Your personal information will be held by Forty Two Financial Planning Limited (Forty Two) for the purpose of the (GDPR). Forty Two is the controller of personal data relating to individuals and businesses who have signed up for our services and for prospective clients, for the purposes of relationship management, marketing and business development.
Forty Two collects your personal data, including information provided in various ways. Some of this data is gained directly from you, including:
Some personal data may also be gained from other sources, such as: Information gained from the providers of your existing pension, investments and insurance contracts.
The data that we collect will depend upon our interactions with you and whether or not you choose to become a client.
Once Forty Two has received your information we are committed to ensuring we have all necessary technical and organisational controls in place to keep your information secure.
In order to prevent unauthorised access or disclosure Forty Two has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Forty Two will only process your data where it has a legal basis for doing so.
Forty Two uses the data collected to communicate with you, and in the provision of our Financial Planning services.
We may also use your data to improve or maintain the services we offer to you and our website.
We will never share your data with any other third party, other than those stated in this policy, nor use your data for any other purpose, unless we firstly gain your consent to do so.
We may use your data for profiling in the context of segmentation and targeting for marketing purposes. We may use personal data such your previous financial activity or with our marketing communications to enable us to provide you with information and promotions that are likely to be relevant to you. We may also use data such as your name to personalise communications you receive from us.
You have the right to access rectify, erase, object and restrict the processing of your personal data, with the ability to choose which promotional communications you wish to receive and how you would like to receive them.
You also have the right to opt-out of receiving our marketing communications at any time.
Our legal basis for processing your personal data may rely on the basis of:
Forty Two shares your data with the following third-party service providers. The data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA.
Forty Two will ensure that any third-party processor has adequate data protection measures in place that align with the requirements of the GDPR by conducting periodic due diligence.
Forty Two will not share your data with any third-party processor outside of the UK, EU, Australia or USA.
Forty Two does not sell your personal data or other information to any third-party.
Forty Two stores personal information on a secure database which is hosted on an encrypted server and backed up to a secure remote location (MAXBackup).
We may also be required to share your personal data with other parties in order to provide you with an effective service. This will include companies with which you have individual financial contracts, such as pensions, investments and life assurance, arranged.
In the provision of our services to you it may also be necessary for us to share information with companies providing us with services:
In all cases your information will be used solely in connection with their work with Forty Two and will not be used to provide you with services or direct marketing.
Forty Two will only keep your personal data for as long as necessary for the purposes for which it was gained.
Personal data obtained for the purpose of a Contract between us for the provision of financial planning services or where we have another legal basis for processing may be retained indefinitely in line with our regulatory obligations.
Personal data obtained for the purposes of business development, such as where you have provided contact details to us through our website but have not chosen to continue with our services, will be held for a period of no more than 12 months.
Personal data collected from surveys, feedback and questionnaires, are held only for the duration of its usefulness i.e. the duration of a campaign. The data is then anonymised and retained for internal evidential purposes or deleted.
Forty Two will review the personal data we hold on you annually to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If your data becomes inaccurate, we will update it accordingly.
If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, where we are allowed to do so under FCA regulations.
Forty Two will be more than happy to help you should you have any complaints about the processing of your personal data. Under the GDPR, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissionaires Office (ICO), who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: ico.org.uk or through their helpline: 0303 123 1113.