Your information – what we collect and how we use it
We’ll collect personal data about you so that we can deliver the products and services you’ve requested from us.
Data and how we use it
Your personal data includes things such as your name, your address and, if you go through our BiggerPicture process, your personal and financial circumstances. We use data like this to help us deliver services, to let you know about any changes to our services and other purposes set out in the In detail section below.
We take our responsibility for keeping your data safe and secure very seriously. As such, we have implemented suitable technical and organisational measures ensure the confidentiality, integrity and availability of your data.
As a financial planning business, there are lots of lawful reasons for having to process your data. We’ll usually keep your personal data for at least six years after we’ve stopped working with you, but our regulator or insurers may require us to keep it for longer than this.
We may have to share your personal data with third parties (for example where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so).
“Third parties” includes third-party service providers and other entities within our group and services such as IT and cloud services, third party agencies for identity verification purposes or product providers to help us with any recommendation.
You have lots of rights when it comes to your data. You can see what data we have about you at any time. Where you have previously provided consent to us processing your data, you can withdraw your consent to us keeping it too. (Please note: there are some areas where regulatory obligations or legitimate interest might prevent us from getting rid of all your data). And of course, you can ask us a question about it at any time.
You can do this by sending an email to our Compliance Manager, Jane Lawson, on email@example.com.
- Cooper Parry Wealth Limited (registered company no. 04220777) and the other companies in our group (although we’d usually refer to ourselves as “the business”, “we” or “us”) take data protection seriously.
- We will collect personal data about you when:
– you request that we provide you with a service (particularly at your Discovery meeting)
– you,your employer, or one of our clients (for example, a member of your family) engage us to provide our services. We’ll also collect data during the period we’re delivering those services
– you get in touch with us. That could be by email, phone, post, social media or through our website
– we consult third parties and/or review data which is available to the public. For example, we ask for data from your employer or find it on Companies House.
- Here’s the kind of information we might keep hold of:
- your contact details such as your name or address
- details of the communication we’ve had with you relating to the delivery or proposed delivery of a service
- details of any services you’ve received from us
- our correspondence and communications with you
- information about any complaints you make (although we try to keep these to a minimum!) and any questions you ask us
- information from research, surveys and marketing activities
- information we receive from other sources. This could be publicly available information, information provided by your employer or one of our clients (e.g. a family member).
- How we use personal data we hold about you
We may process your personal data:
- to help us perform the things we said we’d deliver with you in a contract
- for the purposes of our own interests. And providing these interests don’t override any of your own interests, rights and freedoms which require the protection of your personal data. These interests might include marketing, business development, statistical and management purposes
- for certain additional purposes with your consent. And please bear in mind: where we ask for your consent in using your data, you have the right to withdraw this consent at any time.
We might use your personal data for more than one of these purposes at the same time.
We might use your personal data to:
- get in touch with you by post, email or telephone
- verify your identity where we need to
- understand what you need and how we can achieve this
- maintain our records in accordance with legal and regulatory obligations
- process financial transactions
- provide you with information on our services, events and activities that we think you’ll be interested in – you’ll have needed to provide your consent for us to send you information on these
- ask you your thoughts and opinions on the services we provide
- let you know about any changes to our services
- prevent and detect crime, fraud and corruption.
- How long do we keep your personal data?
We’ll retain personal data after we have fulfilled the original purpose for which it was collected, as set out below.
When assessing how long we keep your personal data, we consider:
- the requirements of our business and the services we provide
- any statutory or legal obligations
- the reason why we originally collected the personal data
- the lawful grounds on which we base our processing
- the types of personal data we’ve collected
- the amount and categories of your personal data
- whether the purpose of the processing could reasonably be fulfilled in other ways.
We’ll keep your data for at least six years too – even if we stop working with you
Legislation, regulations and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you. The period of data retention varies from one type of service to another – for some types of service (such as some types of pension transfer), it’s indefinite! (Feel free to ask us for more information about this if you have any concerns)
- Where there’s a change of purpose
If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one.
If we think it’s necessary to use your personal data for a new purpose, we’ll do so transparently by keeping you informed and reminding you of your rights before we start any new processing of your data.
- Who has access to your personal data?
We won’t sell or rent your information to third parties.
We won’t share your information with third parties for marketing purposes.
Any of our people with access to your information have a duty of confidentiality under the ethical standards that we are held to by the Financial Conduct Authority, which we’re all required to follow.
- People (or “Third Party Service Providers”) working on our behalf
In some cases, we use other people (or what we call “third party service providers”) to deliver professional advice and cloud-based information storage facilities.
Whenever we use third party service providers, we disclose only the personal information that’s necessary to deliver the service. We also have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.
We’ll not release your information to other third parties unless you’ve requested that we do so, or we’re required to do so by law. For example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.
- Security measures in place to prevent the loss, misuse or alteration of your personal data
We’ve put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They’ll only process your personal data on our instructions and they’re subject to a duty of confidentiality.
We’ve put procedures in place to deal with any suspected data security breaches. If this happens, we’ll notify you and any applicable regulator of a suspected breach where we’re legally required to do so.
Your data will usually be processed in our offices in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK. Where this is the case, the data transfers are either:
- within the European Economic Area (EEA); or
- within a Nation that, like the UK, has been awarded “Adequacy Status” by the EU; or
- are protected by Standard Contractual Clauses
- Your duty to inform us of changes in your personal data
It’s important that the personal data we hold about you is accurate and current. If it changes, please let us know of any changes of which we need to be made aware by getting in touch with your usual Cooper Parry contact or using the contact details below.
- Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
- ask for access to your personal data. You can have access to all the personal data we hold about you and you can check that we’re processing it lawfully
- ask us to correct the personal data that we hold about you
- ask us to delete your personal data. This means we’ll remove personal data where there’s no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you’ve objected to us processing it (see below)
- object to us processing your personal data where we’re relying on a legitimate interest of ours or a third party, and you have a situation which makes you want to object to us processing your data. You also have the right to object on these grounds when it comes to direct marketing purposes
- ask for the restriction of the processing of your personal data. This means you can ask us to suspend the processing of personal data about you
- ask for the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically possible.
If you wish to exercise any of these rights, please get in touch with us. Our contact details are below.
It’s worth mentioning: you won’t have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. It’s not like us, but we might even decline to comply with the request in such circumstances.
Also, to confirm your identity, we might need to request specific information from you. This is to ensure your right to access the information or to exercise any of your other rights, and to make sure your personal information isn’t disclosed to anyone who has no right to receive it.
- Your right to withdraw consent
Where you have previously provided consent to our processing your data, you have the right to withdraw your consent at any time. To withdraw your consent, please get in touch using the contact details below.
Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to. That’s unless we have another lawful basis for doing so.
- Changes to this privacy notice
We keep this privacy notice under regular review and will place any updates on our website at www.cooperparrywealth.com/privacy-notice. You can get paper copies of this privacy notice by sending an email to firstname.lastname@example.org.
This privacy notice was last updated on 2 August 2021.
- Contact details
If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please email our Compliance Manager, Jane Lawson, on email@example.com.
You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Here are the ICO’s contact details:
Information Commissioner’s Office
Telephone: (0303) 123 1113 (local rate) or (01625) 545 745