Otterbourne:
023 8025 5444

Client Privacy Notice

We at Encompass Financial Management, are committed to protecting and respecting your privacy and to be transparent regarding how we process your data. We are a ‘data controller’ under the General Data Protection Regulation (GDPR) which means we are responsible for determining the purposes for which and the means by which personal data is processed.

It is important that you read this notice so that you are aware of how and why we use your personal data.

Data Protection Principles

We will comply with the seven key principles for data protection set out in the GDPR:

  • Lawfulness, fairness, and transparency – to obtain the data on a lawful basis, process the data fairly and keep you informed regarding the purposes and means of data processing, including through this notice
  • Purpose limitation – keep to the purpose of the data collection specified in this notice, except as set out in the Change of Purpose section below
  • Data minimisation – only collect personal data that is adequate, relevant, and limited to what is necessary for us to provide our services to you
  • Accuracy – take reasonable steps to erase inaccurate personal data without delay and maintain up to date records
  • Storage limitation – keep data in a form which permits the identification of data subjects for no longer than necessary
  • Integrity and confidentiality – to protect personal data against unlawful processing or accidental loss, destruction, or damage
  • Accountability – maintain policies and procedures for the governance of data collection and processing

What do we mean by “your personal data”?

Your personal data means any information that describes or relates to your personal circumstances. Your personal data may identify you directly, for example your name, address, date of birth and National Insurance number. Your personal data may also identify you indirectly, for example, your policy or plan numbers.

In the context of providing you with assistance in relation to your investments and/or insurance requirements your personal data may include:

  • Your title, names, date of birth, gender, nationality, national insurance number, civil/marital status, contact details, addresses, and documents that are necessary to verify your identity
  • Any pre-existing investment/mortgage/finance and/or insurance policies and plans and the terms and conditions relating to these
  • The terms and conditions you enter with us, and any other information you provide to us to allow us to provide the services and deal with any queries or complaints you raise. This may include special category data (such as health data) and data about criminal convictions. We have provided more details about this in the section titled “The basis upon which we will process certain parts of your personal data” below.

The basis upon which we will deal with your personal data

We will only use your personal data when the law allows us to do so. Typically, this will be in relation to the following:

  • To enable us to take steps towards entering a contract with you and, thereafter, to perform the contract we have entered into with you
  • We need to comply with a legal obligation
  • It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • We have your consent to do so

Primarily we will use your data for the purpose of performing the contract we have entered with you. For example, we will use your data and data about your family’s circumstances to provide financial advice or investment management services to you, complete transactions on your behalf and manage our relationship with you. We will also use your data in corresponding with product providers with whom you hold policies or plans. Depending on the instructions received from you, we may pass your data to other professionals to enable us to provide advice most suited to your circumstances such as accountants, solicitors, tax advisers, and discretionary fund managers, and product providers, specialist advisers in the financial or insurance industry where you may benefit from the expertise of such third parties. We may also provide your data to third parties to enable us to provide our services to you such as companies in the Independent Wealth Planners (IWP UK) Group.

We may also use your data for the purpose of complying with a legal obligation or where it is necessary for our legitimate interests (or those of a third party). For example, we may provide your data to our Compliance Service Provider in order that they can monitor the quality of the service that we provide to you including the suitability of our advice. On occasion, we will use your personal data to fulfil responsibilities we may owe our regulator, The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing your personal data to meet a legal, compliance or other regulatory obligation to which we are subject. We are under a legal obligation to carry out anti-money laundering checks on you at the beginning of and during our relationship with you which will require certain information about you. We may also use your data for the legitimate interests of informing you of any developments in relation to the products and policies that you have or may take out and improving our services, marketing, customer relationships and experiences.

Where you have consented through our Client Agreement or otherwise, we will contact you about new products or services or events that may be of interest to you. You can withdraw your consent at any time, by contacting us using the details provided at the end of this notice or using the unsubscribe link at the end of each marketing email or text we send to you.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

Change of purpose

We will only use your personal information for the purpose for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance the GDPR and where this is required or permitted by the law.

