transferred to a third-party purchaser).
We may also keep data for research, preventing conflicts of interests or statistical purposes. If we do, we will ensure that appropriate safeguards are in place to protect your privacy and that data is only used for those purposes.
The third parties we engage to provide services on your and our behalf will keep your data stored on their systems for as long as is necessary to provide their services to you and us and to also comply with their own Privacy Notices. As mentioned above, we do not allow third party Data Processors to use your data for any other purposes than those we have agreed with them – we will not allow them to share your data with anyone else. Third party Data Controllers (product providers, etc) dictate their own policy and you should satisfy yourself as to the content of their own Privacy Notices.
Sending your information outside of the EEA
If we need to share your personal data with a recipient outside the European Economic Area (“EEA”) (e.g. a professional advisor or third party engaged by us or you as part of our work under an engagement letter) we will do so in compliance with European Data Protection Legislation, including where applicable by ensuring that the transfer is necessary to perform a contract in place with you or a contract entered into in your interests. If these transfers affect you, you may contact us to obtain more precise information.
Our people may access our systems remotely when working abroad (including from jurisdictions outside the European Economic Area). Where they do so, they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.
Your information rights
The following are not absolute rights and many other considerations need to be taken into account. If you wish to pursue any of your rights or require additional information on any of the following points you should make your request via one of the contact points at the top of this Privacy Notice.
- The right to be informed – you have a right to be informed with clear and concise information about what we do with your personal data – this Privacy Notice does this.
- The right of access – you can access the personal information we hold (this is commonly referred to as subject access) and give you the right to obtain a copy of your personal data as well as other supplementary information.
- The right to rectification – you can ask to have inaccurate personal data rectified or completed if you feel it is incomplete. Please always notify us of any personal changes made e.g. name, address, etc.
- The right to erasure – you can ask to have personal data erased (also known as the right to be forgotten).
- The right to restrict processing – you can request that we restrict or suppress the processing of your personal data.
- The right to data portability – you have the right to obtain personal data that you have provided to us in a structured, commonly used and machine-readable format. You can also request that we transmit this data directly to another controller.
- The right to object – you can object to the processing of your personal data.
- Rights in relation to automated decision making and profiling.
We may ask you to provide proof of identity before we action any requests or show you your personal information – this is so we can prevent unauthorised access or amendment to your details.
For any access request that is deemed excessive or especially repetitive, we may charge a ‘reasonable fee’ for meeting that request. Similarly, we may charge a reasonable fee to comply with requests for further copies of the same information. (That fee will be based upon the administrative costs of providing the information).
In contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know by using one of the contact options at the top of this Notice.
As we only operate in the UK our data protection supervisory authority is the ICO. If you believe we are not processing your data in accordance with the Law you have the right to make a complaint to the ICO – for more details please visit their website – www.ico.org.uk
Last Updated: 25.05.18