IN SUMMARY

We’ll collect personal data about you for various reasons (as further detailed in this privacy notice) including: 1) so that we can deliver the products and services you’ve requested from us, 2) to meet our legal responsibilities, 3) to understand how you are using our website, and 4) to send marketing communications to you. 

DATA AND HOW WE USE IT

Your personal data includes things such as your name, your address and, if you go through our BiggerPicture process, your personal and financial circumstances. We use data like this to help us deliver services, to let you know about any changes to our services and other purposes set out in the In detail section below. 

OUR RESPONSIBILITIES

We take our responsibility for keeping your data safe and secure very seriously. As such, we have implemented suitable technical and organisational measures to ensure the confidentiality, integrity and availability of your data. 

As a financial planning business, there are lots of lawful reasons for having to process your data. We’ll usually keep your personal data for at least six years after we’ve stopped working with you, but our regulator or insurers may require us to keep it for longer than this. 

We may have to share your personal data with third parties (for example where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so). 

YOUR RIGHTS

You have lots of rights when it comes to your data. You can see what data we have about you at any time. Where you have previously provided consent to us processing your data, you can withdraw your consent to us keeping it too. And of course, you can ask us a question about it at any time. 

You can do this by sending an email to our Technical and Compliance Manager, Abi Thomas, at abit@cooperparry.com.   

Please note: there are some areas where regulatory obligations or legitimate interest might prevent us from getting rid of all your data.  

More information about your rights is set out in the in detail section below. 

IN DETAIL

1. Cooper Parry Wealth Limited (registered company no. 04220777) (we’ll refer to ourselves as “the business”, “we” or “us” for the rest of this policy) and the other companies in our group (that’s: Cooper Parry Group Holdings Limited; Cooper Parry Advisory Limited; Cooper Parry Holdings Limited; Cooper Parry Group Limited; Snapshot Software Limited; Cooper Parry Audit Holdings Limited; and Cooper Parry Audit LLP), take data protection seriously. 

This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you get in touch, login to your account or register for one of our events. 

This website is not intended for children.  

It is important to read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements any other notices and privacy policies and is not intended to override them.  

We are the controller and are responsible for your personal data. 

2. We will collect personal data about you when: 

• you visit our website. This might include device information (such as your IP address, location, device identification numbers or provider), usage information and browsing history (such as information about how you navigate within our services), your browsing history (in relation to our website and which elements of our services you use the most), location data and demographic information (such as your country).  

We collect this information to better understand our audience, to improve our website and to provide relevant targeted advertising of our services to you after you leave our website through third party partners (such as Google advertising). For further information please see our Cookie Policy 

• you request that we provide you with a service 
• you create an account with us 

• you, your employer, or one of our clients (for example, a member of your family) engage us to provide our services. We’ll also collect data during the period we’re delivering those services 
• you get in touch with us. That could be by filling in forms on our website or corresponding with us by email, phone, post, social media or through our website 
• we consult third parties and/or review data which is available to the public. For example, we ask for data from your employer or find it on Companies House. 

3.  Here’s the kind of information we might keep hold of: 

Personal data means any information about an individual from which they can be identified (not including any data which has been anonymised). We may collect, use, store and transfer the following types of personal data: 

• identity data – including your personal details such as your full name, username, national insurance number or similar identifiers, title, date of birth and gender  
• contact data – including your address, email address and telephone numbers 
• financial data – including your bank account details, assets and other financial information 
• technical data – including your IP address, device identification numbers or provider, operating system and platform, browser type and version and other technology on the device you use to access our website 
• transaction data – including details about payments to and from you and other details of services you have purchased from us 

• profile data – including purchases or orders made by you, your interests or ‘wishlist’, preferences, feedback and survey responses 
• usage data – including details of how you use our website and any services you’ve received from us 
• communications data – including our correspondence and communications with you and details of the communication we’ve had with you (whether by email, telephone, through our live chat function or otherwise) relating to the delivery or proposed delivery of a service (including information about any complaints you make (although we try to keep these to a minimum!) and any questions you ask us) 
• marketing data – including information from research, surveys and marketing activities, together with your preferences in relation to receiving marketing from us and our third parties 
• special category data – including details about your health, race or ethnicity, religion, sexual orientation, medical conditions, and genetic and biometric data 

• information we receive from other sources. This could be publicly available information, information provided by your employer or one of our clients (e.g., a family member) 

If you fail to provide personal data:  

Where we need to collect personal data by law, or under the terms of the contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time. 

4. How we use personal data we hold about you 

In order to process your data, we are obliged to identify at least one of what’s called our “lawful basis for processing”. 

