Data Protection and Privacy Notice
In order to provide you with financial planning services we will collect and hold personal data about and on you. We are also required to comply with the General Data Protection Regulation (Regulation (EU) 2016/679 (the "GDPR")) and as such hereby set out details as to how we process your data and your rights.
What information we collect about you
This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as information regarding your health, if this is necessary for the provision of our services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us.
We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We'll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
Website: Cookies and Other Tracking Technologies
Some of our web pages utilise "cookies" and other tracking technologies. A "cookie" is a small text file that may be used, for example, to collect information about web site activity. Some cookies and other technologies may serve to recall Personal Information previously indicated by a web user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them.
You may set most browsers to notify you if you receive a cookie or you may choose to block cookies with your browser, but please note that if you choose to erase or block your cookies, you will need to re-enter your original user ID and password to gain access to certain parts of the web site.
To protect your privacy, we have adopted the following principles:
Where Green Rose Financial Services Limited collects Personal Information on the web, we intend to post a purpose statement that explains why Personal Information will be collected.
You may choose whether or not to provide Personal Information to Green Rose Financial Services Limited. The notice we intend to provide where Green Rose Financial Services Limited collects Personal Information on the web should help you to make this choice.
If you choose not to provide the Personal Information that we request, you may be unable to fully utilise the services provided by Green Rose Financial Services Limited. If you chose to have a relationship with Green Rose Financial Services Limited, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship.
Wherever your Personal Information may be held within Green Rose Financial Services Limited, we intend to take reasonable and appropriate steps to protect the Personal Information that you share with us from unauthorised access or disclosure (as detailed below).
Access / Accuracy
To the extent that you do provide us with Personal Information, Green Rose Financial Services Limited wishes to maintain accurate Personal Information. Where we collect Personal Information from you on the web, our goal is to provide a means of contacting Green Rose Financial Services Limited should you need to update or correct that Information. If for any reason those means are unavailable or inaccessible, you may send updates and corrections about your Personal Information to firstname.lastname@example.org and we will make reasonable efforts to incorporate the changes in your Personal Information that we hold as soon as practicable.
Green Rose Financial Services Limited website is not structured to attract children. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 16 years of age bar that which is relevant to your financial planning, such as ages, schooling costs etc.
We are committed to privacy and we support current industry initiatives to preserve individual privacy rights on the Internet. Protecting your privacy on-line is an evolving area and this website will constantly evolve to meet these demands
Why we need your data
We need your data in order for us to:
- Provide financial planning services to you in accordance with this agreement which may include but are not limited to giving you financial advice and making recommendations as to investments and financial products which are suitable for you, taking into account current financial markets and economic conditions, availability of products and the providers of those products, as well as a detailed analysis of your personal circumstances and requirements.
- Comply with our regulatory obligations imposed by the Financial Conduct Authority in regard to the relevant 'Know Your Client' obligations. In addition, to comply with the Regulator's requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken and customer histories for prescribed periods of time as directed.
- Respond to any legitimate legal requests for information about you to the Regulatory authority or pursuant to an order of any court or tribunal having relevant jurisdiction, or as required by law for the purposes of but not limited to combatting fraud, money-laundering and criminal activities.
- Carry out our legitimate business and professional management responsibilities which include but are not limited to providing you with suitable advice, ensuring your portfolio and financial products continue to be suitable for you, adhere to anti money laundering requirements and investigating and resolving complaints.
General information about your data and your rights
Where we collect data directly from you, we will undertake:
- In addition to those third party companies expressly detailed in this agreement, to inform you in writing of the name and contact details of the data controller for that data and their representative. For example, where we arrange an investment on your behalf with a third party investment provider, the data controller may be the financial institution in question.
- To inform you, where appropriate, of the contact details for any Data Protection Officer appointed by us.
- To inform you and make clear the purposes for which the data is to be processed and the legal basis for that processing. In the event that the legal basis to be relied on is that of the legitimate interests of the data controller or any third party, we will inform you as to the nature of those legitimate interests.
- To inform you of the recipients or categories of recipients of data.
- In the event that the data controller proposes to transfer the data to a country other than those covered by the GDPR, to provide you with details of the safeguards surrounding such transfers and how to obtain a copy of them.
- To inform you of the period for which we propose to hold the data, or where this is not possible, the criteria which we will apply to data retention.
- To remind you of your rights whereby you may:
- request access to data of which you are the data subject
- object to, or withdraw consent for, the processing of the same
- obtain rectification of inaccurate data
- prevent data processing for the purposes of direct marketing
- object to decisions being taken by automated means and to have the logic behind those decisions clearly explained
- claim compensation for damages caused by a breach of the Act
- request data erasure
Where you exercise your right to request (via email or post) access to data of which you are the data subject, we will undertake to respond to you within 30 calendar days of receipt of your request. There will be no charge for this service unless the request is manifestly unfounded or excessive in which case we reserve the right to charge a fee or refuse to respond.
