All companies within and connected to the group are aware of their obligations under the General Data Protection Regulation (GDPR) and are committed to respecting and protecting your privacy, through the secure and transparent processing of your personal data.
This Privacy Notice explains, in line with GDPR, how the group uses any personal information we collect about you to provide our services; it also explains how we handle and protect such information. Any organisations to whom we may pass your data will have their own obligations.
Why do we need to collect and use your personal data?
Our policy is to gather and process only the personal data considered necessary for us to deliver our services effectively and fulfil our own legal and regulatory obligations.
The primary legal basis on which we rely for the processing of your personal data, is to fulfil of our agreement or contract for services with you.
We may also seek to rely on the basis of compliance with the law (for example in relation to meeting our obligations to prevent money laundering, terrorist or proliferation financing), other legitimate interests, and/or consent where appropriate.
Where special category data (for example, that concerning your health) is required, we will generally seek to obtain your explicit consent in order for us to collect and process such information.
Data is also collected to help us better understand your needs and interests, to improve our own systems, products and services, and where you have consented, to send you relevant promotional and marketing information.
What personal information do we collect?
When you engage us to provide services, we obtain certain information relating to your personal and financial circumstances, and the following are examples of the types of information which might be collected, depending on the nature of the service:
- your identity, such as age, date of birth, gender and national insurance number;
- contact details, including your address, email, phone number and mobile number;
- employment details;
- family details;
- information regarding your current health condition;
- associated third party information, this includes your spouse, children or beneficiaries of trusts;
- financial details, such as source of wealth, existing investments, savings accounts, tax returns, and bank details;
- details concerning your attitude to investment risk, in some cases via an external profiling questionnaire;
- lifestyle information (such as hobbies and interests);
- account activity, generated and collected through the provision of our services to you through 3rd party providers;
- Internal Protocol (IP) address, collected passively when you use our website or client portal.
We may also collect information when you complete surveys, provide feedback, or request literature, guides, or further details regarding our services.
As technology advances, we are always seeking new and innovative ways of undertaking our identification checks, which may include facial recognition and the use of other biometric data. We will take all reasonable steps to comply with prevailing and relevant legislation in this regard.
Information relating to usage of our website is collected using cookies, which are text files used for detecting the kind of device you are using in order to present content in the most appropriate manner, or for other purposes intended to enhance your experience. Further information pertaining to our website privacy is contained later in this Notice.
Special category, or 'sensitive' personal data
Certain categories of personal data are sensitive by nature and include information about an individual’s race, ethnic origin, political views, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation. Such information will be processed only with your consent, and in accordance with the terms on which we are engaged to work with you.
Information about connected individuals
To provide our services effectively, we may need to gather personal information about your close family members and dependents. In such cases, we rely on you to have obtained the consent of the people concerned, to pass their information on to us. We will be happy to provide them with a copy of this Notice upon request.
Processing and maintaining your personal information
Please be assured that we, and any company associated with us will treat all data as confidential and will not process it other than for lawful and legitimate purposes.
Processing of data includes obtaining, recording, and holding information or data. It also includes transferring it for legitimate purposes to other parties (see below).
Appropriate measures will be taken to ensure the information we hold is kept up to date, not retained for longer than necessary, kept secure against unauthorised or unlawful processing (in so far as we are able), and protected from the risk of accidental loss or destruction.
In the interests of continuing suitability and provision of agreed services, it is essential that the information we hold about clients is current and accurate, so we ask you to notify us of changes (for example new address) at the earliest opportunity.
We, or any company associated with us may contact individuals by any means agreed to, for the purpose of fulfilling our contract and service agreement.
Sharing your information
We may share your information within our group of companies and connected businesses, and if you have provided consent, with your other professional advisers as appropriate.
To deliver our services effectively, we may share your details with the carefully selected third parties with whom we engage for professional services (such as compliance, legal, anti-money laundering verification, accountancy and IT), as well as product, platform and other service providers (such as providers of our client portal, investment platform, discretionary management, risk profiling and cashflow modelling software).