We may process your personal data: 

• to help us perform the things we said we’d deliver (or you instructed us to deliver) and perform the contract we are about to enter into or have entered into with you. This might apply where we’re processing your personal data because you’re a subcontractor, supplier, or customer of a client of ours. The lawful bases that apply here are “performance of a contract” and/or “to comply with a legal obligation” (where we are obliged to process your data to satisfy a legal requirement); 
• for the purposes of our own business interests. And providing these business interests don’t override any of your own interests, rights and freedoms which require the protection of your personal data. These interests might include marketing, business development, statistical and management purposes (this would be a “legitimate interest”); and/or 
• for certain additional purposes with your consent. Please bear in mind: where we ask for your consent in using your data, you have the right to withdraw this consent at any time (this would be “consent”). 

Where we process any special category data, we recognise that we need to take even more care over it. When using your special category data, we will use it in accordance with the law and will ensure that suitable and specific measures are in place to safeguard your fundamental rights and interests. We process special categories of personal data under Article 9(2)(a) GDPR, where you have provided explicit consent (this is “explicit consent”). Examples of when we may process special category data about you includes health information we receive from you as part of providing certain services to you (i.e., wills, probate and administration of trusts matters). 

We might use your personal data for more than one of these purposes at the same time. 

We might use your personal data to: 

Purpose	Type of personal data	Lawful basis
Onboard you as a new client	Identity data  Contact data	Performance of a contract  To comply with a legal obligation
Set you up with an account on our website	Identity data  Contact data	Performance of a contract
Deliver our services to you and manage our relationship with you, including:  to notify you about changes to our terms, services or business  to understand what you need and how we can achieve this	Identity data   Contact data  Financial data  Transaction data  Special category data	Performance of a contract  Legitimate interest (to recover fees due to us)  To comply with a legal obligation  Explicit consent (where processing special category data)
Administer and protect our business and this website	Identity data  Contact data  Technical data	Legitimate interests (for running our business, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)  To comply with a legal obligation
Deliver relevant website content and advertising to you and measure and understand the effectiveness of our advertising	Identity data  Contact data  Profile data  Technical data  Usage data   Communications data  Marketing data	Legitimate interest (to develop our services and website, to grow our business and to inform our marketing
Use data analytics to improve our website, services, marketing, customer relationships and experiences	Technical data  Usage data	Legitimate interest (to keep our website up to date and relevant, and to inform our marketing)
Manage our recruitment process and to assess an applicant’s suitability for employment with us	Identity  Contact	Performance of a contract  To comply with a legal obligation  Legitimate interest (for considering your application to join us)  Consent

 

5.  How long do we keep your personal data? 

We’ll retain personal data for as long as reasonably necessary to fulfil the original purpose for which it was collected. 

When assessing how long we keep your personal data, we consider: 

• the requirements of our business and the services we provide 

• any statutory or legal obligations that require us to keep it 
• the reason why we originally collected the personal data 
• the lawful grounds on which we have been processing the data 
• the types of personal data we’ve collected 
• the amount, nature and sensitivity of the personal data 

• the potential risk of harm from unauthorised use or disclosure of your personal data 
• the purposes for which we process your personal data and whether we can reasonably achieve these purposes through other means  
• any other applicable legal, regulatory, tax, accounting or other requirements.  

We’ll keep your data for at least six years too – even if we stop working with you 

Legislation, regulations and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you.  

The period of data retention varies from one type of service to another – for some types of service (such as some types of pension transfer), it’s indefinite! (Feel free to ask us for more information about this if you have any concerns). 

6. Where there’s a change of purpose 

If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one. 

If we think it’s necessary to use your personal data for a new purpose, we’ll do so transparently by keeping you informed and reminding you of your rights before we start any new processing of your data. 

7. Who has access to your personal data? 

We may share your personal data with third parties for the purposes set out in this policy, this may include: 

• other companies in our group 

• service providers (acting as processors) who provide services to us such as IT and cloud services, third party agencies for identity verification purposes or product providers to help us with any recommendation 

• HM Revenue & Customs, regulators and other authorities 

• third parties whom we choose to sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as is set out in this privacy notice 

Let’s be clear – we won’t sell or rent your personal information to third parties. 

Any of our people with access to your information have a duty of confidentiality under the ethical standards that we are held to by the Financial Conduct Authority, which we’re all required to follow. We will require any of our people with access to your information to respect the security of your personal data and treat it in accordance with the law.  

8. People or businesses (“Third Party Service Providers”) working on our behalf 

In some cases, we use other people or business (we call them “Third Party Service Providers”) to deliver professional advice and cloud-based information storage facilities. 

