Westerby (“We”) are committed to protecting and respecting your privacy. For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is Westerby Investment Management Limited registered at 15 Andover Street, Leicester, LE2 0JA. We can be contacted at firstname.lastname@example.org
or by 0116 2470304.
TYPES OF PERSONAL DATA WE COLLECT
We may collect, use, store and transfer different kinds of personal data about you, as follows:
- Full Name;
- Permanent residential address (and previous addresses, if you have lived there for less than three years);
- Telephone contact numbers;
- E-mail addresses;
- Date of birth;
- National Insurance Number;
- Country of residence;
- Expected retirement age;
- Whether you are married or in a registered civil partnership;
- Spouse/civil partner’s name and date of birth;
- Employment status;
- Employer’s name and address;
- Financial information about you;
- Your personal bank details;
- Details of any agents/intermediaries acting on your behalf;
- Supporting information to verify your name and address;
- Outcome of identity searches and anti-money laundering due diligence;
- All communications to and from you (and anyone acting on your behalf) by telephone, e-mail, post or otherwise)
We may, in certain circumstances, need to collect, process and hold sensitive personal information including any health or condition of any nature or your religion. Due to the nature of this personal information we will always seek your consent prior to requesting it for processing.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
WHY DO WE COLLECT INFORMATION?
We will only use your personal data when the law allows us to. We will collect sufficient personal information to help us make the best possible assessment of your financial situation before we decide whether we can provide you with our services and/or recommend any specific products and services. It is in your legitimate interests to process your personal information for this purpose. We may also ask you to provide Letters of Authority to allow us to receive information about you from providers.
- For the detection and prevention of illegal activities and in the protection of our legal rights, including liaison with regulatory bodies and law enforcement agencies;
- To inform you of changes to our products and services;
- For market research, statistical analysis, customer profiling and to aid in the development of our products and services.
WHEN DO WE COLLECT INFORMATION?
You may give us the data listed above by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you complete any transactions or implement recommendations we may make.
We may receive personal data about you from various third parties, such as when we carry out electronic identification verification checks.
WHEN WILL WE SHARE YOUR PERSONAL DATA?
We may disclose your personal information to the following categories of recipients:
- to providers of financial services, insurance and investment products and services in respect of whom you request us to submit applications on your behalf and to receive updates from such providers in order for us to provide our services to you throughout the lifetime of our relationship with you;
- to our suppliers and partners in order for them to help us provide our services to you, this includes but is not intended to be limited to:
- our IT systems providers to assist us with providing you with an efficient, modern and professional service;
- our suppliers of audit and regulatory compliance support services who may review our records containing your personal information in order to audit and report to us on our compliance with applicable laws and regulatory requirements;
- our accountants, solicitors, insurer(s) and insurance broker(s) and any other provider of professional services to us;
- to Credit Reference Agencies and Fraud Prevention Agencies to help us make the best possible assessment of your financial situation before we decide whether we can provide you with services. We are also required to provide information to such agencies so that they can update the information which they hold about you and which they may share with other organisations;
- to other financial institutions or regulatory bodies with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes;
- to any national and/or international regulatory, enforcement body, government agency or court where we believe disclosure is necessary
- (i) as a matter of applicable law or regulation (including where we are required by law to provide information to organisations such as HMRC),
- (ii) to exercise, establish or defend our legal rights, or
- (iii) to protect your vital interests of those of any other person; and
- to any other person with your consent to the disclosure or where we are permitted to do so by law
WHERE WILL WE STORE YOUR PERSONAL DATA?
All personal data that you provide to us is stored on our hosted company server, which is located within the United Kingdom. We have put in place appropriate security measures (including physical and electronic access controls, firewall technology, and other security measures) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WILL WE KEEP HOLD OF YOUR PERSONAL DATA?
We retain personal information we collect from you where we have an ongoing legitimate need to do so, for example:
- to provide you with a product or service you have requested us to provide,
- to perform our contractual obligations to you;
- to comply with applicable legal, tax or accounting requirements;
- to defend or manage any claims or complaints between us, you and any relevant third party including taking legal advice in respect of such claims in order to establish, exercise or defend our legal rights or such claims. This would include complaints and claims which you may bring against us or which are submitted to a court, regulatory authority or ombudsman.
When we have no ongoing legitimate need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. In respect of the personal information and the purposes for which we may process your personal information which are set out in this Notice, we have confirmed the legal basis upon which we collect and process your personal information in the TYPES OF PERSONAL DATA WE COLLECT’ and WHY DO WE COLLECT INFORMATION? sections above.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you or with your explicit consent, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “About us” heading above
You have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below;
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. For specific information about our processing of your sensitive category personal data with your consent, please see the “Your consent to us processing your special category personal data” heading below.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
You have the right to request a copy of the information that we hold about you at any time. Please note that in most circumstances, we shall not make a charge for this, however we may make a reasonable fee based on administrative costs for any further copies requested. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
RIGHT TO RECTIFICATION
You have the right at any time to ask us to rectify any personal data that we hold for you which is incorrect or incomplete. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.
RIGHT TO BE FORGOTTEN
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
RESTRICTION OF PROCESSING
You can ask us to restrict how we use your data in the following circumstances:
- where you believe that the information we hold about you is inaccurate, you can ask that we refrain from using your data until we can verify the accuracy of it;
- where we have unlawfully processed your data, you can ask that we restrict our usage of it rather than erase it completely; or
- where we no longer need to hold your information, but you wish us to retain your information for the purpose of establishing, exercising or defending a legal claim.
You have the right to obtain from us all personal data which you have provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on your consent, or for the purpose of a contract between us and the processing was carried out by automated means. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we are doing this for the performance of a task carried out in the public interest (which we shall have told you about, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.
You also have the right at any time to ask us not to process your personal data for direct marketing or profiling purposes (to the extent that such profiling is related to such direct marketing). We shall have informed you before the time we obtained your personal data whether we intend to process your personal data for this purpose, or if we intend to disclose your information to any third party for such purposes.
If we process your personal data for automatic decision making or profiling purposes (i.e. to analyse or predict your personal preferences, and such profiling is automated) we shall ensure that we tell you about this beforehand, and will only do this where this is a necessary condition of entering into a contract between you and us, or where you have given us your explicit consent to do this.
RIGHT TO WITHDRAW CONSENT
Where you have given us your consent to our processing of any of your personal data, you have the right to withdraw your consent at any time, for example if you no longer wish for us to share your information with third parties for marketing purposes (where you have previously consented to this). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Please be aware that you cannot opt out of receiving regulatory or legal information, or updates (such as information regarding a change to our product terms and conditions).
HOW TO MAKE A COMPLAINT
If you have any concerns about our use of your personal information, you can make a complaint to us by email at email@example.com, by post Compliance Department, Westerby Investment Management Ltd, 15 Andover Street, Leicester, LE2 0JA or by telephone on 0116 247 0304.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
COOKIES USED ON OUR WEBSITE