Privacy Policy

Why should you read this document?

During the course of dealing with us, we will ask you to provide us with detailed personal  information relating to your existing circumstances, your financial situation and, in some cases,  your health and family health history (Your Personal Data). This document is important as it  allows us to explain to you what we will need to do with Your Personal Data, and the various  rights you have in relation to Your Personal Data.

What do we mean by “Your Personal Data”?

Your Personal Data means any information that describes or relates to your personal  circumstances. Your Personal Data may identify you directly, for example your name, address,  date of birth, national insurance number. Your Personal Data may also identify you indirectly,  for example, your employment situation, your physical and mental health history, or any other  information that could be associated with your cultural or social identity.

In the context of providing you with financial advice or assistance your Personal Data may  include:

  • Title, name, date of birth, gender, nationality, civil/marital status, contact details, addresses  and documents that are necessary to verify your identity
  • Employment and remuneration information, (including salary/bonus  schemes/overtime/sick pay/other benefits), employment history
  • Bank account details, tax information, loans and credit commitments, personal credit  history, sources of income and expenditure, family circumstances and details of  dependents
  • Health status and history, details of treatment and prognosis, medical reports (further  details are provided below specifically with regard to the processing we may undertake in  relation to this type of information)
  • Any pre-existing investment, mortgage, finance and insurance products, tax, accountancy  or legal arrangements including Wills and Trusts and the terms and conditions relating to these

How we deal with Your Personal Data

When we speak with you about your requirements we do so on the basis that both parties are  entering a contract for the supply of services.

In order to perform that contract, and to arrange the products you require, we have the right  to use Your Personal Data for the purposes detailed below.

Either in the course of initial discussions with you or when the contract between us has come  to an end for whatever reason, we have the right to use Your Personal Data provided it is in  our legitimate business interest to do so and your rights are not affected. For example, we  may need to respond to requests from mortgage lenders, insurance providers and our Compliance Service Provider relating to the advice we have given to you, or to make contact  with you to seek feedback on the service you received.

On occasion, we will use Your Personal Data for contractual responsibilities we may owe our  regulator, The Financial Conduct Authority, or for wider compliance with any legal or regulatory  obligation to which we might be subject. In such circumstances, we would be processing Your  Personal Data in order to meet a legal, compliance or other regulatory obligation to which we  are subject.

The basis upon which we will process certain parts of Your Personal Data

We classify some of the information we may request as Your Special Data. This includes  details of your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation,  political opinions, trade union membership, information about your health and genetic and  biometric data, and is most likely to be required in dealing with, for example (but not  exclusively) life, health or disability insurance applications. We will record and use Your Special  Data in order to make enquiries of insurance or investment providers in relation to insurance  products that may meet your needs and to provide you with advice regarding the suitability of  any product that may be available to you.

If you have parental responsibility for children under the age of 13, it is also very likely that we  will record information on our systems that relates to those children and potentially, to their  Special Data.

The arrangement of certain types of insurance may involve disclosure by you to us of  information relating to historic or current criminal convictions or offences (together “Criminal  Disclosures”). This is relevant to insurance related activities such as underwriting, claims and  fraud management.

We will use Special Data and any Criminal Disclosures in the same way as Your Personal Data  generally, as set out in this Privacy Notice.

Information on Special Category Data and Criminal Disclosures must be capable of being  exchanged freely between insurance intermediaries such as our Firm, and insurance providers,  to enable customers to secure the important insurance protection that their needs require.

How do we collect Your Personal Data?

We will collect and record Your Personal Data from a variety of sources, but mainly directly  from you. We will usually ask you to provide information during the course of our initial  meetings or conversations with you to establish your circumstances, needs and preferences in  relation to any or all of the services that we provide. Data will be gathered either verbally, in  writing, or by electronic means including email.

We may also obtain some information from third parties, for example, credit checks,  information from your employer and searches of information in the public domain such as the  voters roll. If we use technology solutions to assist in the collection of Your Personal Data, for  example software that is able to verify your credit status, we will only do so if we have consent  from you, for us, or our nominated processor to access your information in this manner. With  regards to electronic ID checks we would not require your consent but will inform you of how  such software operates and the purpose for which it is used.

What happens to Your Personal Data when it is disclosed to us?