Where third parties are involved in the processing of your data, we will put stringent safeguards in place, including (where appropriate) a formal contract or agreement, to ensure that the nature and purpose of the processing is clear. This will also set out that they are subject to a duty of confidence in processing your data, and that they will only act in accordance with our formal agreement.
Where we have a legitimate interest to do so, we may share your personal data with other carefully selected third parties, for example in the context of the possible restructuring of the business. We may also need to share your personal data with a regulator, the Police, or to otherwise comply with the law. Examples of parties with whom we may share your data include (but are not limited to):
- HMRC;
- FCA;
- product providers;
- any third parties with whom you require or permit us to correspond;
- subcontractors;
- professional indemnity insurers;
- debt collection agencies; and
- related parties where necessary for administrative or contractual purposes.
Our client database and some software licences are held in common with other group companies and connected entities; where relevant, we take measures (insofar as is reasonably possible) to maintain client confidentiality and that access to personal data is on a “need to know” basis.
There will be occasions where we believe an individual may benefit from the service provided by another group company, so relevant information may be shared between companies within the group.
Where we submit an application for a product or service, we will need to pass on certain personal information as required by the provider to complete an application. In some cases this may include sensitive personal data (for example a life insurance application).
Where it is necessary for us to forward your personal data to a third party, we will use appropriate security measures to protect your personal data whilst it is in transit, which may involve password protection or encryption where proportionate and appropriate.
Once transferred, your information will become subject to the policies and controls of the recipient.
How we protect information
The security and confidentiality of your personal information is extremely important to us.
All personal data which is collected and recorded, whether on paper or electronically, has appropriate safeguards applied in line with our legal obligations.
Data is protected by our internal policies and procedures, which are designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees undertake regular training in relation to data protection and are subject to duties of confidentiality which apply to the personal data we obtain and process.
Our information security controls are aligned to industry standards and good practice. This provides a secure control environment that effectively manages risks to the confidentiality, integrity and availability of information. Additionally, our controls ensure we can restore your data in situations where the data is corrupted or lost in a disaster recovery situation.
Where appropriate, we use encryption or other security measures which we deem suitable to protect your information. We also review our security procedures periodically and will consider relevant new technologies and updated methods. But, despite our reasonable efforts, no security measure can ever be perfect or impenetrable.
If you would like more details or are concerned about any particular issue, please contact us (see later section ‘How to contact us’ for details).
Where your information is processed
Your information is mainly processed in the UK and European Economic Area (EEA). Where processing takes place outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as required by applicable data protection laws.
Retention of your information
During the course of our relationship, we will collect and retain personal data that is necessary for us to provide our services to you, and take reasonable steps to keep the information we hold up to date. In relation to some aspects of our business we are subject to regulations which require us to retain your data for specified minimum periods of time which are:
- Five years for investment business;
- Three years for insurance and mortgage business;
- Indefinitely for pension transfers and opt outs.
These are minimum periods, and we do reserve the right to retain data for longer where we believe it is in our legitimate interests to do so. Outside of our regulatory obligations, we would typically seek to retain records for a period of 7 years after the date our relationship ends. You do, however, have the right to request the deletion of your personal data, which we will comply with, subject to our regulatory obligations and legitimate interests as noted above.
Handling telephone calls and other electronic communications
We retain copies of electronic communications for record keeping, monitoring and quality purposes, the provision of our services and for audit and training purposes. We may record telephone or internet/video calls, access to which is restricted to those individuals who have a need to access them for the purposes set out here.
Our websites
Our websites are published, hosted and maintained by carefully selected business partners on our behalf, who will not collect personal data about individuals, except where it is specifically and knowingly provided by them.
When you visit our websites, the web servers will collect basic information such as your internet service provider’s domain name, the areas of our website you visited, and when.
Our websites may contain links to other third party websites which we believe may be of interest. It is important to note that these links will direct you away from our website, to other sites over which we have no control. We cannot, therefore, be responsible for the processing and privacy of your information by third party websites, and would refer you to their respective Privacy Notices and Policies. In some cases, we may receive remuneration from the providers of third party links displayed on our websites.
