This document refers to personal data, which is defined as information concerning any living person (a natural person, called the Data Subject) who is not already in the public domain.
Personal data could be used to identify you. It includes your name and contact details and can also include data about your transactions or your use of our services.
The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain.
Where reference is made to ‘Sound Financial Management Ltd’, ‘our’ and ‘us’, the reference includes Sound Financial Management Ltd and its registered Appointed Representatives.
Where reference is made to a ‘contract’, the reference includes any contract, agreement, service or proposition we may have or may enter into with you or with the business you are connected with.
What personal information we may collect
Sound Financial Management Ltd is committed to protecting your privacy and ensuring your personal information is collected and used appropriately, lawfully and transparently. We are responsible as a Data Controller of your personal information.
We collect certain personal information about you. The type of information we collect will depend on the purpose for which it is collected. It may include:
• your name, address, phone number, email address
• information to verify your identity
• information about your personal circumstances
• family, lifestyle and health information
• financial and bank information
• employment information
• product details
• data about any criminal convictions or offences
• details of any vulnerability
• details of dependents and/or beneficiaries under a policy *
We may collect this information about you when you:
• Contact us about our services
• Consent to receiving communications about our news, services and events
• Take steps to and/or enter into an agreement for our services
We ask for personal information at the start of our working relationship and in subsequent communications to check your identity. This is a legal requirement and is important to help safeguard you and us against potential crime.
Where we provide services to companies we may collect personal information about the directors and shareholders of the company. With regards to trusts we may collect information about the settler, beneficiaries and trustees.
Information collected from other sources
We may also collect data about you from other sources, in some cases with your consent. Where we obtain this information from another party it is their responsibility to ensure they explain they will be sharing personal data with us and, where necessary, ask permission before sharing information with us. For example:
• A previous financial adviser
• Lenders and/or product providers
• Your accountant or other professional adviser
• External third parties – to verify your identity
Special category data
Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These include data about your health and medical history, racial or ethnic origin, genetic data, sexual orientation and disability information. Data relating to criminal convictions and offences are also subject to additional levels of protection. These types of data are also known as sensitive personal data. Where we process such data, in some cases it is processed with consent.
We may lawfully process such information when providing a service in relation to a protection or general insurance product, including advising, arranging or administering an insurance contract. In addition, we may process such information for the establishment, exercise or defence of legal claims or to deal with a complaint.
In the course of our activities relating to the prevention, detection and investigation of financial crime, or for the purpose of compliance with regulatory requirements relating to unlawful acts and dishonesty, we may lawfully process criminal conviction or offence information.
We may process sensitive data when it is necessary for reasons of substantial public interest, for reasons of due diligence or to comply with regulatory and legal obligations to which we are subject and to cooperate with regulators and law enforcement bodies.
If you choose not to give us personal information
You are in control of the information you share with us.
You can choose not to give us information. This may affect our dealings with you.
We may need to collect information to fulfil a legal obligation or to enter into or fulfil a contract we have with you or with the business you are connected with.
If you choose not to give us this information it may delay or prevent us from fulfilling our contract or doing what we must do by law. It may also mean we cannot access policy information required to fulfil our contract. It could also result in us cancelling our contract with you or the business you are connected with. We sometimes ask for information which is useful but not required by law or a contract. Knowing more about our clients means we are able to provide extra support and aids in improving our standards and services.
Information held about you
Sound Financial Management Ltd keeps your information only as long as is necessary for the purpose for which it was collected or for legal or regulatory reasons.
Sound Financial Management Ltd uses the information collected from/about you to enter into and/or undertake our contract with you and to maintain that relationship. This may include:
• Assessing your situation, aims and objectives
• Providing a suitable recommendation
• Providing illustrations and quotations
• Preparing and submitting applications
• Acting on any instructions you may provide
• Logging telephone calls with you
• Providing ongoing support, advisory and administration services
• Audit and record keeping for compliance and regulatory purposes
• Complying with our legal and regulatory requirements (which include confirming your identity and detecting/preventing fraud, money laundering, bribery and other malpractice)
• Maintaining effective data management systems
• Improving the security of our systems and procedures
• Client satisfaction research
You agree that any information which you give us, including sensitive personal data as defined by the Data Protection Act 1998 such as health and medical records, may be disclosed to third parties (e.g. product providers, credit reference agencies and medical practitioners, where relevant, and anyone whom we may use to process your application on our behalf or for the provision of a service) for the purpose of processing your application or provision of a service and for the ongoing administration of your investment, policy or service (including liaison with your accountant and/or tax adviser where necessary).
We may be required to share your data with our regulator and other third parties including our auditors or insurers.
You have the right to object to us processing your personal data for any of the purposes.
