When we provide our services to you, we will collect personal information about you [and others] and we want to be open and transparent with you as to the type of information we collect about you, why we collect such information, how we use it and who we may share it with.
The data controller of your personal information is Orchard House (IFAs) Ltd, a limited liability company registered at The Dutch Barn, Manor Farm, Peppard Common, Henley-on-Thames, Oxfordshire, RG9 5LA with company number 2986781 (“we”, or “us”, or “our”).
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Notice in the 'How to contact us' section
What type of personal information will be processed and why?
We may ask you to provide personal information by filling in hard copy forms and documents or by corresponding with us by phone, e-mail, letter or otherwise or during the course of our meetings with you.
Types of personal information
Identity details including your name and date of birth.
We may ask for copies of identity documents in which case we may collect details including your place of birth and residential address.
Why we collect it
- To carry out money laundering and for fraud and crime prevention and detection purposes.
- We will only ever use copies of identity documents for this purpose.
- We collect and process this personal information in order to comply with our legal and regulatory requirements.
Your contact details including your name, postal, phone and email address(es) and other personal details about you including your title, job title, marital status and date of birth.
- To contact you in order for us to manage, administer and provide our services to you.
- To respond to any correspondence and service-related enquiries you send to us in respect of our services.
- To discuss products or services for which you apply or may be interested in applying for.
- To manage any applications you make for products or services.
- To communicate any updates to, you including any changes to our services, the terms and conditions of any services which we have provided to you, any changes to this Notice and to our website.
- To contact you in order to receive your feedback on our services and to participate in related surveys.
Financial information relating to you, including pension contributions and current value, salary, bank account balances, credit card balances details of investments and payment card details
- To evaluate your eligibility for products, including fraud searches with fraud prevention agencies.
- To enable us to advise you on your financial circumstances and the appropriateness of specific courses of action and products.
- We collect and process this personal information for our legitimate business interests.
- To enable you to make payments for our services.
- We collect and process this personal information as is necessary for the entry into and performance of any agreements between us (i.e. to assess whether you are eligible for products, and once an agreement has been entered into between you and us, so that we can collect payments from your payment card).
Details of your dependants (name, address and date of birth)
- To enable us to provide you with services that you have requested that would involve, or have an impact on, your dependants (who may be adults or minors). Where those dependants are adults, please make sure that you have their permission to provide us with their personal information.
Details of contact that we have had with you such as meetings with you, fact-finding discussions and documentation, recommendations, referrals and quotes.
- To allow us to provide a professional service to you and to contact you with information about other services of ours that we think you may be interested in.
- We collect and process this personal information for our legitimate business interests.
Client experience and other feedback and information you provide to us.
Information about complaints and incidents.
Recordings of calls we receive or make.
- To review your feedback and experience with us so that we can improve our products and services for you and for our other clients.
- We collect and process this personal information for our legitimate business interests (and we may record calls both for quality and training purposes and to comply with our legal and regulatory obligations).
All of the personal information described above.
- We may disclose your personal information to third parties where we are required to do so to comply with applicable laws and regulatory requirements including in circumstances where we are required to do so by a court Order, regulatory authority or any other third party with the lawful right to request and receive the personal information we hold about you (including law enforcement agencies and tax authorities).
- We may also use your personal information where it is necessary for us to take legal advice in order to establish our legal rights, to bring a claim against you or any related parties or to defend a claim from you or any related parties.
- We collect and process this personal information for our legitimate business interests including to carry out our own internal business planning, compliance, training, audit and quality assurance purposes.
Depending upon the types of products and services you require, we may also need to collect information from and about you which the law considers to be sensitive, such as data about your physical or mental health, which we refer to as “special category personal data”. The special category personal data that we may ask you to provide, and the reasons why we ask you to provide it, are as follows:
Types of special category personal data
Information about your physical or mental health or condition.
Why we collect it
Certain products and services that you request may require this information. Specifically, in order for us to advise you on, and to submit applications for, health or life insurance products and services, we will need to collect information relating to your physical and mental health in order to obtain accurate quotes and to advise on the suitability of products (as insurance premiums and eligibility for products will in part depend on your physical and mental health). We will usually collect this information in the course of meetings with you, on specific questionnaires or in the process of completing an application form for such products and services.
