At Aurea Financial Planning Limited, we value our clients and we are committed to protecting and respecting your privacy.
This Privacy Notice explains in detail when and why we collect personal data, and the types of personal data we collect. It also explains how we store and handle the data, the conditions under which we disclose it to third parties and how we keep it safe.
We may change this Policy from time to time, so please check this page on our website occasionally to ensure that you’re happy with any changes. This policy was last updated in May 2018.
If you have any questions regarding this Policy and our privacy practices, please get in touch with our Privacy Manager, Helen Woolgar-Bowles. You can send an email to Helen@AureaFP.co.uk or write to her at the address below. Alternatively, you can call her on the number provided below.
Who we are
Aurea Financial Planning Limited is a Financial Planning company. Our Company Registration Number is 1327039. Our address is Suite 15, Cross Street Court, 11-13 Cross Street, Peterborough, PE1 1XA. Our telephone number is 01733 345525.
Legal bases we rely on
Data protection law says we are only allowed to use your personal information if we have a proper reason to do so. The law says we must have one or more of the reasons listed below:
- To fulfil a contract with you
- When it is our legal duty
- When it is in our legitimate interest, or
- When you consent to it
Personal Data is any data that can be used to identify a living person, either directly or indirectly. This could be through data such as name, address, date of birth, email address, location data or National Insurance number, but is not limited to.
When do we collect your personal data?
In order to provide you with financial planning services, Aurea Financial Planning Limited will collect and hold personal data on and about you. We will keep your data private and secure and we will never sell your data.
If you are seeking advice or other services from us, we will undertake a “getting to know you process”. This will include obtaining information about your personal and financial circumstances and objectives. Information would initially be obtained face to face, but ongoing information may also be gained through email or letters, over the phone, or in financial review meetings. As the information is required to enable us to provide our services, if you opt not to provide it, we may not be able to continue to advise you.
You will also be asked to provide documentation to prove your identity.
Where you have investments or polices, we will obtain information on these either from you, or upon consent from you, directly from the providers concerned. We will assess your Attitude to Risk and Capacity for loss and record this in our documentation. We will retain records of any investments or policies that you arrange through us.
There may be situations where the information we require is a special category of personal data under the legislation. In this case we will explain why we need it and obtain your consent to obtain the data.
Why we need your personal data
We will use your information in order for us to:
- Provide financial planning services to you. The information will act as the basis for any advice we provide, which may include, but is not limited to:
- Giving you financial advice and making recommendations as to investments and financial products which are suitable for you, taking into account your personal situation, goals and objectives, the availability of products and the providers of those products, as well as a detailed analysis of your personal circumstances and requirements;
- To carry out our obligations arising from any contracts entered into by you and us;
- Provide information to investment providers or life assurance firms for the purposes of arranging products and services for you;
- Provide our ongoing service to you.
- Comply with our regulatory obligations imposed by the Financial Conduct Authority in regard to the relevant ‘Know Your Client’ obligations and services we provide to you. In addition, to comply with the Regulator’s requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken and client histories for prescribed periods of time as directed.
- Respond to any legitimate legal requests for information about you to the Regulatory authority or pursuant to an order of any court or tribunal having relevant jurisdiction, or as required by law for the purposes of, but not limited to, combatting fraud, money-laundering and criminal activities.
- Carry out our legitimate business and professional management responsibilities which include, but are not limited to providing you with suitable advice, ensuring your portfolio and financial products continue to be suitable for you, adhere to anti money laundering requirements and investigating and resolving complaints.
- By signing a Letter of Engagement, which will set out your proposition and what Aurea Financial will do for you, you are entering into a contractual agreement.
Special Category Data
Special category data is personal data which is more sensitive than Personal Data. This includes your racial or ethnic origin, political opinions, religious or philosophical beliefs. It also covers the processing of genetic data, biometric data, data concerning health, a person’s sex life or sexual orientation.
Why we need your special category data
It is almost certain that we will request some of the information covered under special category data during our relationship.