The websites may also use sharing tools, which allow you to share content through social networks such as Facebook or X (formerly Twitter). When you use one of these buttons, the social networking site may place a cookie on your computer – if you require additional information about how these third parties use cookies, you should check their cookie policy.
Cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic, which is used to tailor the experience to visitors’ needs, and improve our website. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages are found useful and by whom. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. Further information may be found at www.allaboutcookies.org
You can choose to accept or decline cookies, and most web browsers now require users to make that choice. You can usually modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the website. The main types of cookies are explained below:
- Required cookies are critical to the functionality of our websites, for example, to keep a user logged in to their account.
- Functional cookies are used to track visitors to our websites, helping us understand how websites are being used and help us improve the experience for others.
- Marketing cookies are used to track the number of people who click on third party links displayed in our websites, and provide statistical information.
Google Analytics
We may use Google analytics to help us understand how our websites are being used. It generates statistical information about website use by means of ‘cookies’ which are stored on users’ computers.
The information generated relating to our websites is used to create reports about the use of the website. Google stores this information. Google’s privacy policy is available at: https://policies.google.com/privacy
Marketing
We would like to send you information about our firms, services and other relevant information, including invitations to events we feel may be of interest, and require your express consent for us to be able to do so.
Where this consent has been given, you have the right to ask us to stop contacting you for marketing purposes at any time. For existing clients, opting out of marketing will not change how we communicate with you in the course of delivering our agreed services.
Where a client chooses to opt out of marketing, this will not supress communications such as our periodic newsletter, because this forms part of our service proposition and contains important information, including updates from our Investment Committee and Regulatory team.
There may be occasions where we use real client scenarios to inform case studies used in our marketing material and literature, and any testimonials provided may be used for marketing purposes. Where we do so, we will endeavour to remove information which could identify individuals to a third party, but you may recognise your own circumstances in scenarios presented.
Your rights in relation to Data Protection
You have various rights under data protection laws in relation to how we process your information. These are summarised below, and if you would like to find out more about our obligations, please visit the Information Commissioner’s website at www.ico.org.uk
If you are concerned about any aspect of our privacy arrangements please speak to us, or you may contact the Information Commissioner’s Office at:
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate)
Right to be informed
You have a right to receive clear and easy to understand information on what personal information we have, why we have it, and who we share it with.
Right to access your information
Subject to certain exceptions and exemptions, you are entitled to request a copy of the information we hold about you.
Where your personal data is processed by automated means, you have the right to request that we move your personal data to another organisation for their use.
We have an obligation to ensure that your personal information is accurate and up to date, so please ask us to correct or remove any information you feel is incorrect.
Right to request erasure
You can ask for your information to be deleted or removed, which will be done where there is not a compelling or regulatory/legal reason for us to retain it.
Right to restrict processing
You can ask to block or suppress the processing of your personal data for certain reasons. This means that we are still permitted to keep your information but only to ensure we do not use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal data for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way; for example, if you were moving your pension or savings account to another provider.
Right to object or withdraw consent
You can object to us processing your personal data, in which case we must cease to do so unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or for the establishment, exercise or defence of legal claims.
Where we are processing your personal data with your consent, this can be withdrawn at any time. This might, however, limit or remove our ability to act in accordance with the prevailing terms of engagement between us.
How to contact us
If you have any questions about this Privacy Notice, the personal data we will obtain and process, you wish to opt out of direct marketing, or wish to exercise any other of your rights as a Data Subject, please contact us:
The Private Office/ TPO Wealth | Savings Champion | TPO Invest | |
---|---|---|---|
Enquiries | enquiries@theprivateoffice.com | info@savingschampion.co.uk | support@tpoinvest.com |
Marketing | marketing@theprivateoffice.com | info@savingschampion.co.uk | support@tpoinvest.com |
By telephone | 0333 323 9060 | 0800 011 9705 | 0333 323 9067 |
In writing | No 2 The Bourse, Leeds, LS1 5DE | Cambridge House, Henry Street, Bath, BA1 1BT | No 2, The Bourse, Leeds, LS1 5DE |
Changes to our privacy notice
We keep our privacy notice under regular review and will publish updates on our websites. This notice was last updated in August 2023.