Private Office Asset Management Limited is committed to respecting and protecting your privacy.
Our company is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently.
This Privacy Notice explains, in line with GDPR, how we use any personal information we collect about you in order to provide the services for which we are engaged.
Why do we need to collect and use your personal data?
The information we collect about you is essential if we are to deliver the services you require from us effectively, and for us to fulfil our own legal and regulatory obligations.
The primary legal basis on which we rely for the processing of your personal data is for the performance of our contract for services with you.
We may also seek to rely on the basis of compliance with the law (for example in relation to delivering our anti-money laundering obligations), other legitimate interests, and consent where appropriate.
Where special category data (for example, that concerning your health) is required, we will generally seek to obtain your explicit consent in order for us to collect and process such information.
Data is also collected to help us better understand your needs and interests, to improve our own systems, products and services, and where you have consented, to send you relevant promotional and marketing information.
What personal information do we collect?
When you engage us to provide services, we obtain certain information relating to your personal and financial circumstances, and the following are examples of the types of information which might be collected, depending on the nature of the service:
- your identity, such as age, date of birth, gender and national insurance number;
- contact details, including your address, email, phone number and mobile number;
- employment details;
- family details;
- information regarding your current health condition;
- associated third party information, this includes your spouse, children or beneficiaries of trusts;
- financial details, such as source of wealth, existing investments, savings accounts, tax returns, and bank details;
- details concerning your attitude to investment risk, in some cases via an external profiling questionnaire;
- lifestyle information (such as hobbies and interests);
- account activity, generated and collected through the provision of our services to you through 3rd party providers;
- Internal Protocol (IP) address, collected passively when you use our website or client portal.
We may also collect information when you complete client surveys, provide feedback, or request literature, guides, or further details regarding our services.
Information relating to usage of our website is collected using cookies, which are text files used for detecting the kind of device you are using in order to present content in the most appropriate manner, or for other purposes intended to enhance your experience. Further information pertaining to our website privacy is contained later in this Notice.
Special category, or ‘sensitive’ personal data
Certain categories of personal data are sensitive by nature and include information about an individual’s race, ethnic origin, political views, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation. Such information will be processed only with your consent, and in accordance with the terms on which we are engaged to work with you.
Information about connected individuals
In order to provide our services effectively, we may need to gather personal information about your close family members and dependents. In such cases, we rely on you to have obtained the consent of the people concerned, to pass their information on to us. We will be happy to provide them with a copy of this Notice upon request.
Who might we share your information with?
We may share your information, if you have provided consent, with your other professional advisers as appropriate.
In order to deliver our services effectively, we may share your details with the carefully selected third parties with whom we engage for professional services (such as compliance, legal, anti-money laundering verification, accountancy and IT), as well as product, platform and other service providers (such as providers of risk profiling or cashflow modelling / forecasting).
Where third parties are involved in the processing of your data, we will put stringent safeguards in place, including a formal contract or agreement, to ensure that the nature and purpose of the processing is clear. This will also set out that they are subject to a duty of confidence in processing your data, and that they will only act in accordance with our formal agreement.
We may share your personal data with other third parties, for example in the context of the possible restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law. We may share your personal data with:
- any third parties with whom you require or permit us to correspond;
- professional indemnity insurers; and
- related parties where necessary for administrative or contractual purposes.
Our client database and some software licences are held in common with other connected entities; where relevant, we take measures (insofar as is reasonably possible) to maintain client confidentiality and that access to personal data is on a “need to know” basis.
Where it is necessary for us to forward your personal data to a third party, we will use appropriate security measures to protect your personal data whilst it is in transit, which may involve password protection or encryption where proportionate and appropriate.
How we protect information
The security and confidentiality of your personal information is extremely important to us.
All personal data which is collected and recorded, whether on paper or electronically, has appropriate safeguards applied in line with our legal obligations.
Data is protected by our internal policies and procedures, which are designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees undertake regular training in relation to data protection and are subject to duties of confidentiality which apply to the personal data we obtain and process.
Our information security controls are aligned to industry standards and good practice. This provides a secure control environment that effectively manages risks to the confidentiality, integrity and availability of information. Additionally, our controls ensure we can restore your data in situations where the data is corrupted or lost in a disaster recovery situation.
Where appropriate, we use encryption or other security measures which we deem suitable to protect your information. We also review our security procedures periodically and will consider relevant new technologies and updated methods. But, despite our reasonable efforts, no security measure can ever be perfect or impenetrable.
If you would like more details or are concerned about any particular issue, please contact us (see later section ‘How to contact us’ for details).
