This Policy provides information about the data we collect process and share and it demonstrates our commitment to always using the personal data we collect in a respectful manner.
Policy prepared by: Rachel Power, O’Dwyer Power, in consultation with Management
Approved by Management on: 09/05/2018
Policy became operational on: 25/05/2018
Next review date: 25/06/2018
- Data Protection Law
- Why We Collect Information and Data?
- What Types of Personal Data Do We Collect?
- How Do We Collect Personal Information?
- How Do We Use Personal Information?
- What Is Our Lawful Basis For Processing Personal Information?
- When Do We Share Personal Information?
- What Security Measures Do We Have?
- Data Accuracy
- Subject Access Requests
- Data Retention
- Privacy at Adelphi Financial Brokers
As a controller, Adelphi Financial Brokers needs to gather and use certain information about individuals. This Policy applies to personal information we obtain from individuals through our website and services. When you avail of our services you will be provided with our Terms of Engagement. When you use our services, you acknowledge that you have read this Policy and understand its content. We may update this Policy at any time we deem appropriate to reflect any changes in our services.
This policy applies to:
- The office of Adelphi Financial Brokers
- All staff and volunteers of Adelphi Financial Brokers
- All contractors, suppliers and other people working on behalf of Adelphi Financial Brokers
Data Protection Law
The General Data Protection Regulation (EU) 2016/679, effective as of 25th May 2018, which replaces the Directive 95/46/EC, describes how businesses must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The Regulation is underpinned by important principles. These say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with the purpose for which it was originally collected
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Kept in a form that permits identification of data subjects for no longer than necessary
- Processed in a manner that ensure appropriate security of the personal data
As a data controller, we take our responsibilities in ensuring the security of your data seriously and follow data protection guidelines in all areas of our business.
Why We Collect Information and Data?
We rely on information to run our business. In certain instances this information may include data that could be used to identify an individual. This is referred to as personal data. Part of the purpose of this Policy is to give examples of how personal data is collected and why it is used. For example, when a customer uses our service as a financial advisor, we must collect certain personal information in order to provide that service. Some examples of reasons for collecting personal data include:
- Pension services
- Financial services
- Investment services
- Mortgages services
- Life Cover services
- Income Protection services
What Types of Personal Data Do We Collect?
The following examples are indicative of the type of personal data that we may collect; the exact type of data will depend on the services being used:
- Contact information (such as name, email address, home address, phone numbers)
- Financial information (such as taxation details, income, payment card details, bank details)
- Identification data (such as PPS number, date of birth)
- Health information (such as illnesses, smoking habits, disorders)
- Employment details (such as occupation, work history, qualifications, educational history)
- Family details (such as marital status, number of dependents)
- Lifestyle information (such as interests)
- Behaviour details (such as attitudes to risks)
- Telephone recordings of conversations between individuals and Adelphi Financial Brokers
As well as the information listed above, we may also collect other personal data related to services we are asked provide to you.
How Do We Collect Personal Information?
In most cases we collect information directly from you when you initially engage our services. You decide on how much information to share with us, however, refusing to share certain information may limit our ability to provide you with the services you require. We may also receive personal information from a third party following a written authorised instruction from you by way of a letter of authority.
We may collect personal information over the phone during recorded telephone conversations, via email or in person.
How Do We Use Personal Information?
We use your personal information for such purposes as:
- To provide you with the services you request
- To provide you with the advice you request
- To provide you with quotes for services that you have asked us about
- To keep you informed about services that may be of benefit to you (unless you choose not to receive our marketing messages)
- To provide you with a schedule of your policies with us on an annual basis or when requested
- To bill you for our services
Much of the personal data we collect from you is directly relevant to our services. For example, should you require pension advice, we cannot give this to you without first collecting a range of personal information including, but not limited to: income, employment, financial details, number of dependants.
What Is Our Lawful Basis For Processing Personal Information?
As defined in the Regulations, we are required to demonstrate our legal basis for processing Personal Information. When you engage our company to provide you with a service, we are relying on Article 6(1(b)) of the General Data Protection Regulation (EU) 2016/679 which states “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
When we send you information relevant to further services we think would be of interest to you, we are relying on Article 6(1(f)) of the General Data Protection Regulation (EU) 2016/679 which states “processing is necessary for the purposes of the legitimate interests pursued by the controller”.
In order to provide you with certain services, it will be necessary for us to collect some Personal Information relating to your health. For example, should you engage our services looking for a quotation for Income Protection, we could not provide you with this without collecting information about your health. In these circumstances, the legal basis we rely on is “explicit consent” as per Article 9 (2(a)) of the General Data Protection Regulation (EU) 2016/679 which outlines the basis for processing special categories of data (including health data).
When Do We Share Personal Information?
