GENERAL DATA PROTECTION REGULATIONS (GDPR)
You might be aware that the data protection laws are changing. The current data protection laws are set out in the Data Protection Act 1998. This is being replaced by the General Data Protection Regulations (GDPR) which comes into effect on 25 May 2018. The GDPR introduces a wide range of changes to ensure that organisations and businesses that hold your personal data provide high standards of data protection and transparency about their use of that personal data.
The new regulations also set out the circumstances in which we can hold and process your personal data.
The enclosed privacy notice provides some further details in relation to how Ringrose Grimsley Ltd and Vivid Finance handles personal information that we hold about you and other parties associated with you. You should share this notice with any party that is associated with you (e.g. dependants, beneficiary of a trust, will etc) if you have provided us with information about them.
Ringrose Grimsley Ltd and Vivid Finance
As your Independent Financial Advisers/Mortgage & Protection Broker, we hold details about the products we have advised or recommended on.
You may have provided some of your data directly to us. Other elements of the data we hold about you, if applicable, would have been provided by your employer, previous provider etc. We may also collect additional data from you at certain key points (for example, when you retire and draw any pension that you may be entitled to, or even when you move to another mortgage lender).
As we hold this data, this means that we are a ‘data controller’.
Basis for processing
As a data controller, we only pass your details to other organisations outside of Ringrose Grimsley Ltd and Vivid Finance when we gain your express consent to do so, i.e. when you’re making an application, or reviewing an existing product, to suit your needs. Processing includes actions such as recording, organising and storing data.
Our processing of your data is justified because, given our duties as your advisers, (including, for example our duty to act in the best interest of your financial situation) we have a legitimate interest in processing your data.
The processing is also necessary for compliance with the legal obligations we are under in relation to providing you and any governing body an accurate response with regards to any advice or recommendation given.
Finally, in some cases, you may also have given explicit consent for us to process your data for the purposes of us administering it; e.g. regularly reviewing a product when it has come to maturity etc.
What we do with your data?
As a data controller, we may sometime use third parties to process your data and may from time to time share your data with those third parties.
To run a group scheme, to review your financial circumstances, obtain the best product to suit your needs or even to apply for a product, we may have to liaise with a third party to do so, i.e. your employer, pension provider, lender etc. Some of these parties may transfer your data outside of the EU as part of the processing they undertake for us, but they are required by law to put appropriate safeguards in place if they do.
If we do release your data to a third party, we will advise you beforehand unless governed by law we are told not to do so, i.e. a fraud/police investigation.
In certain circumstances, we may also be required to share your personal data with other parties because a court or a law enforcement agency has asked us to do so. This could include sharing information with, for example, the police, the Pension Regular, the Financial Ombudsman, FCA, or HM Revenue and Customs.
How long do we keep your data for?
We will normally keep your data for a least as long as you are a member of a pension, group scheme, or have a live product that we still have a legal redress towards, as indicated by our regulator, the FCA.
If you cease to be a member of a pension, group scheme or the product we advised on has come to an end or cancelled, then we will assess the length of the period for which we need to retain your data. As pensions and mortgages tend to be long term benefits, it may make sense for us to retain your data for some time after you have ceased to be a member or hold the product, just in case for example, there are any queries about your benefits/product/recommendations in the future.
However, we would keep the length of time for which we retain your data your data under review. We would also cease to hold your data at any point where it became unreasonable for us to retain it.
We are required to let you know that you can request erasure of personal data or a restriction on our processing of it. In addition, you can object to us processing your data, and you will also have a right to obtain and resuse your data for your own purposes. Where we are relying on consent to process your data, you also have the right to withdraw that consent. However, because we need your data to be able to calculate, make regular reviews of your pension fund/investments, ensure mortgages are on track, or mortgages and protection plans are in-keeping with your financial situation, we do not expect that our clients will want or need to make this type of request.
You also have a right to request access to your data. If you make such a request, we will respond to it as soon we can and, in any event, within three months. If, once you review the data that we hold, you notice that there are mistakes or your circumstances may have changed, you can also ask us to rectify that data.
Finally you have right to lodge a complaint in relation to the way we deal with your data. In the first instance, we would always suggest that you take this up with us first. However, you can also complain directly to the Information Commissioner’s Office. The information Commissioner’s Office is the UK’s independent body set up to uphold information rights and its contact details can be found on its website: https://ico.org.uk. You can also call its helpline on 0303 123 1113.
If you would like to contact us about your data or have any queries in relation to the information set out above, you can do so directly using the following contact details:
Ringrose Grimsley Ltd/Vivid Finance
2 Milnyard Square
Telephone 01733 232249