Where your information is processed
Your information is mainly processed in the UK and European Economic Area (EEA). Where processing takes place outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as required by applicable data protection laws.
Retention of your information
During the course of our relationship, we will collect and retain personal data that is necessary for us to provide our services to you, and take reasonable steps to keep the information we hold up to date.
In relation to some aspects of our business we are subject to regulations which require us to retain your data for specified minimum periods of time which are:
- Five years for investment business;
- Three years for insurance and mortgage business;
- Indefinitely for pension transfers and opt outs.
These are minimum periods, and we do reserve the right to retain data for longer where we believe it is in our legitimate interests to do so. Outside of our regulatory obligations, we would typically seek to retain records for a period of 7 years after the date our relationship ends. You do, however, have the right to request the deletion of your personal data, which we will comply with, subject to our regulatory obligations and legitimate interests as noted above.
Handling telephone calls and other electronic communications
We retain copies of electronic communications for record keeping, monitoring and quality purposes, the provision of our services and for audit and training purposes. We may record telephone or internet/video calls, access to which is restricted to those individuals who have a need to access them for the purposes set out here.
Our website is published, hosted and maintained by carefully selected business partners on our behalf, who will not collect personal data about individuals, except where it is specifically and knowingly provided by them.
When you visit our website, the web server will collect basic information such as your internet service provider’s domain name, the areas of our website you visited, and when.
Our website may contain links to other third party websites which we believe may be of interest. It is important to note that these links will direct you away from our website, to other sites over which we have no control. We cannot, therefore, be responsible for the processing and privacy of your information by third party websites, and would refer you to their respective Privacy Notices and Policies. In some cases, we may receive remuneration from the providers of third party links displayed on our websites.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic, which is used to tailor the experience to visitors’ needs, and improve our website. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages are found useful and by whom. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. Further information may be found at www.allaboutcookies.org
You can choose to accept or decline cookies, and most web browsers now require users to make that choice. You can usually modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the website. The main types of cookies are explained below:
Required cookies are critical to the functionality of our websites, for example, to keep a user logged in to their account.
Functional cookies are used to track visitors to our websites, helping us understand how websites are being used and help us improve the experience for others.
Marketing cookies are used to track the number of people who click on third party links displayed in our websites, and provide statistical information.
We may use Google analytics to help us understand how our websites are being used. It generates statistical information about website use by means of ‘cookies’ which are stored on users’ computers.
We would like to send you information about our firms services and other financial planning information, including invitations to events we feel may be of interest, and require your express consent for us to be able to do so.
Where this consent has been given, you have the right to ask us to stop contacting you for marketing purposes at any time. For existing clients, opting out of marketing will not change how we communicate with you in the course of delivering our agreed services.
Your rights in relation to Data Protection
You have a number of rights under data protection laws in relation to how we process your information. These are summarised below, however If you are unhappy with the way in which we process your data, you may contact the UK’s supervisory authority for data protection at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) Fax: 01625 524510 www.ico.org.uk
Right to be informed
You have a right to receive clear and easy to understand information on what personal information we have, why we have it, and who we share it with.
Right to access your information
Subject to certain exceptions and exemptions, you are entitled to request a copy of the information we hold about you.
Where your personal data is processed by automated means, you have the right to request that we move your personal data to another organisation for their use.
We have an obligation to ensure that your personal information is accurate and up to date, so please ask us to correct or remove any information you feel is incorrect.
Right to request erasure
You can ask for your information to be deleted or removed, which will be done where there is not a compelling or regulatory/legal reason for us to retain it.
Right to restrict processing
You can ask to block or suppress the processing of your personal data for certain reasons. This means that we are still permitted to keep your information but only to ensure we do not use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal data for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way; for example, if you were moving your pension or savings account to another provider.
Right to object or withdraw consent
You can object to us processing your personal data, in which case we must cease to do so unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or for the establishment, exercise or defence of legal claims.
Where we are processing your personal data with your consent, this can be withdrawn at any time. This might, however, limit or remove our ability to act in accordance with the prevailing terms of engagement between us.
How to contact us
If you have any questions about this Privacy Notice, the personal data we will obtain and process, you wish to opt out of direct marketing, or wish to exercise any other of your rights as a Data Subject, please contact us:
Private Office Asset Management Limited
Telephone: 01444 615080
The Stalls, Balcombe Place Stables
Haywards Heath Road
Balcombe, West Sussex, RH17 6QJ
Changes to our privacy notice
We keep our privacy notice under regular review and will publish updates on our websites. This notice was last updated in June 2021.