Affinity Connect Limited is committed to protecting and respecting your privacy.
Any reference to “we”, “our” or “us” means Affinity Connect Limited trading as ‘Affinity Connect’, which is a private limited company with registered company number 04256854. Our registered office address is 5 Temple Square, Temple Street, Liverpool, L2 5RH.
This notice applies to personal data we process in connection with the provision of services to you.
Please read it carefully as it contains important information as to how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and what to do in the event you have a complaint.
We are a data controller and data processor in respect of your personal data and we are responsible for ensuring that we use your personal data in compliance with data protection law.
Under data protection law, we can only use your personal data if we have a proper reason for doing so. The following are the most likely reasons we will use your personal data:
- in the performance of any contract we may have with you;
- where you have given consent for us to do so;
- to comply with legal obligations we may have;
- for legitimate interests which might include complying with requests from you or keeping you updated in relation to changes to our services.
Personal data we collect about you
Data received directly from you
When you make contact with us in relation to the services we offer we will ask you to provide personal information which will be restricted to the information required to provide whichever service you require.
This information may include (but not be limited to) one or more of your name, title, address, e-mail address, phone number, date of birth, national insurance number, bank account details, nationality, family circumstances, income, financial commitments, investments, pensions and sensitive information (such as health details).
Data will also include any other information or updates to your information that you provide when corresponding with us.
Data received from third parties or publicly available sources
We may request or receive information from external sources for the purpose of complying with legal requirements or where you have authorised third parties such as product providers to provide personal information to us.
How we might collect your personal data
Data may be collected in various ways which include (but are not restricted to):
- written communications received from you which contain your personal data;
- telephone calls to or from you which may elicit personal information;
- fact finding documents completed by us in the course of providing services to you;
- information provided in face to face conversations with you;
- application forms submitted by you or on your behalf;
- documentation received from third parties;
- communications via email, website or other electronic means;
- publicly available information.
How and why we use your personal data
The following are typical of the ways in which we use your data but are not exhaustive:
- to provide services which we have contractually committed to provide to you;
- for operational purposes and statistical analysis (including behaviour analysis);
- to provide you with up-to-date information concerning investment products and services (including those supplied by third parties) which we feel may be appropriate for you to consider in connection with the provision of the services;
- to identify you when you contact us;
- to provide you with other services reasonably ancillary to our obligations arising under or in connection with any contract with you;
- to administer and maintain user access to our services and/or website;
- to monitor and improve our services and website;
- for internal analysis and research;
- to provide information in relation to services offered by the Wealth at Work group of companies;
- to meet legal and regulatory requirements.
Special category data
We may on occasion collect sensitive personal information about you. By way of example, where data in relation to your health is required for a particular service, we will obtain your explicit consent to process this special category data for such purposes.
Sharing your personal data
We do not share your data with any third party for marketing purposes.
We may share your personal data within the Wealth at Work group.
We may share your data with the following third parties:
- those providing services to us under a contractual arrangement for the purpose of enabling us to provide services to you, which will include software suppliers and third party administrators;
- professional advisers including lawyers, bankers, auditors and insurers in the normal course of business;
- legal agencies with whom we are obliged by law to provide data to such as HM Revenue & Customs;
- fraud prevention agencies.
Your personal data may be shared in the circumstances described below:
- to facilitate the provision of services to you and the running of our business;
- to facilitate the administration and maintenance of user access to our services and/or website;
- to ensure the safety and security of our data (and that of third parties, including data vendors and other data sources);
- to conduct and/or improve our business development activities.
Where your personal information is held
Your personal information will normally be held at our offices and the offices of any third parties with whom we share data and in electronic files which may be held in secure servers in the UK or placed in the Cloud.
We will endeavour to ensure that your personal information will always be stored in the European Economic Area (“EEA”). However, from time to time, it may be transferred to, stored in, or accessed from a destination outside the EEA. It may also be processed by individuals operating outside of the EEA who work for us or for one of our suppliers.
Any transfer outside the EEA is subject to special rules under European and UK data protection law. Where your personal data is transferred outside the EEA, we will ensure it has an appropriate level of protection and that the transfer complies with data protection law.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us using the details set out in the “Contact us” section below.
We do not generally process personal data belonging to children and will only do so at your instruction.
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose (for example, to communicate with you in respect of our services for so long as you remain a recipient of such services, or to respond to any questions, complaints or claims made by you or on your behalf);
- legal and regulatory obligations – applicable laws, rules or regulations may set a minimum period for which we have to store your personal data.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach when appropriate.
Your legal rights
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it.
Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Request restriction of processing of your personal data.
Request the transfer of your personal data to you or to a third party in certain situations. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Lodge a complaint with the Information Commissioner if you think that any of your rights have been infringed by us.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information and you can make a complaint by writing to us at our registered office address, or contacting us by telephone on 0800 019 6076, or by contacting your Corporate Relationship Manager or Adviser if you are an existing client.
You can also contact the Information Commissioner at www.ico.org.uk/concerns or telephone 0303 123 1113 for further information about your rights and how to make a formal complaint.
Please contact us if you have any questions about this notice or personal data that we may hold about you. You can write to us at our registered office address for the attention of the Legal Department, Alternatively, you can email us at firstname.lastname@example.org.
This privacy notice may be updated from time to time and the most recent version can be found on our website, or we can provide you with a hard copy on request.