In order to provide our services, we collect data, more details are explained below.
Your personal information will be held by Medical & Dental Powered By Acumen Financial Planning (AFP) for the purpose of the (GDPR). AFP is the Controller of personal data relating to individuals and businesses who have signed up for our services and for prospective clients, for the purposes of relationship management, marketing, and business development.
How we collect information about you.
AFP collects your personal data, including information provided in various ways. Some of this data is gained directly from you, including:
- In emails, during telephone calls and conversations, from business cards, when registering for services, when participating in surveys.
- In a client ‘Fact Find’ document and any notes taken during conversations and meetings held with you.
Some personal data may also be gained from other sources, such as Information gained from the providers of your existing pension, investments, and insurance contracts.
What information do we collect about you?
The data that we collect will depend upon our interactions with you and whether or not you choose to become a client.
Security of your information
Once AFP has received your information we are committed to ensuring we have all necessary technical and organisational controls in place to keep your information secure.
In order to prevent unauthorised access or disclosure AFP has put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.
How we use your personal data and the legal basis for this
AFP will only process your data where it has a legal basis for doing so.
AFP uses the data collected to communicate with you, and in the provision of our Financial Planning services.
We may also use your data to improve or maintain the services we offer to you and our website.
We will never share your data with any other third party, other than those stated in this policy, nor use your data for any other purpose, unless we firstly gain your consent to do so.
We may use your data for profiling in the context of segmentation and targeting for marketing purposes. We may use personal data with our marketing communications to enable us to provide you with information and promotions that are likely to be relevant to you. We may also use data such as your name to personalise communications you receive from us.
You have the right to access rectify, erase, object and restrict the processing of your personal data, with the ability to choose which promotional communications you wish to receive and how you would like to receive them.
You also have the right to opt out of receiving our marketing communications at any time.
Our legal basis for processing your personal data may rely on the basis of:
- Our Contract with you for our Financial Planning Services or,
- Your Legitimate Interest in similar services and communications as a result of your Contract for our Financial Planning Service and
- Where you have not signed a contract, we may process your data on the basis of your express Consent.
Who we share your data with
AFP shares your data with the following third-party service providers. The data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA.
- GetBusy Plc (Virtual Cabinet)
- MAXFocus (MAXBackup)
- CraftSessionId is used by Craft CMS
- Microsoft Office 365
AFP will ensure that any third-party processor has adequate data protection measures in place that align with the requirements of the GDPR by conducting periodic due diligence.
AFP will not share your data with any third-party processor outside of the UK, EU, Australia, or USA.
AFP does not sell your personal data or other information to any third-party.
AFP stores personal information on a secure database which is hosted on an encrypted server and backed up to a secure remote location (MAXBackup).
We may also be required to share your personal data with other parties in order to provide you with an effective service. This will include companies with which you have individual financial contracts, such as pensions, investments, and life assurance, arranged.
In the provision of our services to you it may also be necessary for us to share information with companies providing us with services:
- Our regulator, the Financial Conduct Authority
- Our legal representatives – Shepherd & Wedderburn LLP
- Our auditors – Maclay Murray & Spens LLP
- Our insurers and their legal representatives. – Lockton Plc, AMTrust Europe Plc
- Our external compliance consultants – Resources Compliance Group
In all cases, your information will be used solely in connection with their work with AFP and will not be used to provide you with services or direct marketing.
How long do we retain your data?
AFP will only keep your personal data for as long as necessary for the purposes for which it was gained.
Personal data obtained for the purpose of a contract between us for the provision of financial planning services or where we have another legal basis for processing may be retained indefinitely in line with our regulatory obligations.
Personal data obtained for the purposes of business development, such as where you have provided contact details to us through our website but have not chosen to continue with our services, will be held for a period of no more than 12 months.
Personal data collected from surveys, feedback and questionnaires, are held only for the duration of its usefulness i.e. the duration of a campaign. The data is then anonymised and retained for internal evidential purposes, or deleted.
AFP will review the personal data we hold on you annually to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If your data becomes inaccurate, we will update it accordingly.
If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, where we are allowed to do so under FCA regulations.
AFP will be more than happy to help you should you have any complaints about the processing of your personal data. Under the GDPR, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissionaires Office (ICO), who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: ico.org.uk or through their helpline: 0303 123 1113.