We need your data in order for us to:
- Provide a full comprehensive financial plan, and other associated financial advice, life products or private medical insurance, which may include, but is not limited to, giving you financial advice and making recommendations as to investments and financial products which are suitable for you. Taking into account your personal situation, goals and objectives, the availability of products and the providers of those products, as well as a detailed analysis of your personal circumstances and requirements.
- Carry out our legitimate business and professional management responsibilities which include, but are not limited to, providing you with suitable advice. Appropriate safeguards will be in place and personal data will not be disclosed, without the consent of the data subject.
In order for us to lawfully process special category data, we require additional explicit consent from you, due to its sensitive nature, to enable us to process your information.
The consent tick box for Special Category Data is provided on page 12.
Your Rights in relation to your information
The accuracy of your information is important to us. Where we provide just an initial advice service, the information will reflect your situation at that time and we will not normally update this (apart from a change of contact information). Where we are providing an ongoing service, we will update the information as appropriate when we undertake a review with you. If your contact information changes between reviews, please notify us and we will update our records.
Under new EU requirements, you have a number of specific rights, these are summarised below:
The Right of Access – You may ask for a copy of the information Aurea Financial Planning Limited holds about you and we will provide this within one month of receipt of your request. This will be free of charge, unless the request is excessive, or repetitive, in which case, we reserve the right to charge a reasonable fee. In some cases we can refuse to respond, but you will be advised of this, with an explanation of why and informing you of your right to complain. For complex requests, we can extend the period of compliance by a further two months, but you will be advised of this within one month of receipt, with an explanation as to why.
The Right to Rectification – You may ask us to correct any information that we hold that is inaccurate or incomplete. If we have disclosed the personal data in question to third parties, we shall inform them of the rectification as soon as possible and advise you.
The Right to Erasure – You may ask us to delete or cease processing data in certain situations. Please note that we will have regulatory obligations to retain information for certain time periods and we will retain such information as we believe is necessary to fulfil these obligations. If the personal data has been disclosed to third parties, they will be informed about the data erasure request where possible.
The Right to Restrict Processing – By giving notice in writing, you may ask us to cease processing your data. We will undertake to comply with the request as soon as it is reasonably practicable. This means that we will be able to store the personal data, but no longer act upon it and process it. In the event that you no longer need our services and terminate them, we will automatically cease processing information.
Where the legal basis for the processing of your data is to adhere to compliance with a statutory or contractual obligation, or the necessary precondition to entering into a contract, including compliance with the requirements of any Regulator, we will inform you as to:
- Whether you are legally required to provide such data, and
- The consequences of failing to provide such data.
Where we obtain your data other than directly from you, you will have the same or equivalent rights to those set out above.
Save in the circumstance as detailed below, we will inform you which source the data originated from and whether it came from publically accessible sources. The information to be provided will be in accordance with the following time periods, whichever shall occur first:
- As soon as practicable after obtaining the data and in any event within 1 month;
- At the time of our first communication with you using the data;
- When the data is first disclosed to another person.
We shall not be obliged to provide you with the information:
- Where you already have this information;
- Where we are subject to an obligation of professional secrecy prohibiting the disclosure of the information;
- Where disclosure would render impossible, or severely impair the achievement of the reasons for which the data is to be processed. In such cases, we will do what we can to protect your rights and freedoms with respect to our processing of the data.
Holding your data
We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. In the course of any review, we will:
- Delete any data which is trivial or transitory in nature, or which in our opinion is no longer required for the purposes set out above.
- Update the data to ensure that any errors or inaccuracies are corrected.
- Archive data as detailed below.
- Subject to the data retention periods, as detailed below, securely delete the data when it is identified that we no longer need to hold it.
We may retain and process your data for the following periods. In the event that more than one period applies to the same data, we will retain the data to the last such period to expire:
- We will hold any agreements between you and us for a period of 6 years from the termination or expiry of the agreement unless we have been notified of any claim or circumstance which might give rise to a claim under or by reference to such agreements.
