Privacy Policy

Wren Sterling Financial Planning Limited and its Appointed Representatives (“WS”, “we”, “us”, or “our”) is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others.  We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal Data

Personal data is any information relating to an identified or identifiable living person.  WS processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When you make an enquiry with us about any of the services we offer, we’ll ask you to provide some contact information. This may include some or all of the following:

  • full name
  • previous names
  • current home address
  • previous residential addresses
  • date of birth
  • landline and mobile phone number
  • email address
  • National Insurance Number

If you give personal information about someone else (such as a spouse or dependant), you must have their permission to do so.

Once we have gathered information from you and you subsequently make contact with us, we will use specific pieces of your information to help us identify you and verify that we are dealing with the right person.

Where we offer other products such as insurance, we will need to collect and process information that is “sensitive”. This type of information includes details about your health and any criminal convictions you have. Before we gather this type of information we will explain to you why it is required and will always store this information securely.

How do we use your personal information?

We use your personal information in various ways.

We will use it to confirm that you are who you say you are when you contact us.  We will use it to verify your name and address and for Anti Money Laundering purposes by checking your details against our databases and to check against information held by GB Group Database that checks the electoral and credit agencies. We will also use the personal information we gather from you to formulate our advice and recommendations for the services we offer and to submit applications to product providers.

The law requires us to comply with a number of regulations. Where necessary, we use your personal data to allow us to fulfil our legal and regulatory requirements.

We will only share personal information with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.  We use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with certain third parties including, but not limited to:

  • Investment providers
  • Solicitors (e.g. Trusts)
  • Insurance providers (e.g. Life & Critical Illness insurance)
  • General insurance providers (e.g. Home insurance)
  • Lead suppliers (if you were introduced to us by a third party)
  • Equifax (for identity checking)
  • GB Group (for identity checking)
  • External consultants/advisers to assist in assessing complaints

Your personal data may be transferred to these and other authorised parties:

Third party organisations that provide IT services and applications, administrative functions and support

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers powering and facilitating that cloud infrastructure are located in secure data centres in the EU, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

We use third parties acting on our behalf such as contractors, suppliers and/or agents (including, without limitation, customer care teams and processing centres) for the purposes of administration,  credit and risk assessment, statistical research, marketing, product suitability and product sourcing in respect of products or services you have requested.

Auditors and other professional advisers

We engage auditors and professional advisers to perform specific work that helps us meet our legal, regulatory and statutory responsibilities. Any auditors or professional advisers that we use will have contractual arrangements and security mechanisms in place to protect data and to comply with our data protection, confidentiality and security standards

Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.

We perform anti-fraud, credit and security checks using your details and receive information about you from other sources (such as credit reference agencies) which will be added to the personal information which we already hold about you.

We may use your information for fraud investigation, detection and prevention measures and in order to provide suitable security for your account and your information that we hold (such as to enable us to prevent others logging in to your account without your permission from unknown devices).  We may also use your information for the investigation, detection and prevention of crime (other than fraud). 

Third parties

Sometimes we may pass your information on to third parties who provide services to us. When we do this it is on the understanding that they care for your information as carefully as we do, keep it confidential and use it only for the agreed purposes above.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as the police, regulatory bodies or legal advisers in connection with any alleged criminal offence, unlawful activity or suspected breach of the Terms of Use and or the breach of other terms and conditions or otherwise where required by law or where we suspect harm or potential harm to others.  We will co-operate with any law enforcement authorities or court order requesting or directing us to disclose the identity or location of or any other information about anyone breaching any relevant terms and conditions or otherwise for the prevention or detection of crime or the apprehension or prosecution of offenders.  We shall not be obliged to give you any further notice of this.

Data Security

Throughout your relationship with us, we will hold your personal information securely in our systems. This will include any information provided by you or others in various ways, including (but not limited to):

  • in applications, emails and letters, during telephone calls and conversations in our offices, when registering for services, in customer surveys, when using our website, and during fact find reviews and interviews.
  • information we receive from or through other organisations (for example, credit reference agencies, insurance companies, comparison websites, social networks, and fraud prevention agencies) whether in the course of providing products and services to you or otherwise, and from information we gather from your use of and interaction with our internet and the devices you use to access them

Your Rights

Under Data Protection regulations individuals have a number of rights.  These are as follows:

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data.

We do this in our Privacy Policy.

