GDPR Privacy Notice

Pannells Financial Planning Limited are committed to protecting your privacy and we want you to understand how we will use information collected from you, or provided to us, and the measures we take to safeguard the information.

Who are we?

We are one of the longest established and largest Independent Financial Planning firms in the UK. Established in 1989, we deliver highly specialised financial advice to individuals, companies and professional partnerships and have built a reputation based on the quality of service and impartial advice that we provide.

What is the purpose of this document? 

This privacy notice describes how we collect and use personal data about you in accordance with applicable data protection laws, including the General Data Protection Regulation 2016/679 (GDPR), the UK Data Protection Act 2018 (DPA) and any other national legislation that implements data protection laws in force from time to time that may reflect the provisions of the GDPR or DPA. This includes personal data collected about you:

  • As a prospective or current client
  • As an employee of a business client or business partner
  • As an individual with which we interact through our website or our other communication channels

This privacy notice applies to all personal data collected, maintained, transmitted, stored, retained, or otherwise used (i.e. processed) by us regardless of the media on which that personal data is stored. We may update this privacy notice at any time and will notify you in writing of any substantive changes.

For the purposes of data protection law, we are a “data controller”. This means that we are responsible for deciding how we hold and use personal data about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this privacy notice, together with any privacy notice we may provide on specific occasions when we are collecting or processing your personal data, so that you are aware of how and why we are using such information.

Data protection principles

We will comply with data protection law. This requires, among other matters, that the personal data we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about; and
  • Kept secure

Information we may collect from you

Categories of information about you that we may collect, store and use (as applicable) includes:

  • Information about who you are e.g. your name, gender, date of birth
  • Where we can contact you e.g. address, telephone number, email address
  • Who you work for, and your job function or department
  • Information relating to transactions with us involving you or the company you work for (for example, details of goods or services that we have supplied to, or obtained from, you or the person you work for)
  • Financial information e.g. your salary and bank account details
  • For proving who you are e.g. National Insurance Number, identification documents
  • Information about your contact with us e.g. through meetings, telephone calls, emails and letters
  • Information you may provide us about other people e.g. joint applicants or beneficiaries for products we advise on
  • Information on children e.g. where a child is named as a beneficiary on the policy taken out by a parent on their behalf
  • Where you are a corporate client, details we hold about your staff and corporate contacts (including if applicable staff family members)
  • Where you are a trustee of a trust, the details of all trustees and any other beneficial owners, settlors and protectors as we deem appropriate

Please note that we may also collect, store and use the following “special categories” of more sensitive personal data:

  • Information about your health, including any medical condition, health and sickness records
  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • Genetic information and biometric data
  • Information about criminal convictions and offences (only to the extent that you are a regulated employee in respect of which such information is required)

We collect this information for specific purposes, such as to provide you with financial advice, administer the plans we advise you or your employer on, prepare quotations and to meet our legal and regulatory obligations.  Please be assured that we will only use such special category and sensitive information for the purposes set out in this privacy note and as provided by law.

Where we collect your information

We may collect your information directly from various sources, including:

  • Information that you give us: This is information about you that you give us directly when you interact with us
    • This is information about you that you give us by filling in forms or by corresponding with us by telephone, e-mail or otherwise. It includes information you provide when you subscribe to our service or interact with our consultants, either on behalf of yourself or your employer
    • The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph
  • Information we receive from other sources: This is information we receive about you, of which we will notify you as required, from third parties we work closely with and includes:
    • Information provided by your employer relating to being a member of one their employee benefits schemes e.g. Workplace Pension Scheme, Group Life Scheme, Group Income Protection Scheme, Group Private Medical Insurance Scheme
    • Information we may receive from third party organisations that provide you with employee benefit services, such as insurers
    • Information from verification agencies, so we can check your identity
    • Information from other third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services)

How we use your information

We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations.  In some cases, we may use your personal data to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

You can see a full list of the types of data we process, the purpose for which we process it and the lawful basis on which it is processed here:

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest
To register you as a new client(a) Identity
(b) Contact
(a) Performance of a contract with you
To make suggestions and recommendations to you or your employer about services that may be of interest to you or your employer including our newsletter(a) Identity
(b) Contact
(c) Special category and sensitive personal data
(d) Usage
(e) Profile
(f) Transaction
(a) Performance of a contract with you or your employer
(b) Necessary for our legitimate interests (for example; for running our business, to develop our services and grow our business)
Provide you with financial advice (a) Identity
(b) Contact
(c) Special category and sensitive personal data
(d) Usage
(e) Transaction
(a) Performance of a contract with you or your employer
(b) Necessary for our legitimate interests (for example; for running our business, to develop our services and grow our business)
(c) Necessary to comply with a legal obligation
Prepare quotations for you or your employer(a) Identity
(b) Contact
(c) Transaction
(d) Special category and sensitive personal data
(a) Performance of a contract with you or your employer
Administer the plans and other employee benefits that we advise you or your employer on(a) Identity
(b) Contact
(c) Financial
(d) Special category and sensitive personal data
(e) Profile
(f) Transaction
(a) Performance of a contract with you or your employer
(b) Necessary for our legitimate interests (for example; for running our business, to develop our services and grow our business)
(c) Necessary to comply with a legal obligation
Supplying services to you or your employer you work for or receiving them from you or the company you work for, as the case may be(a) Identity
(b) Contact
(c) Profile
(d) Special category and sensitive personal data
(a) Performance of a contract with you or your employer
(b) Necessary to comply with a legal obligation
Notifying you or your employer about changes to our services(a) Identity
(b) Contact
(c) Profile
(a) Performance of a contract with you or your employer
(b) Necessary to comply with a legal obligation
To facilitate communications where you or your employer you work for are a customer or a supplier of ours or use our services(a) Identity
(b) Contact
(c) Profile
(a) Performance of a contract with you or your employer
(b) Necessary for our legitimate interests (for example; for running our business, to develop our services and grow our business)
(c) Necessary to comply with a legal obligation
Keep you informed of legislative updates(a) Identity
(b) Contact
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(a) Identity
(b) Contact
(c) Profile
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (for example; to keep our records updated)
To process and deliver your financial advice and servicing including but not limited to:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (for example; to recover debts due to us)
To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
For updating and enhancing client records, analysis for management purposes and statutory returns, crime prevention and legal and regulatory compliance(a) Identity
(b) Contact
(c) Technical
(d) Special category and sensitive personal data
(a) Performance of a contract with you or your employer
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)
Marketing and Communications(a) Identity
(b) Contact
(a) Performance of a contract with you or your employer
(b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)

Some of the above reasons will overlap and there may be several legal bases for processing which justify our use of your personal data.

If you do not wish us to collect and use your information in these ways, it may mean that we will be unable to provide you with our services.

Who we share your information with

For the purposes of providing you with our services and complying with legal and regulatory obligations, we may share your information with third parties who include:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this privacy notice.
  • Appropriate third parties including:
    • Our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for
    • Our auditors, legal advisors and other professional advisors or service providers
    • Credit reference agencies for the purpose of assessing your credit score where this is in the context of us entering into a contract with you or the person that you work for
    • Financial Services Providers
    • Your employer
    • Our regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO)
    • Law enforcement, credit and identity check agencies for the prevention and detection of crime
    • To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes
    • Organisations where you have given your authority
    • Our service providers e.g. IT companies who support our technology
    • Our professional advisers
  • We will disclose your personal information to third parties:
    • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you or the company you work for; or to protect the rights, property, or safety of Pannells Financial Planning Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime

Where your information is processed

Your information is stored on secure servers in the UK and European Economic Area (EEA). We do not transfer customer data outside the European Economic Area.

Pannells Financial Planning Limited holds data in various forms, including electronic databases and paper files. We take all reasonable steps necessary to ensure your data is adequately protected and processed in line with this privacy notice.

We take measures to safeguard your information, however we cannot guarantee the security of any data that you transfer over the internet to us prior to receipt by ourselves.

How we protect your information

In line with our data protection obligations we take every reasonable measure and precaution to protect and secure your information. Whether it has been collected, recorded or used in any way, appropriate safeguards will be applied.

We have processes and procedures in place which are regularly reviewed and are designed to protect your information.

Our employees receive annual training and receive regular updates to ensure they remain aware of our data protection obligations on an ongoing basis.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website.  Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

How long we keep your information

In principle your data shouldn’t be held for longer than is required under the terms of our contract for services with you. Also, we’re subject to regulatory requirements to retain data for specified minimum periods. We are also able to and reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us.

Your individual rights

Whilst Pannells Financial Planning Limited holds or processes your information, you have the following rights:

  • Right of access
    You have the right to request a copy of the information that we hold about you. If Pannells Financial Planning Limited refuses your request, we will provide you with a reason why, which you have the right to legally challenge
  • Right to request that your information be rectified (corrected)
    If your information we hold is inaccurate or incomplete, you can request that it is corrected
  • Right to be forgotten
    If certain conditions apply you can ask to have your information erased from our records. It may be that we will be unable to comply with your request if we have a legal or regulatory obligation to process or store your information
  • Right to restrict processing
    Where certain circumstances apply, you have the right to restrict the processing of your information. We can still keep your information, but only to ensure we don’t use it in the future for those reasons you have restricted
  • Right to data portability
    You have the right to have the information we hold about you transferred to another organisation
  • Right to object
    In certain circumstances you can object to Pannells Financial Planning Limited processing your information for direct marketing purposes
  • Rights related to automatic decision making including profiling
    You have the right not to be subject to the legal effects of automated processing or profiling
  • Right to be informed
    You have a right to receive clear and easy to understand information on why we hold your information, what we keep and who we share it with. We do this in our privacy notice

You can also exercise the rights listed above at any time by contacting our Data Protection Officer at the address set out below.

How to make a complaint

If, at any time, you are dissatisfied with how we have handled your personal data, you may write to our Data Protection Officer at 45 Church Street, Birmingham, B3 2RT (telephone number 0121 609 3298). We undertake to consider any complaint carefully and promptly and to do all we can to explain the position to you. Once we have investigated your complaint, if you are not happy with our response you can complain to the Information Commissioner’s Office (ICO) using the link below:

https://ico.org.uk/concerns/

Changes to our Privacy Notice

We keep our privacy notice under regular review and we may update this privacy notice and place a new version on our website. If there are important or substantive changes we will contact to let you know.

This privacy notice was last updated in July 2019.