Legal basis for processing any personal data
Our legal bases for processing are:
• To meet our contractual obligations or where necessary for the performance of our contract or to take steps to enter into a contract with you
• For compliance with a legal or regulatory obligation
• Where we have your consent
• To respond to new enquiries
• Where it is in the substantial public interest
• For legitimate interests
Legitimate interests pursued by Sound Financial Management Ltd
Our legitimate interests relate to the following:
• to ensure that our client records are well-managed
• to provide a high standard of service
• to protect our business interests and the interests of our clients
• to develop and improve our services, systems, train our teams and provide a high standard of service to our clients
• to detect, prevent and investigate fraud, money laundering and other crimes and to verify your identity in order to protect our business and to comply with laws which apply to us
• to ensure our business is run prudently, for the recovery of debts owed to us and to protect our assets
• to ensure complaints are fully investigated, so that our clients receive a high standard of service and to aid with the prevention of complaints occurring in future
• to provide you with information about our services and about products which may be of interest and to provide clients with information more relevant to their circumstances
• to develop and prepare statistical reports to enable us to better understand how our clients use our services and to consider what changes we could make to improve them
When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.
You can withdraw consent at any time by emailing email@example.com or writing to us; see last section for full contact details.
If you withdraw consent, we may not be able to provide certain services to you or the business you are connected with.
In relation to direct electronic marketing, we would contact you if we have your specific consent to do so.
Who we may share your personal data with
We would share your personal data under the legal bases listed above. Where we may share it with third parties they also have to keep your data secure and confidential.
• Independent third-party service and product providers
• Our service providers and partners (including their sub-contractors)
• Insurance providers, including insurance underwriters, claims handlers and other such associated third parties
• Your advisers (such as accountants, lawyers, financial or other professional advisers) if you have authorised anyone like this to represent you, or any other person you have told us is authorised to give instructions or to use the services on your behalf (such as under a power of attorney)
• Your employer (in relation to a mortgage reference, for example)
• Official bodies including law enforcement and fraud prevention agencies
• Credit reference agencies (where necessary for credit and/or identity checks)
• Our regulator, our auditors, our insurers
• Other financial institutions you ask us to deal with
• Other entities as required where it is necessary for us to lawfully carry out our business activities
Sending data outside the EEA
We would not generally send data outside of the European Economic Area (EEA). We would only send data outside the EEA to:
• Follow your instructions
• Comply with a legal duty
• Work with a supplier to help us run our business
If we do transfer data outside the EEA we will ensure it is protected to the same extent as in the EEA by:
• Transferring to a non-EEA country with privacy laws that give the same protection as the EEA
• Transferring to organisations that are part of Privacy Shield (this is a framework which sets privacy standards for data sent between the US and EU countries, making sure the standards are similar to those used within the EEA)
Personal data Sound Financial Management Ltd processes for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, for the establishment, exercise or defence of legal claims (potential or actual), to deal with any future complaints, or to maintain business records for analysis and/or audit purposes.
Data storage and security
When you provide us with your information, you agree that we may hold this information about you. We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we hold. All of our team are provided security training and are required to adhere to a comprehensive set of security policies, procedures, and standards.
You have a right to ask us for more information about the safeguards we have in place.
Your rights as a data subject
At any point whilst Sound Financial Management Ltd is in possession of or processing your personal data, all data subjects have the following rights (subject to the provision of suitable identification for verification purposes):
• Right of access – you have the right to request a copy of the information that we hold about you
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
• Right to restriction of processing – where certain conditions apply you have a right to restrict the processing
• Right of portability – you have the right to have the data we hold about you transferred to another organisation
• Right to object – you have the right to object to certain types of processing such as direct marketing
• Right to object to automated processing, including profiling – you have the right not to be subject to the legal effects of automated processing or profiling
• Right to lodge a complaint - you have the right to complain about how your personal data is being processed
In the event that Sound Financial Management Ltd refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
Sound Financial Management Ltd at your request can confirm what information it holds about you and how it is processed. You also have a right to ask us for more information about our data security measures and the safeguards we have in place.
You can request the following information:
• Identity and the contact details of the person or organisation (Sound Financial Management Ltd) that has determined how and why to process your data
• Contact details of the data protection officer, where applicable
• The purpose of the processing as well as the legal basis for processing
• If the processing is based on the legitimate interests of Sound Financial Management Ltd or a third party such as one of its providers, information about those interests
• The categories of personal data collected, stored and processed
• Recipient(s) or categories of recipients that the data is/will be disclosed to
• How long the data will be stored
• Details of your rights to correct, erase, restrict or object to such processing
• Information about your right to withdraw consent at any time
• How to lodge a complaint with the supervisory authority (see below)
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
• The source of personal data if it wasn’t collected directly from you
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing
To access what personal data is held, identification will be required
Sound Financial Management Ltd will accept the following forms of ID when information on your personal data is requested: a copy of your driving license/passport/birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Sound Financial Management Ltd is dissatisfied with the quality or if there are additional requirements, further information may be sought before personal data can be released.
All requests should be made to firstname.lastname@example.org or by phoning 01752 207070 or writing to us at the address further below.
You have the right to complain about how your personal data is being processed by Sound Financial Management Ltd or its partners. If you do not get a response within 30 days you can complain to the Information Commissioner's Office which is an independent authority that upholds information rights in the public interest.
The details for each of these contacts are:
Sound Financial Management Ltd
Telephone 01752 207070 or email email@example.com
Information Commissioner's Office
Telephone 0303 123 1113
Sound Financial Management Ltd is registered in England and Wales under registration number 3857961. Our registered office is at the address quoted above. We are authorised and regulated by the Financial Conduct Authority and our Financial Services Register number is 192052.