Data Protection Policy

The purpose of this Policy

When we provide our services to you, we will collect personal information about you [and others] and we want to be open and transparent with you as to the types of information we collect about you, why we collect it, how we use it and who we may share it with.

The data controller of your personal information is First Financial Intermediaries Ltd, a limited liability company registered at 28 Church Road, Stanmore, Middlesex HA7 4XR, company number 04111624 (“we”, or “us”, or “our”).

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Policy in the ‘How to contact us’ section.

What type of personal information will be processed and why?

We may ask you to provide personal information by filling in hard copy forms and documents or by corresponding with us by phone, e-mail, letter or otherwise or during the course of our meetings with you.

Types of personal information

Why we collect it

Identity details including your name and date of birth.

We may ask for copies of identity documents in which case we may collect details including your place of birth and residential address.

  • To carry out money laundering and financial checks and for fraud and crime prevention and detection purposes.

  • We will only ever use copies of identity documents for this purpose.

  • We collect and process this personal information in order to comply with our legal and regulatory requirements.

Your contact details including your name, postal, phone and email address(es) and other personal details about you including your title, job title, marital status and date of birth.

  • To contact you in order for us to manage, administer and provide our services to you.

  • To respond to any correspondence and service-related enquiries you send to us in respect of our services.

  • To discuss products or services for which you apply or may be interested in applying for.

  • To manage any applications you make for products or services.

  • To communicate any updates to you including any changes to our services, the terms and conditions of any services which we have provided to you, any changes to this Policy and to our websites.

  • To contact you in order to receive your feedback on our services and to participate in related surveys.

Financial information relating to you, including pension contributions and current value, salary, bank account balances, credit card balances details of investments and payment card details.

  • To evaluate your eligibility for products, including making credit searches with credit reference agencies and fraud searches with fraud prevention agencies.

  • To enable us to advise you on your financial circumstances and the appropriateness of specific courses of action and products.

  • We collect and process this personal information for our legitimate business interests.

  • To enable you to make payments for our services.

  • We collect and process this personal information as is necessary for the entry into and performance of any agreements between us (i.e. to assess whether you are eligible for products, and once an agreement has been entered into between you and us, so that we can collect payments from your payment card).

Details of your dependents (name, address and date of birth)

To enable us to provide you with services that you have requested that would involve, or have an impact on, your dependents (who may be adults or minors). Where those dependents are adults, please make sure that you have their permission to provide us with their personal information.

Details of contact that we have had with you such as meetings with you, fact-finding discussions and documentation, recommendations, referrals and quotes.

  • To allow us to provide a professional service to you and to contact you with information about other services of ours that we think you may be interested in.

  • We collect and process this personal information for our legitimate business interests.

Details of services you have received.

Client experience and other feedback and information you provide to us.

  • To review your feedback and experience with us so that we can improve our products and services for you and for our other clients.

  • We collect and process this personal information for our legitimate business interests (and we record calls both for quality and training purposes and to comply with our legal and regulatory obligations).

    Please see section below entitled “When we record communications” for more information.

Information about complaints and incidents.

Recordings of calls we receive or make.

All of the personal information described above.

We may disclose your personal information to third parties where we are required to do so to comply with applicable laws and regulatory requirements including in circumstances where we are required to do so by a court order, regulatory authority or any other third party with the lawful right to request and receive the personal information we hold about you (including law enforcement agencies and tax authorities).

We may also use your personal information where it is necessary for us to take legal advice in order to establish our legal rights, to bring a claim against you or any related parties or to defend a claim from you or any related parties.

We collect and process this personal information for our legitimate business interests including to carry out our own internal business planning, compliance, training, audit and quality assurance purposes.

In some circumstances, we may receive information about you from third parties. In particular, we will receive information about you from Credit Reference Agencies and Fraud Prevention Agencies. This may include details of the products and services you have applied for, those lenders, finance and credit organisations with whom you have (and have had) an agreement with, the amounts advanced, the amount and frequency of repayments and whether you have made your repayments on time and in full. This will help us make the best possible assessment of your financial situation before we decide whether we can provide you with our services and/or recommend any specific products and services. It is in our legitimate interest to process your personal information for this purpose. We may also ask you to provide Letters of Authority to allow us to receive information about you from providers.

When we record communications

We, and persons acting on our behalf, may record and/or monitor communications (including telephone conversations over landlines and mobile phones, emails, fax and other electronic communications) between our staff and you. We only record communications between us in order to comply with our legal and regulatory requirements – as a regulated financial adviser, the law requires us to record these communications.

Who might my personal information be shared with?

We may disclose your personal information to the following categories of recipients:

  • to providers of financial services, insurance and services in respect of whom you request us to submit applications on your behalf and to receive updates from such providers in order for us to provide our services to you throughout the lifetime of our relationship with you;

  • to our suppliers and partners in order for them to help us provide our services to you, this includes:

    • our IT systems providers to assist us with providing you with an efficient, modern and professional service;

    • our suppliers of audit and regulatory compliance support services who may review our records containing your personal information in order to audit and report to us on our compliance with applicable laws and regulatory requirements;

    • our accountants, solicitors, insurer(s) and insurance broker(s) and any other provider of professional services to us;

  • to Credit Reference Agencies and Fraud Prevention Agencies to help us make the best possible assessment of your financial situation before we decide whether we can provide you with services. We are also required to provide information to such agencies so that they can update the information which they hold about you and which they may share with other organisations;

  • to other financial institutions or regulatory bodies with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes;

  • to a prospective buyer (and its agents and advisers) in the event we intend to sell any part of our business or its assets or if substantially all of our assets are acquired by a third party, in which case your personal information could form part of one of the assets we sell, provided that we inform the buyer it must use your personal information only for the purposes described in this Policy. We will never rent or sell your personal information other than as part of a sale of our business;

  • to any national and/or international regulatory, enforcement body, government agency or court where we believe disclosure is necessary

    1. as a matter of applicable law or regulation (including where we are required by law to provide information to organisations such as HMRC),

    2. to exercise, establish or defend our legal rights, or

    3. to protect your vital interests of those or any other person; and

  • to any other person with your consent to the disclosure or where we are permitted to do so by law.

    Our legal basis for processing personal information

    Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. In respect of the personal information and the purposes for which we may process your personal information which are set out in this Policy, we have confirmed the legal basis upon which we collect and process your personal information in the ‘What type of personal information will be processed and why?’ section above.

    If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you or with your explicit consent, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

    Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

    If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

    International Data Transfers

    Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Our servers are located in the United Kingdom.

Your data protection rights

You have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below;

  • In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.

  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e- mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the “How to contact us” heading below.

  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. For specific information about our processing of your sensitive category personal data with your consent, please see the “Your consent to us processing your special category personal data” heading below.

  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection- authorities/index_en.htm.

  • We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Data retention

We retain personal information we collect from you where we have an ongoing legitimate need to do so, for example:

  • to provide you with a product or service you have requested us to provide,

  • to perform our contractual obligations to you;

  • to comply with applicable legal, tax or accounting requirements;

to defend or manage any claims or complaints between us, you and any relevant third party, including taking legal advice in respect of such claims in order to establish, exercise or defend our legal rights or such claims. This would include complaints and claims which you may bring against us or which are submitted to a court, regulatory authority or ombudsman.

When we have no ongoing legitimate need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Updates to this Policy

We may change or update this Policy in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

How to contact us

If you would like to contact us in relation to this Policy or if you have any other questions in respect of our processing of your personal information, please contact the Data Protection Officer at First Financial Intermediaries, 89 Stanmore Hill, Stanmore, Middlesex HA7 3DZ.