- We will process data relating to investments which we have provided advice on and / or arranged for you. We will process such data throughout the entire period you are and remain a client of the firm and for a period of not less than 6 years following our ceasing to provide service to you in regard to those investments. In the case of long-term investments we may process your data until the date of maturation of such long-term investments.
- We will hold data as required by any Regulator until the end of any limitation period imposed by that Regulator, which in the case of the Financial Conduct Authority is currently 6 years for all types of business undertaken, except for Occupational Pension Schemes, which can include Defined Benefit Transfers and Scheme Money Purchase Transfers, whereby the data retention period is indefinite.
- We will hold data as required by any relevant third party until the end of any limitation period imposed by that relevant third party, which in the case of HMRC shall be 7 years, unless we are notified that any period is considered “open” by HMRC, in which case it will be until we are notified the period is “closed”.
- We will hold data as required for the purposes of any legal proceedings for a period of 6 years, following the conclusion of any such proceedings, unless a longer period is required pursuant to any court rule or enactment. Proceedings will be taken to have concluded on the expiry of any period given for appealing any final judgment or on the date of concluding any settlement staying all relevant claims if the proceedings were settled before judgement.
- Save for the above, we will hold data for a maximum of 50 years from the date we receive the data.
We will regularly review data and where in our opinion such data has ceased to be Active, we will archive it and process it only as Archived Data. Any data which is deemed Archived Data will only be processed in limited circumstances.
All storage of data, whether Active Data or Archived Data, will be in accordance with good industry practice and will be undertaken in accordance with organisational systems and procedures, which will be regularly reviewed, to maintain the security of data.
The Right to Data Portability – On termination or expiry of any agreement to provide services to you, you may in writing, request us to return to you any data you have provided to us in a structured, commonly used machine-readable format, or transfer the data to a new data controller nominated by you. We will provide this within one month of receipt of your request and it will be provided free of charge. For complex requests, this may be extended by two months, but you will be advised of this within one month of receipt, with an explanation as to why. Please note that we will have regulatory obligations to retain copies of the information as outlined previously.
The Right to Object – You may have the right to object to us processing information or using it for direct marketing purposes.
Right to Withdraw Consent – You may withdraw your consent at any time. Please contact us in writing if you wish to do so.
Right to complain – If you believe that we are not holding your information correctly or you are unhappy with any dealings with us, regarding any aspect of the processing of your data and any breach of the above rights, you may complain to the Information Commissioners Office. They may be contacted at:
- Online: ico.org.uk
- Phone: 0303 123 1113
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Whom we may share your data with
In order to carry out our legitimate business and to provide you with financial planning services, we have entered into agreements with and will share your information, where applicable and with your consent, to one or more of the following trusted third parties. These lists are not exhaustive and may change.
|Interactive Investor||Canada Life||Vitality|
|Old Mutual||Ingenious||The Exeter|
|Transact||Investec||The Will Company|
|7IM||Legal & General|
When we use third parties, we disclose only the personal information that is necessary for them to deliver the service we have agreed on your behalf. A contract will be in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Please see below for the others companies we use to provide our services to you. This list is not exhaustive and may change.
- Fina Metrica (psychometric risk profiler)
- IRESS (quotation comparison system)
- Morningstar (investment research company)
- O&M (pensions research)
- Prestwood (Cashflow modelling system)
For the purposes of Compliance, IT, security, data management and control and auditing, please see below the companies we deal with for our day to day business.
- Answerlink (Telephone answering service)
- Complete IT Ltd (IT company)
- Compliance and Training Solutions Ltd (Compliance consultants)
- Rydal Communications (Telecommunications company)
Full details of any of the company addresses (all UK based) and contact details are available on request, along with the name and contact details of the data controller.
Sharing personal information between joint applicants
If you give personal information about someone else, for example, a joint applicant, you should only do so with their permission.
If you have a joint product, this might mean that your personal data is shared with the other applicant.