In the course of handling Your Personal Data, we will:

  • Record and store Your Personal Data in our paper files and on our computer systems  which may include websites, email, hard drives, cloud facilities and mobile devices. This  information can only be accessed by employees and consultants within our firm, firms  within our group and only when it is necessary to provide our service to you and to  perform any administration tasks associated with or incidental to that service. Occasionally, and only when necessary, this may extend to sharing data access with 3rdparties (see ‘Sharing Your Personal Data’).
  • Use some 3rd Party computer software to store and process your personal data to  maintain and enhance the service we provide. Due diligence has been completed on these  service providers to ensure that they handle data in a safe and sufficient way in  accordance with GDPR legislation and with contractual and UK Data Protection Bill  protection. Further information is available upon request.
  • Submit Your Personal Data both in paper form and on-line via a secure portal. The  provision of this information to a third party is essential in allowing us to progress any  enquiry or application made on your behalf and to deal with any additional questions or  administrative issues that lenders and providers may raise.
  • Use Your Personal Data for the purposes of responding to any queries you may have in  relation to any advice or services we provide to you, or to inform you of any developments  in relation to those products and/or polices of which we might become aware.
  • We would like to share Chesterton House news, comment and updates on topics that may  not be directly relevant to the service(s) for which you have engaged us, as well as  promotional items such as events or products and services that we believe will be of  interest to you. We won’t share your details with anyone outside of our group for  marketing purposes.

Sharing Your Personal Data

In order to deliver our services to you effectively, from time to time Your Personal Data may be  shared with other organisations. These organisations may include:

  • Insurance companies, Pension Providers, Investment companies, Banking Institutions,  Third Party Solicitors and/or accountants, Mortgage Lenders, Commercial Lenders, Land  Registry, HMRC, Companies House, Medical Practitioners, Office of the Public Guardian,  or Probate Registry. Please note that this is not an exclusive list and other classes of  organisation may be included depending on your personal requirements.
  • Third parties who we believe will be able to assist us with your enquiry, application or  ongoing service, or who are able to support your needs as identified. These third parties  will include but may not be limited to, our Compliance Advisers, the Financial Conduct  Authority, Product specialists, administrative support specialists, estate agents,  providers of legal services such as estate planners, conveyancing, surveyors and  valuers, in each case where we believe this to be required due to your particular  circumstances.

Where 3rd parties are involved in processing your data, we’ll have a contract in place with them  to ensure that the nature and purpose of the processing is clear, that they are subject to a duty  of confidence in processing your data, and that they’ll only act in accordance with our written  instructions.

In each case, Your Personal Data will only be shared for the purposes set out in this Customer  Privacy Notice, i.e. to progress any products, advice or services that you request, and to  provide you with our professional services.

Please note that this sharing of Your Personal Data does not entitle such third parties to send  you marketing or promotional messages, it is shared to ensure we can adequately fulfil our  responsibilities to you, and as otherwise set out in this Customer Privacy Notice.

In order to deliver our service to you and provide you with effective advice, we may seek advice  from qualified specialists who are employed by the other firms within our group, which include  Chesterton House Financial Planning Ltd, Woolley Beardsleys & Bosworth LLP and Chesterton House Accounting Services LLP. Our Terms of Business includes your consent to share data  with other firms within our group for this purpose, if you have not signed a Terms of Business  we will require you to provide us with your authority to do so in writing.

We will co-operate with any lawyer, accountant, or other professional chosen by you with  regard to the creation or implementation of any recommendations.

The performance by us of our service will normally be limited to the transferring of data within  the EEA. Occasionally data transfer outside of the EEA may be required to support the  performance of our service. Any transfer of Your Personal Data either within or outside of the  EEA will be covered by adequacy regulations or appropriate safeguards as is required under  UK General Data Protection Regulations.

Security and retention of Your Personal Data

Your privacy is important to us, and we will keep Your Personal Data secure in accordance with  our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data  against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring  information to us, such as not sending confidential information over unprotected email,  ensuring email attachments are password protected or encrypted and only using secure  methods of postage when original documentation is being sent to us.

Your Personal Data will be retained by us either electronically or in paper form for a minimum  period of 6 years following the advice/service you receive from us, although your data could be  held for a longer period where this may be needed to meet the requirements of our regulatory  bodies or have a legal right. Such a right is likely to exist when we have arranged a long term  contract for you, or given advice on arrangements that may have long term implications, where we have a regulatory or legal obligation to retain the data, or where we consider there is a  possibility it may be required in order to defend against a future claim.

Your rights in relation to Your Personal Data

You can:

  • request copies of Your Personal Data that is under our control
  • ask us to further explain how we use Your Personal Data
  • ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such  request)
  • ask us to send an electronic copy of Your Personal Data to another organisation should  you wish
  • change the basis of any consent you may have provided to enable us to market to you  in the future (including withdrawing any consent in its entirety)

How to make contact with our Firm in relation to the use of Your Personal Data

If you have any questions or comments about this document, or wish to make contact in order  to exercise any of your rights set out within it please contact our Data Compliance Officer:

Andrew Jervis, 2-3 Rectory Place, Loughborough, Leicestershire, LE11 1UW.

If we feel we have a legal right not to deal with your request, or to action it in a different way to  how you have requested, we will inform you of this at the time.

You should also make contact with us as soon as possible on you becoming aware of any  unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own  regulatory obligations and safeguard your interests.

If you have any concerns or complaints as to how we have handled Your Personal Data you  may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted  through their website at https://ico.org.uk/global/contact-us/ or by writing to Information  Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Privacy Notice Version 3.1 – Effective September 2022