Third Party Service Providers includes other third parties that provide us with services such as IT and cloud services, third party agencies for identity verification purposes or product providers to help us with any recommendation. 

Whenever we use Third Party Service Providers, we disclose only the personal information that’s necessary to deliver the service. We also have a contract in place that requires them to keep your information secure and not to use it for their own purposes. 

All of our Third Party Service Providers are required to put in place appropriate security measures to protect your personal data. 

We’ll not release your information to other third parties unless:  

• you’ve requested that we do so 
• we choose to sell, transfer or merge parts of our business or assets 
• we’re required to do so by law (for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption). 

1. Our security measures in place to prevent the loss, misuse or alteration of your personal data 

We’ve put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They’ll only process your personal data on our instructions and they’re subject to a duty of confidentiality. 

We’ve put procedures in place to deal with any suspected data security breaches. In the event of an actual or suspected breach of your data, we’ll notify you and any applicable regulator of a suspected breach where we’re legally required to do so. 

1. International transfers of personal data: 

Whilst your data will usually be processed in our offices in the UK, to allow us to operate efficient digital processes, we sometimes need to transfer your personal data outside the UK, as some of our external third parties may be based outside the UK. This is ordinarily done within the European Economic Area (EEA), but on some occasions, we may process your data outside of the EEA.  

Whenever we transfer your data outside the UK, we ensure a similar degree of protection is afforded to it and will ensure that adequate safeguards and protection measures are in place in compliance with the applicable data protection laws.  

We have applied due diligence and have suitable contractual agreements in place with these third-party service providers that meet all relevant regulatory requirements. 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.  

1. Your duty to inform us of changes in your personal data 

It’s important that the personal data we hold about you is accurate and current. If it changes, please let us know of any changes of which we need to be made aware by getting in touch with your usual Cooper Parry Wealth contact or using the contact details below. 

1. Your rights in connection with personal data 

Under certain circumstances, the law gives you the right to: 

• request access to your personal data – you can ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully. This is more commonly known as a ‘data subject access request’  
• request correction of your personal data – you can ask us to correct any inaccurate personal data that we hold about you and complete any incomplete personal data that we hold on you  
• request erasure of your personal data – you can ask us to delete or remove your personal data where there is no good reason for us to continue processing it. This one’s a little tricky! If, for some reason, we still hold your personal data, but without good reason, at your request we’ll delete it. To be honest, this is a pretty unusual scenario, because we’re pretty hot on getting rid of data we’re not obliged to hold! We may not always be able to comply with your request for erasure for specific legal reasons, in which case, we will notify you of such reasons at the time of your request 
• object to us processing your personal data – this applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data 

• ask for the restriction of the processing of your personal data – this means you can ask us to suspend the processing of personal data about you where you want us to establish the accuracy of the personal data; where our use of the personal data is unlawful but you do not want us to erase it; where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise of defend legal claims ; or where you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use such personal data. 
• ask for the transfer of your personal data to you or another data controller – if the processing is based on consent, carried out by automated means and this is technically possible 
• withdraw consent for processing – we’ve got a special section on this below 

If you wish to exercise any of these rights, please get in touch with us. Our contact details are below.  

We try to respond to all legitimate requests within one month but if we are unable to, we will notify you of this and keep you updated.  

At this point it’s worth mentioning you usually won’t have to pay a fee to exercise any of these rights, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive and whilst it’s not like us, we might even decline to comply with the request in such circumstances. It’s also possible that we may not be able to comply with the request for compliance reasons. 

As a final note, if you choose to exercise any of these rights, without exception we will ask you to confirm your identity, which means we might need to request specific information from you. This is to make sure your personal information isn’t disclosed to anyone who has no right to receive it. 

1. Your right to withdraw consent 

Where you have previously provided consent to our processing your data, you have the right to withdraw your consent at any time. To withdraw your consent, please get in touch using the contact details below. 

Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to. That’s unless we have another lawful basis for doing so. 

1. Changes to this privacy notice 

We keep this privacy notice under regular review and will place any updates on our website at www.cooperparrywealth.com/privacy-notice. You can get paper copies of this privacy notice by sending an email to theteam@cooperparrywealth.com. 

This privacy notice was last updated on 30 November 2022. 

1. Contact details 

If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please email our Technical and Compliance Manager, Abi Thomas, at abit@cooperparry.com.  

You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Here are the ICO’s contact details: 

Information Commissioner’s Office 

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

Telephone: (0303) 123 1113 (local rate) or (01625) 545 745
Website: https://ico.org.uk/concerns