The basis upon which we will process certain parts
of your personal data

Where you ask us to assist you with, for example, your insurance needs, in particular life insurance and insurance that may assist you in the event of an accident or illness, we will ask you information about your ethnic origin, your health and medical history (special category data). We will record and use your special category data to make enquiries of insurance providers in relation to insurance products that may meet your needs and to provide you with advice regarding the suitability of any product that may be available to you.

If you have parental responsibility for children under the age of 13, it is also very likely that we will record information on our systems that relates to those children and potentially, to their special category data.

The arrangement of certain types of insurance may involve disclosure by you to us of information relating to historic or current criminal convictions or offences (together ‘criminal disclosures’). This is relevant to insurance related activities such as underwriting, claims and fraud management.

We will use your special category data and any criminal disclosures in the same way as your personal data generally, as set out in this notice.

Information on special category data and criminal disclosures must be capable of being exchanged freely between insurance intermediaries such as us and insurance providers, to enable customers to secure the important insurance protection that their needs require.

How do we collect your personal data?

We will collect and record your personal data from a variety of sources, but mainly directly from you when carrying out our fact finding to provide our advice services. This may be verbally and in writing, including email.

We may also obtain some information from third parties, for example, information provided by product providers in relation to existing policies or plans you hold and searches of information in the public domain such as the voter’s roll. If we use technology solutions to assist in the collection of your personal data, we will only do this if we have consent from you for us or our nominated processor to access your information in this manner.

We may use a third party to carry out anti-money laundering checks on you, which we are required to carry out at the beginning of and during our relationship with you to comply with our legal obligations and this may result in a ‘soft’ footprint on your credit history. We may be provided with additional information about you from that third party as part of those checks, to the extent necessary to comply with our legal obligations.

What happens to your personal data when it is disclosed to us?

We will record and store your personal data in paper files, mobile devices, on our computer systems, on our hard drives and in our cloud facilities. This information can only be accessed by employees and consultants within our firm, and other Independent Wealth Planners (IWP UK) Group companies and our Compliance Services Provider. This information will only be accessed when it is necessary to provide our services to you or for the other purposes set out in this notice.

Sharing your personal data

From time to time your personal data will be shared with:

  • Investment providers and insurance providers.
  • Third parties who help us perform the duties in our contract with you, including:
    • Our Compliance Service Provider
    • Our paper-to-electronic data service provider
    • Our Group company Independent Wealth Planners (IWP UK) for the purposes of overseeing the standard of service provided to you and our compliance with our regulatory responsibilities

In each case, your Personal Data will only be shared for the purposes set out in this notice, e.g., to provide you with the administration and management services of your financial policies and plans. Please note that this sharing of your personal data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this notice.

We may also disclose your personal data to third parties:

  • if we are under a duty to disclose or share your personal data to comply with any legal obligation; and
  • to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this notice.

We do not envisage that the performance by us of our service will involve your personal data being transferred outside of the European Economic Area.

We store your data on our Customer Relationship Management (CRM) system. This is administered by our own employees and is hosted in a datacentre in the UK or Europe.

Security and retention of your personal data

Your privacy is important to us, and we will keep your personal data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard your personal data against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.

We will retain your personal data as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights in relation to your personal data

You can:

  • Request copies of your personal data that is under our control
  • Ask us to further explain how we use your personal data
  • Ask us to correct, delete or require us to restrict our use of your personal data (details as to the extent to which we can do this will be provided at the time of any such request)
  • Ask us to send an electronic copy of your personal data to another organisation should you wish

You also have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

Where we are relying on consent to process your personal data, you can withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Where you require to alter any aspect of your policies, we reserve the right to only accept instructions where accompanied by your signature(s). We may also need to request specific information from you to help us confirm your identity before you can exercise any of the rights set out above.

How to contact us or the ICO in relation to the
use of your personal data

If you have any questions or comments about this document, or wish to make contact to exercise any of your rights set out within it please contact: The Compliance Officer, 2nd Floor, 113 Winchester Road, Chandlers Ford, Hampshire, SO53 2GH or email liveyourdreams@encompassfm.co.uk
If we feel we have a legal right not to deal with your request, or to action it in different way to how you have requested, we will inform you of this at the time.

You should also contact us as soon as possible on you becoming aware of any unauthorised disclosure of your personal data so that we may investigate and fulfil our own regulatory obligations.

If you have any concerns or complaints as to how we have handled your personal data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contactus/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.