You may at any time, by giving notice to us in writing, request that we cease to process your data. We will undertake to comply with any such request as soon as is reasonably practicable.
Where the legal basis for the processing of your data is to adhere to compliance with a statutory or contractual obligation, or the necessary precondition to entering into a contract, including compliance with the requirements of any Regulator, we will inform you as to:
- Whether you are legally required to provide such data, and
- The consequences of failing to provide such data
Where we obtain your data otherwise than directly from you, you will have the same or equivalent rights to those set out above.
Save in the circumstance as detailed below, we will inform you which source the data originated from and whether it came from publically accessible sources. The information to be provided will be in accordance with the following time periods, whichever shall occur first:
- As soon as practicable after obtaining the data and in any event within 1 month
- At the time of our first communication with you using the data
- When the data is first disclosed to another person
We shall not be obliged to provide you with the information:
- Where you already have this information
- Where we are subject to an obligation of professional secrecy prohibiting the disclosure of the information
- Where disclosure would render impossible or severely impair the achievement of the reasons for which the data is to be processed. In such cases, we will do what we can to protect your rights and freedoms with respect to our processing of the data
You have the right to complain in regard to any aspect of the processing of your data and any breach of the above rights to the relevant supervisory authority, who in the case of the United Kingdom is the Information Commissioners Office, whom may be contacted at:
- Online: www.ico.org.uk
- Phone: 0303 123 1113
Holding your data
How long do we keep hold of your information?
- In principle, your personal data shouldn't be held for longer than is required under the terms of our contract for services with you. However, we're subject to regulatory requirements to retain data for specified minimum periods.
- We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us. In any case, we will not retain your personal data for longer than 6 years past the time of your death.
- You have the right to request deletion of your personal data. We'll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. In the course of any review, we will:
- Delete any data which is trivial or transitory in nature, or which in our opinion is no longer required for the purposes set out above.
- Update the data to ensure that any errors or inaccuracies are corrected.
- Archive data as detailed below.
- Subject to the data retention periods, securely delete the data when it is identified that we no longer need to hold it.
We will regularly review data and where in our opinion such data has ceased to be Active we will archive it and process it only as Archived Data. Any data which is deemed Archived Data will only be processed in limited circumstances.
All storage of data, whether Active Data or Archived Data will be in accordance with good industry practice and will be undertaken in accordance with organisational systems and procedures, which will be regularly reviewed, to maintain the security of data.
On the termination or expiry of any agreement to provide services to you and on your written request, we will, subject to our right to retain copies of data for the purposes set out above, agree to return any data you have provided to us in a structured, commonly used machine-readable format, or transfer the same to a new data controller nominated by you.
Whom we may share your data with
In order to carry out our legitimate business and to provide you with financial planning services, we have entered into agreements with and will share your information with the following companies, for the purposes of Compliance, IT systems security, data management and control and auditing. Full details of these companies address (all UK based) and contact details are available on request:
- Compliance and Training Solutions Ltd (Compliance consultants)
- Para Sols (Paraplanning, technical report writing professionals)
- Professional referrals e.g. Occupational Pension Transfers, Solicitors, accountants etc
- Verify - Electronic AML (Anti money laundering) checks
- Locum IFA (In the event of illness, death etc)
- CCL - Customer Database (I.T. may require remote access)
- Selecta Pension Software (Pension and retirement analysis software)
- Morningstar (Portfolio and Risk analysis software)
- Microsoft Office 365 (IT System Software)
- Accountant (Financials)
- Synology Cloud Back Up
- Purple Haze UK Ltd (Call answering service)
In addition to the above listed companies you will be notified in accordance with the terms of this agreement as to the name and contact details of the data controller for any other third-party entity with whom we share and / or transfer your data and their representative.
It is not our belief or practice to "market" you or to pass on your information to other companies who may wish to market you. Our standard practice is to discuss with you first, any new solutions, products or similar, as part of your ongoing service.
If any provision, or part thereof, of this agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
In the event of any change in Data Protection Law occurring after the date of this agreement which requires the adoption of revised provisions dealing with data retention or portability, the parties will use all reasonable endeavours to agree such consequential changes to this agreement as may reasonably be required to comply with the requirements of Data Protection Law ("Compliant Terms") and incorporate the same as an amendment to this agreement.
Declaration and Consent
We take your privacy very seriously and will only use your personal information and data to administer the services we have agreed to provide you with, including but not limited to any products or contracts for investments, pensions, life cover, equity release or discretionary investment management services you have made or entered into through our firm.
By using our services, you further acknowledge this Data Protection and Privacy Notice, and that you have been made aware of, and give your consent to, this firm's policy on sharing your data with other companies as detailed in the 'Whom we may share your data with' section of this agreement.