We may share personal information in some of the following ways:
- To obtain quotes from third parties to provide you with services you request (such as pension providers, insurance companies, investment firms, mortgages providers)
- To instruct a third-party company on your behalf so as to provide you with a service you have requested
- The law may require us to share information with professional bodies or a regulator but we will only share information that is necessary to satisfy requirements
- We reserve the right to report to law enforcement any activities that we, in good faith, believe to be illegal
- In connection with, or during negotiations of a business merger or sale or similar business transfer provided that such party agrees to use such Personal Information in a manner consistent with this Policy
- For any US citizens, we are obligated to share any investment information with the US Revenue
- To ensure the security of our IT systems in order to protect your data
We do not share your Personal Information with third parties for their own marketing use without your permission.
What Security Measures Do We Have?
We use administrative, organisational, technical and physical securities to protect the Personal Information we collect and process. We ensure that we adopt appropriate controls which guarantee the security and confidentiality of your Personal Information.
For Personal Information gathered in paper form:
- When not required, the paper or files are kept in a locked drawer or filing cabinet
- Staff are instructed to make sure paper and printouts are not left where unauthorised people could not see them, e.g. on a printer
- Data printouts are shredded and disposed of securely when no longer required
When data is stored electronically, it is protected from unauthorised access, accidental deletion and malicious hacking attempts. We adopt the following controls:
- Staff are instructed to use strong passwords that are changed regularly and never shared between staff
- When working with personal data, staff are instructed to ensure the screens of their computers are always locked when left unattended
- If data is stored on removable media (e.g. Memory stick) these are kept locked away securely when not being used
- Staff are instructed not to remove any data or documentation from our offices
- Staff are instructed to always keep information strictly confidential and not to disclose or discuss a customer’s information or circumstances with any unauthorised outside parties
- Data is only stored on designated drives and only be uploaded to approved IT systems
- Data is backed up automatically on a daily basis with a confirmation being sent to the Privacy Officer when completed and are stored securely off-site
- Data is never saved directly to laptops, PC hard drives or other mobile devices such as tablets or smart phones
- All computers containing data are protected by approved security software and a firewall
- Staff do not save copies of personal data to their own computers and instead, always access and update the central copy of any data.
Everyone who works for or with Adelphi Financial Brokers has some responsibility for ensuring data is collected, stored and handled appropriately.
Each person that handles personal data is instructed to ensure that it is handled and processed in line with this policy and data protection principles.
These people have key areas of responsibility:
- The Managing Director is ultimately responsible for ensuring that Adelphi Financial Brokers meets its legal obligations and abides by its own policies and procedures.
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards
- Ensuring regular security checks are carried out to guarantee hardware and software is functioning properly
- Marketing duties
- Approving any data protection statements attached to communications such as emails and letters
- Addressing any data protection queries from the media
- The Privacy Officer, Nicola Ryan, is responsible for:
- Consulting with external Data Protection Advisers about data protection responsibilities, risks and issues
- Scheduling a review with external Data Protection Advisers with regard to reviewing all data protection procedures and related policies, in line with an agreed schedule
- Arranging data protection training and advice for the people covered in this policy
- Handling data protection questions from staff and anyone else covered by this policy, even if just to pass a query on to external Data Protection Advisers
- Recording any subject access requests (SARs) from individuals to see the data Adelphi Financial Brokers holds about them and following the SAR procedure
- Ensuring that any contracts or agreements with third parties that may handle the company’s sensitive data have been checked by a person with adequate knowledge of Data Protection requirements
- Ensuring any breaches are reported to the Data Protection Commissioner in line the Data Breach Procedure once instructed by the Managing Director
The law requires Adelphi Financial Brokers to take reasonable steps to ensure data is accurate and kept up to date. The more important it is that the personal data is accurate, the greater effort we put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
- Data will be held in as few places as necessary
- Staff are required to take every opportunity to ensure data is updated; for instance, by confirming a customer’s details when they call
- We will update the Personal Information we hold on your direct instruction at any time
- Data is updated as inaccuracies are discovered
Subject Access Requests (SARs)
All individuals who are the subject of personal data held by us are entitled to:
- Ask what information the company holds about them and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how the company is meeting its data protection obligations
SARs from individuals should be made by email, addressed to the data controller at firstname.lastname@example.org. We will supply a standard request form, although individuals are not obliged to use this form and we will respond within one month to any request.
It is necessary that we always verify the identity of anyone making a SAR prior to handing over any information, failure to provide us with adequate proof of identity will result in the SAR being denied.
We will retain your Personal Information for as long as you are a customer of ours or are availing of our services or advice or until such time as you terminate our engagement or cease to use our services and for a period of seven years after this time.
Unless otherwise specified, the following retention periods apply:
|Policy holder information||7 years after the contract has ended|
|Personal information for a quotation that was not incepted||3 years|
|Personal information for all general enquiries||3 years|
|Personal information in Client database||7 years from cessation of relationship|
Privacy at Adelphi Financial Brokers
At all times Adelphi Financial Brokers will take your privacy seriously and not infringe on your rights regarding the processing of your personal data. If at any stage you have concerns about your personal data, please inform us immediately.