Lucas Fettes Financial Planning is committed to protecting your privacy and maintaining the security of any personal information received from you. We adhere to the requirements of the Data Protection Act (2018) in the UK.
Information we gather about you
We do not collect any sensitive information about you unless you provide us with the information.
If you complete any of our contact forms, you will have provided us with a combination of your name, email address and/or telephone number.
- In order to provide a financial planning service to you both initially and ongoing we will collect and hold certain information required regarding your financial and personal circumstances. This may also include special categories of personal data such as information about your health, if this is necessary for the provision of our services. This is also applicable to corporate clients, where we may need to be provided with company and/or employee data in order to suitably deliver our service.
As such, in both instances it is the client’s responsibility to keep us informed of their up-to-date information.
How we use your information
We use your information to:
- Respond to your questions via the contact forms on our website
- Send you appropriate information you have requested
- Ensure the appropriate expert contacts you if you have requested contact from us
- Undertake internal marketing analysis
- Keep your financial data and circumstances up to date in order to ensure that our advice continues to be in your best interest (where we have agreed to provide this service)
- Where applicable we will share your information with providers so that we can recommend and deliver the correct service for you and your circumstances. We will have contracts in place so that we agree how they may use your data
These organisations may include; Virtual Cabinet, IRESS and moneyinfo Limited, who host our online client portals and give access to our online valuation and/or secure document transmission services; IRESS, who host our online comparison quotation portal; Voyant, who host our online cash flow planning tool; and Selectapension, who host our online research tool.
- Contact you with information we deem relevant to you. You reserve the right to unsubscribe at any time
- If you apply for a vacancy with us, we shall use your information to assess your suitability and to respond to you
Information about connected individuals
We may need to gather personal information about your close family members and dependents in order to provide our services to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We can provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
We are a Data Controller for all personal data collected about our private clients. We will only ever use your data for the purpose it was initially collected, unless we have a separate lawful basis. We will always be forthcoming about how we wish to use your information.
Employers we are providing services to will be the controller of data in respect of its employees. We will also act as a Data Controller.
Product providers and insurers that we share information with, for the purpose of providing our services, are not to be viewed as Sub-processors, but as Data controllers. They will have their own contracts with you for this.
Data processors are third parties who provide elements of our service for us. We have contracts in place with our data processors which restricts the use of your data. By this we mean that they cannot do anything with your personal information unless we have instructed them to do it. We will never permit Data Processors to share your personal information with any organisation apart from us, unless it forms part of our service to you. Data Processors will retain your information securely and are obliged to report any breach to us immediately, without hesitation – by which time we shall report it directly to the appropriate authority.
Your information shall be retained by us for up to 7 years, thereafter it shall be deleted unless we are required by law or regulatory rules to keep it for a longer period. Where ongoing advice and financial transactions have taken place we may retain records for longer than this period so that we are able to provide these to the regulator if required or demonstrate historical advice given.
Lawful basis for processing
To effectively provide our service to you we will conduct different processing activities which concern your data. In these instances, it is likely that we shall a have a different lawful basis for each processing activity.
We shall only provide communications to you that are not directly attributed to the core service we provide to you where there is Legitimate Interest. For these instances we will have conducted the appropriate Legitimate Interest Assessments (LIA). For communications which do form part of our core service, a lawful basis will not be required.
As aforementioned, where applicable, we will have a contractual or legislative obligation for data processing which will permit us to retain, share, or refuse access to, personal and financial information where we typically would not. Where this is the case you shall be informed as to why, as well as the contact details of who to contact should you wish to complain.
We will continue to ensure that we have the suitable measures in place to continue to use the appropriate lawful basis for our processing activities.
What will we not do?
- We will never ask you for access to your passwords and will take every available action to protect your information. We recommend that you keep your password information safe always and refrain from sharing it with other individuals.
- We will never sell, share or rent your personal information to any third party, other than approved service providers, without your express permission. We will never share your information internally, unless it is part of that individuals job role.
