Data Protection and Privacy Notice
At Eelah we are committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about people who visit our website or seek our services, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. If you are a client, or become a client of Eelah, we will notify you directly of any changes. By using our website or services, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or in writing to Eelah Ltd, Albert House, 256-260 Old Street, London EC1V 9DD. Alternatively, you can telephone 0203 086 8675.
How do we collect information from you?
We obtain information about you when you submit an enquiry on our website. If you seek our advice, or other services, we will collect information from you over the phone, in meetings, by e-mail and via the completion of questionnaires. We will also collect information about your existing arrangements from providers or other third parties; we will always ensure that when we do so, we have your authority to contact them directly.
We use an online service to carry out conflict checks, anti-money laundering and sanctions checks and to fulfil our obligations, anti-money laundering laws or regulations (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017)
What type of information is collected from you?
If you submit an enquiry on our website the personal information we collect will include your name, email address, and contact number as well as any other information you include in your message
If you are seeking advice or other services from us we will undertake a getting to know you process. This will include obtaining information about your personal and financial circumstances and objectives. Where you have investments or polices, we will obtain information on these either from you or upon consent from you, directly from the providers concerned. We will assess your Attitude to Risk and Capacity for loss and record this in our documentation. We will retain records of any investments or policies that you arrange through us as well as those you already have.
Where we are providing an ongoing service we will update the information as part of our review process and note this on our records.
As all of this information is required to enable us to provide our services and comply with our regulator’s requirements, if you opt not to provide it we may not be able to continue to advise you.
As a client of Eelah, there are likely to be situations where the information we collect from you, to allow us to provide our full financial life planning services, is a special category of personal data under the legislation. The most common example of this would be information about your health. We will request your specific consent to hold and process this information.
Legal Grounds for processing your information
We will rely on the following legal bases under European Data Protection legislation for processing your personal data:
Compliance with a legal obligation to which we are subject, principally:
The Financial Conduct Authority’s rules regarding how we provide advice to you, and how long we need to retain information pertaining to that advice;
As a financial services provider we have to be able to evidence compliance with our Regulator’s policies, practices and procedures even after you have ceased to be a client to comply with the Financial Ombudsman Service rules;
Anti-Financial Crime and Whistleblowing regulations.
Performance of, or anticipated entry into, a contract to provide you with a service. The personal data that we are required to collect in order to comply with our professional and regulatory obligations is required in order for us to perform this contract – we would not be able to act for you without this personal data;
To satisfy a legitimate interest, and allow us to provide additional services to you, once you are a client of Eelah. These may not be specifically set out within your contract with us, but provided to add value as part of our broader Eelah Family servicep. Examples could include (not an exhaustive list):
- Sending you a card on a special occasion;
- Informative updates relating to Financial Planning issues (an update following the budget for example) or broader inspirational life ideas;
- An invitation to a client event;
- A link to our latest blog.
Where you have given specific consent to us holding and processing your data for one of the following purposes:
- The processing of ‘Special Category Data’ as part of our ongoing relationship with you. Special Category Data includes:
- Health, genetics or biometrics;
- Race, ethnic origin, or religion;
- Sexual orientation or preferences.
- To hold your email address on our database for the purpose of providing occasional marketing material (this would only apply before you become a client of Eelah);
You are under no legal obligation to provide your personal and financial information to us. However, the nature of our services means that if you do not provide sufficient information to us, we will be unable to fully assess your situation to provide you with best advice.
How is your information used?
We will use your information to:
- Act as the basis for any advice we provide;
- To carry out our obligations arising from any contracts entered into by you and us;
- Provide information to investment providers or life assurance firms for the purposes of arranging products and services for you;
- Provide our ongoing service to you;
- Meet our regulatory obligations in the services we provide to you.
How do we keep your information up to date?
We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. In the course of any review, we will:
- Delete any data which is trivial or transitory in nature, or which in our opinion is no longer required for the purposes set out above.
- Update the data to ensure that any errors or inaccuracies are corrected.
- Archive data as detailed below.
- Subject to the data retention periods, as detailed below, securely delete the data when it is identified that we no longer need to hold it.
For how long will we retain your information?
We will hold and process your personal information for as long as you use the service you have requested. However we will not process it once we have ceased to provide that service unless required to do so to comply with a legal obligation.
We are required by legislation and the Financial Conduct Authority rules to retain records for minimum specified periods. These vary dependent upon the nature of the service provided.
We may retain your data for the following periods. In the event that more than one period applies to the same data, we will retain the data to the last such period to expire:
If you engage us to provide Financial Planning Services for you, or for any regulated advice or ongoing service, we will retain your data for a minimum of 6 and a maximum of 50 years after the date that we cease to provide services to you;
Where our services to you have included the arrangement of any contract or investment, we will retain your data for a minimum of 6 years, and a maximum of 50 years after that contract or investment ceases / matures;
If we advise you about a pension transfer, pension conversion, pension opt-out or Free-Standing Additional Voluntary Contribution we will retain your data indefinitely;
If, following initial meeting(s)/telephone call(s)/e-mail enquiry(ies) you decide not to engage with us for the provision of any service we will delete your data after 6 months;
However, if we have provided any advice, verbal or written, during that initial enquiry, we will hold your data for a minimum of 6 years to comply with our legal obligation.
Retention of Special Category Data
As referred to above, sometimes in order to provide you with advice, we may need to ask for more sensitive information, and will obtain your consent to hold and process such data. Where we rely on this information to provide you with advice, it will be retained on file for six years after we cease to provide services to you, or after the maturation of any policy we have arranged, whichever is the later.
If information in this category was obtained in the course of providing you with advice relating to pension transfer, conversion, opt out or FSAVCs, we will retain this information indefinitely.