Undertaking anti-money laundering checks
To comply with money laundering regulations, there may be times when we need to confirm the name and address of our clients.
Recording phone calls
We record all phone calls and we may monitor these for regulatory purposes, to resolve any issues or queries, and to check that instructions have been carried out correctly. They may also be monitored for staff training and to help improve our quality of service.
Use of ‘cookies’
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Sending your data outside of the EEA
We will only send your data outside of the European Economic Area (EEA) to:
- Follow your instructions
- Comply with a legal duty
- Work with providers who hold your policies
Fina Metrica, the psychometric risk profiler is based in Australia.
If we do send it outside of the EEA, we will make sure it is protected in the same way as if it was being used in the EEA. We will use safeguards where we will put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
As part of the services offered to you through our website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
We will make appropriate contact with you to provide the agreed services. Where this includes our ongoing service, we will contact you at the agreed intervals to undertake our review. We may also contact you in between the agreed intervals if we believe that you need to take action (e.g. if you should consider making ISA or pension contributions before tax year end) or be aware of changes in the economic situation.
We will not contact you for marketing purposes by post, email, phone or text message unless you have given your prior consent.
You can revoke your consent or change your marketing preferences at any time by emailing Helen@AureaFP.co.uk
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it is retained securely and processed in a confidential manner. Your information may be accessed by your advisor and our support staff for the purposes of providing our services to you. In addition, it may be accessed by senior managers and our compliance consultants (or the FCA) for the purposes of ensuring compliance with our regulatory obligations and reviewing the quality of our advice.
Information may be transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information that passes between us, and you should consider the risk of this. Once we receive your information, we make our best effort to ensure its security on our systems.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
If any provision, or part thereof, of this agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
In the event of any change in Data Protection Law occurring, we shall revised our Privacy Notice.
Declaration and Consent:
We take your privacy very seriously and will only use your personal information and data to administer the services we have agreed to provide you with, including but not limited to any products or contracts for investments, pensions, life cover, equity release or discretionary investment management services you have made or entered into through our firm.
By signing this Privacy Notice you are confirming your agreement to these terms.
By signing this Privacy Notice you are also confirming your marketing preferences as detailed in the ‘Marketing’ section of this agreement whereby you have given your consent, or otherwise, for either us and/or Third Party providers to contact you about additional products and services.
You further acknowledge, by signing this Privacy Notice, that you have been made aware of, and give your consent to, this firm’s policy on sharing your data with other companies as detailed in the ‘Whom we may share your data with’ section of this agreement.
Special Category Data
In order for us to lawfully process special category data, we require additional explicit consent from you, due to its sensitive nature, to enable us to process your information.
It is possible we may wish to contact you with details of other investment, pension or financial products and/or services which we think may be of interest and/or beneficial to you, outside of your regular reviews.
If you do not tick any of the above options we will reasonably assume that you do not wish to be contacted by us in regard to additional investment, pension or financial products and services.
We currently send out Smart Money publications (approximately 4 per annum) and a Budget Summary, to clients that it is beneficial to. If you consent to us contacting you for this purpose then please tick the options below in regard to how you would like to be contacted:
We will not use your data for marketing purposes of any sort unless you have expressly given us your prior consent.
The use of your data as detailed in this Privacy Notice is not affected by whether you choose to consent to the use of data for marketing purposes.
From Third Party Investment, Pension or Financial Institutions within the UK:
We will not pass on your details to other Investment, Pension or Financial Institutions within the UK.
However, should the opportunity arise, you may opt in if you would like your details passed on, so that they may contact you with details of their products and services which may be of interest and/or beneficial to you. If you consent to us passing on your details to third party financial institutions within the UK for these purposes then please tick the options below in regard to how you would like them to contact you:
If you do not tick any of the above options we will reasonably assume that you do not wish to be contacted by any third party financial institutions within the UK in regard to their investment, pension or financial products and services.
You can revoke your consent or change your preferences at any time by emailing Helen@AureaFP.co.uk