Wren Sterling Financial Planning Limited and its Appointed Representatives (“WS”, “we”, “us”, or “our”) is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. WS processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When you make an enquiry with us about any of the services we offer, we’ll ask you to provide some contact information. This may include some or all of the following:
If you give personal information about someone else (such as a spouse or dependant), you must have their permission to do so.
Once we have gathered information from you and you subsequently make contact with us, we will use specific pieces of your information to help us identify you and verify that we are dealing with the right person.
Where we offer other products such as insurance, we will need to collect and process information that is “sensitive”. This type of information includes details about your health and any criminal convictions you have. Before we gather this type of information we will explain to you why it is required and will always store this information securely.
We use your personal information in various ways.
We will use it to confirm that you are who you say you are when you contact us. We will use it to verify your name and address and for Anti Money Laundering purposes by checking your details against our databases and to check against information held by GB Group Database that checks the electoral and credit agencies. We will also use the personal information we gather from you to formulate our advice and recommendations for the services we offer and to submit applications to product providers.
The law requires us to comply with a number of regulations. Where necessary, we use your personal data to allow us to fulfil our legal and regulatory requirements.
We will only share personal information with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. We use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with certain third parties including, but not limited to:
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres in the EU, and personal data may be stored in any one of them.
We use third parties acting on our behalf such as contractors, suppliers and/or agents (including, without limitation, customer care teams and processing centres) for the purposes of administration, credit and risk assessment, statistical research, marketing, product suitability and product sourcing in respect of products or services you have requested.
We engage auditors and professional advisers to perform specific work that helps us meet our legal, regulatory and statutory responsibilities. Any auditors or professional advisers that we use will have contractual arrangements and security mechanisms in place to protect data and to comply with our data protection, confidentiality and security standards
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
We perform anti-fraud, credit and security checks using your details and receive information about you from other sources (such as credit reference agencies) which will be added to the personal information which we already hold about you.
We may use your information for fraud investigation, detection and prevention measures and in order to provide suitable security for your account and your information that we hold (such as to enable us to prevent others logging in to your account without your permission from unknown devices). We may also use your information for the investigation, detection and prevention of crime (other than fraud).
Sometimes we may pass your information on to third parties who provide services to us. When we do this it is on the understanding that they care for your information as carefully as we do, keep it confidential and use it only for the agreed purposes above.
Throughout your relationship with us, we will hold your personal information securely in our systems. This will include any information provided by you or others in various ways, including (but not limited to):
Under Data Protection regulations individuals have a number of rights. These are as follows:
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data.
Right of access
Individuals have the right to access their personal data and supplementary information. Individuals have the right to obtain:
We will not charge for initial requests to provide information, but may charge a fee if requests for further copies of the same information are made. We will provide the requested information to you within a month of receiving your request, unless the request is complex or numerous in which case we may extend this period by up to a further two months.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to provide the information requested or refuse to respond. In these instances, we will inform you and explain our reason.
Before we proceed with any request, we will take steps to verify the identity of the person making the request.
Right to rectification
Individuals have the right to request that inaccurate personal data is rectified, or completed if it is incomplete. If you make such a request, we will take steps to verify whether the data is accurate. Where we accept that the information is inaccurate, we will take steps to rectify it. If we believe that the information is accurate and does not require rectification we will notify you and explain our reason.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to rectify the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.
Right to erasure (known as the “Right to be forgotten”)
Individuals have the right to have their personal data erased if:
The right to erasure does not apply where processing is necessary for one of the following reasons:
As an example, we are regulated by the FCA and are required to retain records that demonstrate the advice we provide to our customers. These records contain personal information and data that enables us to formulate our advice. We will not remove or delete any personal information or data until such time as our regulatory obligation has been fulfilled in respect of each transaction or piece of advice.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to remove the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.
Right to restrict processing
Individuals have the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data in the following circumstances:
If you choose to exercise this right, we may not be able to proceed with a transaction or provide you with our advice. This may mean that we are unable to submit or progress a transaction with a product provider. In these instances we will notify you of the impact of your request.
Right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. The right to data portability only applies:
Right to object
Individuals have the right to object to:
If you exercise your right to object, we will stop processing your personal data unless:
You can exercise your right to object at the first point of contact with us or at any other time by contacting us a detailed below. If exercising your right to object affects or prevent us from being able to provide you with one or any of the services we offer we will inform you.
To exercise any of your rights detailed above you can contact us as detailed below:
Data Protection Officer
13-19 Derby Road
Call: 0370 1432 100
We take the privacy of your personal information very seriously. If you ever feel you need to complain about how we’ve handled your personal information and data you can contact us as follows:
13-19 Derby Road
Call: 0370 1432 100
If you’re still unhappy with any aspect of how we handle your personal information, you also have the right to contact the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body set up to uphold information rights. You can contact it as follows:
Via its website: https://ico.org.uk
Information Commissioner’s Office
Call: 0303 123 1113
We reserve the right to alter this privacy notice at any time. Such alterations will be posted on our website. You can also obtain an up-to-date copy of our privacy notice by contacting us as follows:
Data Protection Officer
13-19 Derby Road
Call: 0370 1432 100
Should you object to any alteration, please contact us.