PRIVACY AND COOKIES POLICY
For the purpose of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (collectively the “Data Protection Laws”) the Data Controller is Avidus Scott Lang & Co Ltd.
We are an authorised representative of the Best Practice IFA Group Limited (“Best Practice”), who assist us with various aspects of our compliance activity, including FCA compliance, AML checks and data protection. In order that Best Practice can provide these services, we are required to send across personal data we have collected. More information about how Best Practice will use your personal data can be found in their Privacy Notice at https://www.bestpractice.co.uk/best-practice/privacy-policy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
YOUR PERSONAL INFORMATION
Information we collect from you
We collect and process some or all of the following types of information from you in the course of providing our services
• Information that you provide by filling in a factfind and other documentation. This includes information provided at our initial meeting, review meetings and when requesting further information or services.
• Specifically, personal details such as name, email address, date of birth or any information provided when completing a factfind and provided whilst using our Services. We may also include special category personal data relating to your health.
• If you contact us, we will keep a record of that correspondence.
• Information you provide when using our website where you complete the ‘contact us’ or ‘general enquiry form’ available on the website www.avidusscottlang.co.uk
USES MADE OF YOUR INFORMATION
Lawful basis for processing
We rely on your consent as provided when you sign up to using our Services as the lawful basis on which we collect and use your personal data. Our legitimate interests in this data are to fulfil our contractual obligations to you and to fulfil our legal obligations as authorised and regulated firms.
Purposes of processing
We use information held about you in the following ways:
• To provide you with our services.
• To provide you with information that you request from us or which we feel may interest you.
• To carry out our obligations arising from any contracts entered into between you and us.
• To allow you to participate in interactive features of our service, when you choose to do so.
• To notify you about changes to our service.
We do not market to clients.
DISCLOSURE OF YOUR INFORMATION
We will not share your information for marketing purposes.
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you.
Where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.
Where it is necessary for your personal data to be forwarded to a third party we’ll use appropriate security measures to protect your personal data in transit.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
Other than as set out above and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between you and us, we will not share your data with third parties unless we have procured your express consent to do so.
STORING YOUR PERSONAL DATA
We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Keeping your personal data up to date
If your personal details change you may update them by accessing this data through the Wealth Platform portal, or by contacting us using the contact details below. If you have any questions about how we use data collected which relates to you, please contact us by either sending a request by email to the contact details below or in writing to the address below.
We will endeavour to update your personal data within seven working days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as possible.
How long we keep your personal data
In principle, your personal data should not be held for longer than is required under the terms of our contract for services with you. However, we are subject to regulatory requirements to retain data for specified minimum periods. We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us.
You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
Where we store your personal data
All of the information that we hold about you is stored on our secure servers within the EEA.
If you would like further information please contact us or the Compliance Director at Best Practice IFA Group Limited, of which we are an Appointed Representative (see ‘Contact’ below). We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
• access to your personal data and to certain other supplementary information that this Policy is already designed to address
• require us to correct any mistakes in your information which we hold
• require the erasure of personal data concerning you in certain situations
• receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object at any time to processing of personal data concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal data
• otherwise restrict our processing of your personal data in certain circumstances
• claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
• email, call or write to us or our Compliance Director at Best Practice IFA Group Limited
• let us have enough information to identify you i.e, full name, address and date of birth
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
• let us know the information to which your request relates including any account or reference numbers, if you have them
HOW TO COMPLAIN
We hope that we or our Compliance Director can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
The ASL website does not store or capture personal information about you when you visit it, it merely records traffic information. This means information about all our visitors collectively, for example how many visits the website receives. In order to respect our visitors’ rights of privacy, this information is anonymous, and no individual visitor can be identified from it.
You can disable and delete cookies by changing the appropriate setting within your browser’s ‘Help’, ‘Tools’ or ‘Settings’ menu. Please note that by disabling cookies you may not benefit from some of the features of our site. You can find out more about deleting or controlling cookies by visiting aboutcookies.org.
All questions, comments and requests regarding this Privacy and Cookies Policy should be addressed to email@example.com, alternatively write to us at Avidus Scott Lang & Co Ltd, Stafford Court, 145 Washway Road, Sale, M33 7PE. Or alternatively please contact our Compliance Director at Best Practice IFA Group Ltd, Sussex House, Holmwood House, Broadlands Business Campus, Horsham, West Sussex, RH12 4QP, telephone number 01403 334455, or via email at firstname.lastname@example.org