Privacy Statement

Your personal information is held by Medical & Dental (Powered By Acumen Financial Planning) in compliance with the Data Protection Act (2018) and the General Data Protection Regulation (GDPR). We are the controller of personal data - relating to individuals and businesses - who have signed up for our services or are prospective clients for the purposes of relationship management, marketing and business development.

How we collect your information

Medical & Dental collects your personal data, including information provided in various ways. Some of this data is gained directly from you, including:

• Emails
• Telephone calls and conversations
• Business cards
• When registering for services
• When participating in surveys
• In a client ‘Fact Find’ document and any notes taken during conversations and meetings held with you.

Some personal data may also be gained from other sources, such as information gained from the providers of your existing pension, investments, and insurance contracts.

What information do we collect about you?

The data that we collect will depend upon our interactions with you and whether or not you choose to become a client.

Security of your information

Once we have received your information, we are committed to ensuring we have all necessary technical and organisational controls in place to keep your information secure.

In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.

How we use your personal data

We will only process your data where it has a legal basis for doing so.

Medical & Dental uses the data collected to communicate with you and in the provision of our financial planning services.

We may also use your data to improve or maintain the services we offer to you and our website.

We will never share your data with any other third party, other than those stated in this policy, nor will we use your data for any other purpose unless we first gain your consent.

We may use your data for profiling in the context of segmentation and targeting for marketing purposes. We may use personal data with our marketing communications to enable us to provide you with information and promotions that are likely to be relevant to you. We may also use data such as your name to personalise communications you receive from us.

You have the right to access rectify, erase, object and restrict the processing of your personal data, with the ability to choose which promotional communications you wish to receive and how you would like to receive them.

You also have the right to opt out of receiving our marketing communications at any time.

Our legal basis for processing your personal data may rely on the basis of:

• Our contract with you for our financial planning services, or
• Your legitimate interest in similar services and communications as a result of your contract

Where you have not signed a contract, we may process your data on the basis of your expressed consent.

Who we share your data with

Medical & Dental shares your data with some third-party service providers. The data storage and processing systems are protected by access controls to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA. Should you require further information on these, please get in touch.

We will ensure that any third-party processor has adequate data protection measures in place that align with the requirements of the GDPR by conducting periodic due diligence.

We will not share your data with any third-party processor outside of the UK, EU, Australia, or USA.

Medical & Dental does not sell your personal data or other information to any third party.

We may also be required to share your personal data with other parties in order to provide you with an effective service. This will include companies with which you have individual financial contracts, such as pensions, investments, and life assurance.

In the provision of our services to you, it may also be necessary for us to share information with companies providing us with services:

• Our regulator, The Financial Conduct Authority (FCA)
• Our legal representatives – Shepherd & Wedderburn LLP
• Our auditors – Maclay Murray & Spens LLP
• Our insurers and their legal representatives. – Lockton PLC, AMTrust Europe PLC
• Our external compliance consultants – Resources Compliance Group

In all cases, your information will be used solely in connection with their work with Medical & Dental and will not be used to provide you with services or direct marketing.

How long do we retain your data?

We will only keep your personal data for as long as necessary for the purposes for which it was gained.

Personal data obtained for the purpose of a contract between us for the provision of financial planning services, or where we have another legal basis for processing, may be retained indefinitely in line with our regulatory obligations.

Personal data obtained for the purposes of business development, such as where you have provided contact details to us through our website but have not chosen to continue with our services, will be held for a period of no more than 12 months.

Personal data collected from surveys, feedback and questionnaires are held only for the duration of its usefulness i.e. the duration of a campaign. The data is then anonymised and retained for internal evidential purposes or deleted.

We will review the personal data we hold for you annually to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If your data becomes inaccurate, we will update it accordingly.

If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, where we are allowed to do so under FCA regulations.

Complaints

We will be more than happy to help you should you have any complaints about the processing of your personal data. Under the GDPR, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissionaires Office (ICO), who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: ico.org.uk or through their helpline: 0303 123 1113.