- We will never send you material that does not form part of our core service to you without the presence of legitimate interest.
Your full set of rights are:
- The right to be informed of the data we hold concerning you and how we process that information
- The right of access to the information we hold concerning you (Subject Access Request)
- The right to request rectification of your information
- The right to be forgotten (Erasure)
- The right to restrict the processing of your data
- The right to object to our processing activities/ or withdraw consent.
You hold the right to request access to any data we hold that concerns you, as well as the amendment and erasure of this. However, we do retain the right to deny a Subject Access Request if it is manifestly excessive or unfounded.
Similarly, an erasure request will also be denied where we are obligated to keep the data. This includes through applicable legislation, at the regulator’s request or where there is risk to us. Where this is the case you shall be informed as to why. In addition, you shall be given the contact details of the correct supervisory body should you wish to complain.
It is necessary for us to make a record all telephone calls where advice is given, an agreement is made or where we deem it necessary. This is so that we comply with the guidelines set out by our regulatory body and the applicable legislation. We reserve this right as a contingency concerning any potential future concerns.
Similar to our telephone policy, we reserve the right to store emails where we give advice or when an agreement is made. We may also retain emails where advice is not given if we deem this is required as a record for future reference. These emails will be stored by us for up to 7 years, thereafter they shall be deleted unless we are required by law or regulatory rules to keep them for a longer period. All emails deemed to be unnecessary will be deleted prior to this period.
In order to continue to provide you with the highest level of service we may need to share your information with providers to ensure competitive rates. This will typically be through email.
For the communication of sensitive information through email, we utilise an external service which allows us to encrypt and password protect emails and subsequent attachments. This along with the ability to integrate the automatic expiration of an email after an agreed period of time, significantly reduces the risk of data breaches. This system also helps to protect us from receiving malicious emails.
When a visitor enters our website we use Google Analytics to monitor their behaviour. This allows us to track things such as pages visited, the length of time they spend within each section and how many visitors we receive. We use this to attempt to improve our website engagement and service as a whole, by no means do we acquire any specific, personal information related to any individual.
If you complete a contact form on our website, you will have provided us with your name, email address and/or telephone number.
We set a cookie on your computer for analytical purposes. A cookie is a small text file which allows us to recognise and count the number of unique visitors to our site and see how visitors move around the site. This helps us to improve the way our website works. Our cookie doesn’t collect any personal information about you and does your computer no harm at all.
If you do not want us to set this cookie on your computer, you can disable cookies through the privacy settings on your internet browser – you will find these settings in the tools menu.
We use Hootsuite, a third party service, to schedule and upload posts to LinkedIn and Twitter.
If you apply for a vacancy with us we will retain your information in order to assess your applicability for the role that you have applied for. This is applicable for the entirety of our recruitment process. Currently we retain candidate information for a maximum of 12 months after the end of our recruitment process, unless you request for us to keep your details or give consent for your details to be kept in our system.
We will never use the information we gather for recruitment for any other purpose; we may however, with your permission, keep your information for similar vacancies that may arise in the future if you are unsuccessful with your primary application(s).
All information is kept digitally, we do not hold paper files concerning candidates.
We proactively undertake the appropriate technical and organisational security measures to protect against the loss, misuse or alteration of your data used by our system.
Data Protection Officer
We have emplaced a dedicated Data Protection Officer who is responsible for ensuring the security of any sensitive data that we handle. Our DPO regularly checks our data handling procedures to certify that the risk of data security breaches and the potential for misuse of data is minimalised.
In the case of a data breach, our DPO would report this to the appropriate authority immediately.
To contact our DPO please call 01603 706 820 or email email@example.com. Alternatively, address your letter to “Data Protection Officer” using the office address provided.
Links to other websites
Email – firstname.lastname@example.org
Telephone – 01603 706 820
Post – Lakeside 500, Old Chapel Way, Broadland Business Park, Norwich, NR7 0WG