We will regularly review data and where in our opinion such data has ceased to be Active we will archive it and process it only as Archived Data. Any data which is deemed Archived Data will only be processed in limited circumstances.
All storage of data, whether Active Data or Archived Data will be in accordance with good industry practice and will be undertaken in accordance with organisational systems and procedures, which will be regularly reviewed, to maintain the security of data.
Who has access to your information?
We will never sell or rent your information to third parties.
We will never share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf
We may pass your information to our third party service providers, as follows, for the purposes of fulfilling our contractual and legal obligations, and providing services to you:
- Compliance Support Consultants;
- Risk Profiling;
- Legal and Tax Professionals;
- Investment Houses and Life Assurance firms;
- Investment Analysts;
- Paraplanning (Report Writing and Research) services;
As the providers of these services may change from time to time, details of our current providers in these areas are not listed within this policy, but are available on request.
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. We are also required to ensure that their processes comply with relevant Data Protection Legislation.
The only other scenario, in which we may release your information to third parties, would be on your specific request, or where we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
We will make appropriate contact with you to provide any agreed services. Where this includes our ongoing service we will:
- Contact you at the agreed intervals to undertake ongoing ‘On Track’ meetings
- Contact you in between the agreed intervals if we believe that you need to take action on anything that may be outstanding.
- Make you aware of changes in the economic situation, taxation or other areas which may be relevant or interesting to you;
- Contact you in other ad-hoc ways, which enhance our relationship with you, as a long-term client.
If you wish to opt out of any of these communications, you will be able to do so at any time.
If you consent to our doing so, prior to becoming a client, we will add you to our database to provide occasional informative updates. If you do consent to be added to this database, you will have the opportunity to opt out at any time.
Your rights in relation to your information:
The accuracy of your information is important to us. Where we provide just an initial advice service the information will reflect your situation at that time and we will not normally update this (apart from a change of contact information). Where we are providing an ongoing service we will update the information as appropriate when we undertake a review with you. If between reviews, you change your contact information then please notify us and we will update our records.
Under new EU requirements you have a number of specific rights, these are summarised below:
Access – You may ask for a copy of the information Eelah holds about you and we will provide this within one month of receipt, free of charge (we may charge a fee for subsequent or duplicate requests).
Rectification - You may ask us to correct any information that we hold that is inaccurate or incomplete.
Erasure – You may ask us to delete or cease processing data in certain situations. Please note that we will have regulatory obligations to retain information for certain time periods and we will retain such information as we believe is necessary to fulfil these obligations.
Restrict processing – You may ask us to cease processing information. This means that we will be able to retain it but no longer act upon it. In the event that you no longer need our services and terminate them we will automatically cease processing information.
Portability – You may have the right to have your data transferred to another service provider in an appropriate electronic format. Please note that we will have regulatory obligations to retain copies of the information as outlined previously.
Objection – You may have the right to object to us processing information or using it for marketing purposes.
This is a brief summary of your rights and there may be restrictions on some of them. If you wish to explore any of these rights at any time please contact us on the addresses above and we will be pleased to assist you.
Where we obtain your data otherwise than directly from you, you will have the same or equivalent rights to those set out above.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it is retained securely and processed in a confidential manner. Your information may be accessed by your Financial Planner and our support staff for the purposes of providing our services to you. In addition, it may be accessed by Senior Managers and our Compliance Consultants (or the FCA) for the purposes of ensuring compliance with our regulatory obligations and reviewing the quality of our advice.
Information may be transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information that passes between us, and you should consider the risk of this. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
If you use our contact form, none of the data supplied will be stored by our website. You will need to check a box to send us the email, so that we can use your data, but only to answer your specific query.
Use of 'cookies'
It is possible to switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality when using our website.
Does this affect my privacy?
We do not attach any identifying or personal information to the cookie. We only allow third parties access to the data to create statistical reports for us.
When you visit our websites we use a cookie to assign you a randomly generated unique identifier. We log your activity on our websites against this identifier in our databases. Once in our databases, this information will be added to your user profile and we use this data to monitor your activity on our website.
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
If any provision, or part thereof, of this agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
In the event of any change in Data Protection Law occurring after the date of this agreement which requires the adoption of revised provisions dealing with data retention or portability, the parties will use all reasonable endeavours to agree such consequential changes to this agreement as may reasonably be required to comply with the requirements of Data Protection Law (“Compliant Terms”) and incorporate the same as an amendment to this agreement.
Transferring your information outside of Europe
If we need to share your personal data with a recipient outside the European Economic Area (“EEA”) (e.g. a professional advisor or third party engaged by us or you as part of our work under an engagement letter) we will ensure we do so in compliance with European Data Protection Legislation, including where applicable by ensuring that the transfer is necessary to perform a contract in place with you or a contract entered into in your interests. If these transfers affect you, you may contact us to obtain more precise information and a copy of relevant documentation.
Our employees may access our systems remotely when working abroad (including from jurisdictions outside the European Economic Area). Where they do so, they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.
Right to complain
If you believe that we are not holding your information correctly or are unhappy at any dealings with us regarding your information you may complain to the Information Commissioner’s Office. You can do this via their website https://ico.org.uk/concerns or by calling 0303 123 1113.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in May 2018.
Declaration and Consent
We take your privacy very seriously and will only use your personal information and data to administer the services we have agreed to provide you with, including but not limited to any products or contracts for investments, pensions, life cover, equity release or discretionary investment management services you have made or entered into through our firm.
When you enter into a contract with us, by signing our Eelah Ongoing Service Agreement, or ask us to provide services in anticipation of a contract being signed, you are confirming your agreement to these terms.