Your right to privacy is important to us. This policy will explain your privacy rights and how we process, collect, manage and store those details and how your rights under the GDPR are adhered to.
We collect information about you so we can carry out the service we are contracted to do.
We will never pass your personal data to anyone else, without your explicit permission.
Personal data we collect about you
The type of personal data we collect about you and how it is used depends on what contact you have with us, your needs, the relationship you have with us and the products and services you hold or enquire about.
The following is information which we will need obtain about you:
- Title, name, date of birth, marital or civil status, gender, contact details, addresses, nationality. This also extends to documents that will help us to verify your identity.
- Employment and remuneration information, including salary, bonus schemes, any overtime, sick pay, other benefits and employment history.
- Bank account details, loans and other liabilities, tax information, income and expenditure, family circumstances and details of any dependents.
- Health status and history, details of treatment and prognosis and medical reports.
It can also include information which either you give to us or which we obtain about you.
We may also gather data from our website’s ‘contact us’ form, used to enquire about our services or from when you voluntarily complete client surveys.
Why do we collect this data?
The main reason we collect this data is to complete the services you have entered into a contract with us for. Without knowing any of this information, we would be unable to fulfil our legal and regulatory obligations. Therefore, it is essential we collect this information.
However, we also collect this data because you will have given us consent to do so. We will, before proceeding, ask you to provide us with your consent to the processing of your data.
If we need to collect special category data (e.g. heath or mental conditions, trade union membership, biometric data (verification or identification data)) we will obtain your explicit consent first.
How will we collect your data?
We will collect and record your data from a variety of sources; however, we rely mostly on this information coming directly from yourself. We will collect this information usually over a series of meetings, but most of this will be collected during our fact-finding meeting.
We may also collect this data from third-parties such as, credit checks, your employer etc.
How will we store your data?
All information you provide to us is stored on our secure servers. We will keep copies of your data on paper files and on our computer systems. Please note that this data can only be accessed by current employees of Longhurst. They will only access this data when they are providing you with advice, or are undertaking administrative tasks internally.
When your data is stored on paper, it will be kept in a secure place where unauthorised people cannot access it.
- Paper files will be locked in a drawer or in a filing cabinet and the key/code kept in a safe place where only a limited number of people have access to.
- When it is no longer required, the paper files will be shredded and dealt with as ‘confidential waste’.
- Our employees will make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
When your data is stored electronically, it will be protected from unauthorised access, accidental deletion, and malicious hacking attempts:
- Data will be protected by strong passwordsthat are changed regularly and never shared between employees.
- If your data is stored on removable media(like a CD or DVD), these will only be uploaded to an approved cloud computing service. When they are no longer required, they will be cleaned and destroyed.
- Servers containing personal data will be sited in a secure location, away from general office space.
- Your data will be backed up frequently. Those backups will be tested regularly, in line with the company’s standard backup procedures.
- Data will never be saved directlyto laptops or other mobile devices like tablets or smart phones.
- All servers and computers containing data will be protected by approved security software and a firewall.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). If this is the case, we will carry out thorough research first to ensure the third-party had sufficient procedures in place to ensure the security and safety of your data. If they cannot evidence this, we will not conduct business with them.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of it. We have a number of producers in place to help prevent any breach of any data which all members of staff are aware of and receive training on.
Sharing your data
Longhurst will only share your personal data where data protection law allows it, with adequate protection, and where appropriate. We will also have contracts in place to protect the security and confidentiality of your data.
When we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We will not sell or distribute your personal data to other organisations.
If we need to send your data to a destination outside the European Economic Area (EEA) we will again carry out thorough research first to ensure the third-party has sufficient procedures in place to ensure the security and safety of your data.
Your rights under the General Data Protection Regulations are briefly as follows:
- To be informed about the collection and use of your personal data
- To have inaccurate personal data rectified, or completed if it is incomplete
- To have personal data erased (in certain circumstances)
- To request access to information held about you
- To request the restriction or suppression of your personal data
- To obtain and reuse your personal data for your own purposes across different services
- To object to the processing of your personal data in certain circumstances.
How long will we hold your data for?
As we have entered into a contract for services, we will need to retain your data for a certain period of time to be able to carry out that contract. We, throughout the relationship not just at the beginning, will take reasonable steps to keep your personal data up to date.
In addition to this, we are also subject to regulatory requirements which require us to retain your data for a specified period of time. These are:
- Three years for mortgage business
- Three years for insurance business
- Five years for investment business
- Indefinitely for pension transfers and opt-out business
However, we do reserve the right to hold your data for longer than the minimum periods stated above. We will hold your data throughout our relationship. If at any point this relationship comes to an end, we will hold your data for 5 years after this point.
This does impact your right to have your data erased as it will be held for at least the minimum period of time required and then for 5 years after the end of our relationship. Only at that point will we comply with your request for your data to be erased.
Please refer to our Data Retention Schedule for further information on how long we will keep certain pieces of data for.
Can I access the data you hold on me?
Yes, you can. You have the right to request a copy of your data that we hold. If you would like to receive a copy of this information, you can request a copy by contacting Chris Broome by emailing email@example.com.
We will supply this information free of charge to you. However, we reserve the right to charge a reasonable fee to comply with your request if we believe it is excessive.
As a client of Longhurst we would like to send you marketing material to keep you up to date with information we believe is important for you to know or to provide you with information on other products and services which we believe may be of interest to you. We will ask for your consent and your preferred method of contact before sending you anything.
Just because you have given us consent at the beginning, doesn’t mean you can’t withdraw this at any time. If you would like to, our emails have the option to unsubscribe from them or you can contact Chris Broome on firstname.lastname@example.org. to have your name removed from our marketing list. We will not send you any further marketing after this point.
What if I’m unhappy with how you have processed my data?
We would be sorry to hear that you are not happy with how we have processed your data. However, if you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. You can do this by contacting Chris Broome at email@example.com.
Alternatively, you can contact the Information Commissioner’s Office (ICO). You can do so by clicking on this link: – https://ico.org.uk/make-a-complaint/. You can start a live chat or call their helpline on 0303 123 1113 or write to them at this address:
Information Commissioner’s Office
Review of this Policy
Last updated: October 2020.