GALE AND PHILLIPSON CLIENT PRIVACY NOTICE
Status of this document
We take our obligations under privacy and data protection law very seriously. This Privacy Notice is designed to help you understand what Personal Information we collect, why, how we use it and who we share it with. It also explains the rights you have in connection with your personal data, including how to contact us or to make a complaint.
This notice applies to the Gale and Phillipson group of companies who we also refer to throughout as “we”, “us” or “our”.
The companies within the Gale and Phillipson Group are:
- Gale and Phillipson Holdings Ltd
- Gale and Phillipson Investment Services Ltd
- Gale and Phillipson Advisory Services Ltd
- Gale and Phillipson General Financial Services Ltd
- Gale and Phillipson (SE London) Ltd
- Gale and Phillipson (Herts) Ltd
- Robin Joyner Associates Ltd
- Gyr Financial Consulting Ltd
This notice supersedes any previous information which may have been provided in our Terms of Business or Service Description documents in relation to Data Protection and your rights.
What information we’ll hold about you
By “information” we mean all of the personal and financial information about you that we collect, use, share and store. The information we hold will vary according to relationship you have with us. It can include but isn’t limited to:
- Information about you and your contact details (eg your name, date of birth, home address, phone number and email address).
- Unique identifiers and reference numbers that we or others have allocated to you (eg account numbers, online user names and national insurance number).
- Your financial information, including where relevant, details of your income and expenditure, bank details and transactions with us and other organisations.
- Details of your employment status, income and source of wealth.
- How you access and use our website or other digital services (eg your IP address, your location and the device and software being used).
- Information that the law regards as being in a special category because of its sensitivity to you. We can only collect and use this information where you have given us explicit consent or where permitted by the law.
Where we collect information from
We obtain personal data:
- Directly from you, either in a face to face meeting or by telephone or other means;
- From other organisations such as banking services/investment/pension/insurance/mortgage providers, where you have provided authority for them to share information relating to your existing plans;
- From your professional advisers, where you have provided authority for them to share information.
- Using our websites or applications, including through cookies that collect information on your internet use.
How will we use the information about you?
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- For the performance of our contract with you or to take steps at your request before entering into a contract
- To comply with our legal and regulatory obligations
- For our legitimate interests. This means where, on balance, the benefits of us doing so are legitimate and not outweighed by your interests or legal rights
- You have given consent.
The table below provides you with details of how we will use your personal information and the basis for doing so.
|Reason for processing||Lawful basis|
|To provide the services of:
that you have engaged with us to provide
|Performance of the contract|
|To deal with any queries or problems identified by you||Performance of the contract|
|To deal with any complaints or to defend any claims||Legal obligation and legitimate interest|
|To maintain our accounts and records of our dealings with you||Performance of the contract and legal obligation|
|To comply with our fraud, anti-money laundering and market abuse prevention obligations||Legal obligation|
|To refer you to third party professional advisers to provide you with advice in relation to legal or tax planning issues.||Consent*|
|To provide you with information about financial planning opportunities or other services we offer that are similar to those that you have already engaged us to provide.||Legitimate interest|
|If you are a prospective client and have enquired about our services, we will use your information to allow us to satisfy your enquiry.||Legitimate interest|
|If you are a prospective client and you have consented we will use your data to provide marketing communication about other services that may be of interest to you.||Consent*|
|To generate statistics relating to use of our website or how often our news e-shots emails are opened, we do this to monitor and to improve the content||Legitimate interest|
*Whenever ‘consent’ is the only reason for us using the information you have the right to change your mind and change or withdraw your consent at any time.
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases you must provide your personal data in order for us to provide you with intermediary services you have requested that we provide. If you refuse to provide the personal data we request or provide inaccurate or incomplete data, we may be unable to provide you with the services you require or any advice we give may be different from the advice we may have given if you had provided accurate and complete data as requested. Furthermore, some contracts such as insurance policies may be invalidated if you have not provided accurate or complete information.
Special category data
Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These are known as ‘special categories of data’ and include data concerning your health, racial or ethnic origin, genetic data and sexual orientation. Data relating to criminal convictions or offences is also subject to additional levels of protection.
We may process health information and lifestyle information when providing intermediary services for example in relation to annuity products or protection insurance products, where this is necessary we will obtain your consent to process this data.
During our activities relating to the prevention, detection and investigation of financial crime, we may process criminal conviction or offence information. Where we do so, we process this data in compliance with our legal obligations.
We may use personal data we hold about you to help us identify, tailor and provide you with details of products and services from us that may be of interest to you. As set out in the table above, the reason for doing so will either be based on our legitimate interest or where we have obtained your consent and will do so in accordance with any marketing preferences you have provided to us.
We will always treat your personal data with the utmost respect and, other than within the Gale and Phillipson group companies, we will never sell or share it with other organisations for marketing purposes.
You can opt out of receiving marketing regarding our services at any time. If you wish to do so or amend your marketing preferences please contact us, using the details in the Contact Us section below. In addition, you can opt out of receiving marketing emails at any time by clicking the ‘unsubscribe’ link at the bottom of every marketing email we send.