Information about your sex life or sexual orientation.
Information about your racial or ethnic origin.
Some providers may ask for this information in the course of your application for their products or services.
We will never ask for this information for our own purposes.
We will only process the special category personal data listed above with your explicit consent. We ask for your consent to the processing of this data at the end of this Notice. You may choose not to provide us with this consent. Please note, however, that if you do not provide us with your consent to collect and process the information listed in the table above:
- we may not be able to advise you fully in respect of certain products and services which require this information (in particular those relating to health or life insurance);
- your application may be rejected by the providers of products and services which require this information; or
- the premiums quoted for such products and services may be higher than would be the case if this information were provided.
In some circumstances, we may receive information about you from third parties. In particular, we will receive information about you from Credit Reference Agencies and Fraud Prevention Agencies. This may include details of the products and services you have applied for, those lenders, finance and credit organisations with whom you have (and have had) an agreement, the amounts advanced, the amount and frequency of repayments and whether you have made your repayments on time and in full. This will help us make the best possible assessment of your financial situation before we decide whether we can provide you with our services and/or recommend any specific products and services. It is in our legitimate interests to process your personal information for this purpose. We may also ask you to provide Letters of Authority to allow us to receive information about you from providers.
Who might my personal information be shared with?
We may disclose your personal information to the following categories of recipients:
- to providers of financial services, insurance and investment products and services in order for us to undertake research for you, submit applications on your behalf and to receive updates from such providers in order for us to provide our services to you throughout the lifetime of our relationship with you.
- to our contracted suppliers and partners in order for them to help us provide our services to you, this includes:
- our CRM system to process and store your personal data for the purposes of evidencing the products and services offered to you.
- our suppliers of audit and regulatory compliance support services who may review our records containing your personal information in order to audit and report to us on our compliance with applicable laws and regulatory requirements.
- our solicitors, in the event of defending a legal claim brought against us by you.
- to other financial institutions or regulatory bodies with whom information is shared for money laundering checks and other fraud and crime prevention purposes.
- to a new owner of the business who will continue to use your personal data in the same way(s) that we have used it, as specified in this data protection notice.
- in limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings, a court order, or upon the instructions of a government authority.
If any of your personal data is shared with a third-party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under UK data protection legislation.
Our legal basis for processing personal information
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. In respect of the personal information and the purposes for which we may process your personal information which are set out in this Notice, we have confirmed the legal basis upon which we collect and process your personal information in the 'What type of personal information will be processed and why?' section above.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you or with your explicit consent, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
International data transfers
We may store some or all of your personal data in countries outside of the UK. These are known as “third countries”. We will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows:
- We will only store or transfer personal data in or to countries that are deemed to provide an adequate level of protection for personal data. For further information about adequacy decisions and adequacy regulations, please refer to the Information Commissioner’s Office.
Please contact us for further information about the particular data protection safeguards used by us when transferring your personal data to a third country.
Your data protection rights
You have the following data protection rights:
- If you wish to access, correct, or update of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below;
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. For specific information about our processing of your sensitive category personal data with your consent, please see the "Your consent to us processing your special category personal data" heading below. You have the right to complain to lodge a complaint with the UK’s Information Commissioner’s Office (ICO). We would welcome the opportunity to resolve your concern ourselves, so please contact us using the details under the “How to contact us” heading below.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with UK data protection laws.
Storage of Data
Unless otherwise instructed, all your data will be scanned and stored electronically onto our secure server as well as, where applicable, the hard copy of any document being stored in your personal folder and kept in a filing cabinet, sited within a locked filing room.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected, for example:
- to provide you with a product or service you have requested us to provide
- to perform our contractual obligations to you
- to comply with applicable legal, tax or accounting requirements
- to defend or manage any claims or complaints between us, you and any relevant third party including taking legal advice in respect of such claims in order to establish, exercise or defend our legal rights or such claims. This would include complaints and claims which you may bring against us or which are submitted to a court, regulatory authority or ombudsman
When we have no ongoing legitimate need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Updates to this Notice
We may change or update this Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
How to contact us
If you would like to contact us in relation to this Notice or if you have any other questions in respect of our processing of your personal information, please contact the Data Manager, Julian Yolland on 01491 412513, or on firstname.lastname@example.org .