Right of access

Individuals have the right to access their personal data and supplementary information. Individuals have the right to obtain:

  • confirmation that their data is being processed
  • access to their personal data
  • other supplementary information

We will not charge for initial requests to provide information, but may charge a fee if requests for further copies of the same information are made.  We will provide the requested information to you within a month of receiving your request, unless the request is complex or numerous in which case we may extend this period by up to a further two months.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to provide the information requested or refuse to respond.  In these instances, we will inform you and explain our reason.

Before we proceed with any request, we will take steps to verify the identity of the person making the request.

Right to rectification

Individuals have the right to request that inaccurate personal data is rectified, or completed if it is incomplete. If you make such a request, we will take steps to verify whether the data is accurate.  Where we accept that the information is inaccurate, we will take steps to rectify it.  If we believe that the information is accurate and does not require rectification we will notify you and explain our reason.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to rectify the information or refuse to deal with the request.  In these instances, we will inform you and explain our reason.

Right to erasure (known as the “Right to be forgotten”)

Individuals have the right to have their personal data erased if:

  • the personal data is no longer necessary for the purpose which it was originally collected
  • we rely upon consent as our lawful basis for holding the data and you withdraw that consent
  • we have processed your personal data unlawfully

The right to erasure does not apply where processing is necessary for one of the following reasons:

  • to exercise the right of freedom of expression and information
  • to comply with a legal obligation
  • for the performance of a task carried out in the public interest or in the exercise of official authority
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
  • for the establishment, exercise or defence of legal claims

As an example, we are regulated by the FCA and are required to retain records that demonstrate the advice we provide to our customers.  These records contain personal information and data that enables us to formulate our advice.  We will not remove or delete any personal information or data until such time as our regulatory obligation has been fulfilled in respect of each transaction or piece of advice.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to remove the information or refuse to deal with the request.  In these instances, we will inform you and explain our reason.

Right to restrict processing

Individuals have the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data in the following circumstances:

  • you contest the accuracy of your personal data and we are verifying its accuracy
  • the data has been unlawfully processed and you oppose erasure, requesting restrictions instead
  • we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim
  • you have objected to us processing your data and we are considering whether our legitimate grounds override your request

If you choose to exercise this right, we may not be able to proceed with a transaction or provide you with our advice.  This may mean that we are unable to submit or progress a transaction with a product provider.  In these instances we will notify you of the impact of your request.

Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. The right to data portability only applies:

  • to personal data you have provided to us
  • where the processing is based on your consent or for the performance of a contract
  • where processing is carried out by automated means
  • When responding to such a request, we would provide the personal data in a structured, commonly used and machine readable form, typically a .CSV file. We will provide this to you within one month of receiving your request.  If your request is complex or requires more time, we may extend this period by up to a further two months.  We will contact you and inform you why it will take longer.

Right to object

Individuals have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
  • direct marketing (including profiling)
  • processing for purposes of scientific/historical research and statistics.

If you exercise your right to object, we will stop processing your personal data unless:

  • there are compelling legitimate grounds for us to continue to process, which override your interests, rights and freedoms
  • the processing is for the establishment, exercise or defence of legal claims

You can exercise your right to object at the first point of contact with us or at any other time by contacting us a detailed below.  If exercising your right to object affects or prevent us from being able to provide you with one or any of the services we offer we will inform you.

To exercise any of your rights detailed above you can contact us as detailed below:

In writing:

Data Protection Officer

Wren Sterling

Castle Marina Road, Castle Bridge Office Village

Nottingham

NG7 1TN

Email: [email protected]

Call: 0370 1432 100

Complaints

We take the privacy of your personal information very seriously.  If you ever feel you need to complain about how we’ve handled your personal information and data you can contact us as follows:

Complaints Department

Wren Sterling

Castle Marina Road, Castle Bridge Office Village

Nottingham

NG7 1TN

Email: [email protected]

Call: 0370 1432 100

If you’re still unhappy with any aspect of how we handle your personal information, you also have the right to contact the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body set up to uphold information rights.  You can contact it as follows:

Via its website: https://ico.org.uk

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

SK9 5AF

Call: 0303 123 1113

Changes to this privacy notice

We reserve the right to alter this privacy notice at any time. Such alterations will be posted on our website. You can also obtain an up-to-date copy of our privacy notice by contacting us as follows:

In writing:

Data Protection Officer

Wren Sterling

Castle Marina Road, Castle Bridge Office Village

Nottingham

NG7 1TN

Email: [email protected]

Call: 0370 1432 100

Should you object to any alteration, please contact us.