Disclosure of your information
Where necessary for the provision of our services, or as required by regulations we are subject to, we may share or disclose your information with third parties as follows:
- To businesses that are legally within the Gale and Phillipson group of companies, or that become part of that group;
- To our IT providers, back office services providers, third party software providers to provide and maintain the provision of the services;
- To our appointed auditors, accountants, lawyers and other professional advisers, to the extent that they require access to the information to advise us;
- To your professional advisers where you have provided your authority for us to share information with them;
- To providers of investments or services we recommend, including credit institutions, providers of pensions, offshore bonds, onshore bonds, trusts, investment platforms, discretionary management services, mortgages, mortgage protection products, insurance products or other such products or services. We may also be required to share information with auditors or other professional advisers appointed by the providers of such products or services;
- If required to do so, to the Financial Conduct Authority, or any relevant regulatory authority where they are entitled to require disclosure;
- To UK and overseas tax authorities, for example HM Revenue & Customs
Financial Crime / Fraud Check
As part of our application process we will carry out automated checks using your personal data, such as your name, postal address, date of birth, National Insurance number. These checks include identification verification and financial crime checks and involve us obtaining information from fraud prevention agencies and any records held by financial crime prevention agencies on the Electoral Register.
We need to carry out these checks in order to meet our obligations under the Money Laundering Regulations (and any other applicable legislation).
We may make periodic searches with fraud prevention agencies during the course of our relationship with you to verify that the information we hold remains correct and that there has been no change in your status (for example when you are a politically exposed person or if you have been subject to a financial sanction).
We may also provide information to financial and other organisations involved in fraud prevention to protect ourselves and our customers from theft and/or fraud.
USING YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
All countries within the EEA, which includes the UK, have similar standards of legal protection for your personal data. We may, however, share your data with bodies outside of the EEA. The reason for sharing data with countries outside of the EEA could be because of dealings with directors or shareholders of our business based outside of the EEA or the outsourcing of services to external providers located outside of the EEA. Where this occurs, personal data will only be transferred if that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal information.
How long we hold information
We’ll retain information for no longer than is necessary to manage your relationship with us and this will mean that we’ll continue to hold some information for a period of time after our relationship has ended. This is to comply with our legal and regulatory obligations to keep records of our relationship, to resolve disputes or where it may be needed for future legal proceedings.
|Type of Record||Retention Period|
|Personal data where any advice has been given, a regulated product sold or a regulated transaction entered into||50 years from the end of our relationship with you unless the regulation we are subject to requires a longer period|
|Personal data where an unregulated service has been provided||15 years from the end or our relationship|
|Personal data relating to an enquiry for our services where further personal data about you was gathered but no advice provided||Two years from our last contact|
|Personal data in relation to an enquiry for our services, where no further information was gathered other than your contact details||One year from our last contact|
|Personal data obtained from downloading information from our website, but no enquiry or request for service submitted||Three months from the date information downloaded|
Your legal rights in relation to your information
The law guarantees you rights in relation to your personal information. We have set out details of your rights below under individual headings.
- Access to information: You always have the right to ask whether or not we hold information about you. And if we do, what the information is, why we’re holding it and the ways it’s being used. You’re also entitled to a copy of the information.
- Rectification of information: We always want the information we hold to be up to date and accurate. If any of the information we hold is either incorrect or out of date then please tell us and we’ll fix it.
- Erasure of information: You have the right to ask us to erase or delete information where you consider there is no longer any justification for us holding it, either because:
- The information is no longer needed for the reason we collected it;
- We held and used the information based only on your consent, which you have now withdrawn;
- You have previously objected to a way in which we use information;
- We have been using the information unlawfully;
- There is a legal obligation on us to erase the information.
We may not always be able to comply with your request, for example where we need to keep using your personal data in order to comply with our legal obligation or where we need to use your personal data to establish, exercise or defend legal claims.
- Objecting to us using your information: You can object to any use of your personal data which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal data if we can demonstrate that we have compelling legitimate interests to use the information.
- Restricting some uses of information: In certain circumstances you have a right to limit the use of information by us. This may arise where:
- You have challenged the accuracy of the information we hold and we are verifying this.
- You have objected to a use of information and we are considering whether your objection is valid.
- We have been using your information unlawfully but you want us to continue to hold the information rather than erase it.
- To request a transfer of personal data: You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (eg another company providing similar services). You may only exercise this right where we use your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.
- To object to decisions based on automatic decision making: If we made a decision about you based solely by automated means (ie with no human intervention), and the decision made by us produces a legal effect concerning you, or significantly affects you, you may have the right to object to that decision, express your point of view and ask for a human review. These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Contacting us for further Information about your rights
You can contact us at any time by telephone on 01748 825971 to discuss how Gale and Phillipson holds and uses your information and your rights.
Alternative you can email DataProtection@GaleandPhillipson.co.uk or write to our Compliance Officer at Gale and Phillipson, Gallowfields House, Fairfield Way, Richmond, North Yorkshire, DL10 4TB.
Who can I complain to?
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO) www.ico.org.uk.
You can contact the them via the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.