Gilbert Stephens Financial Services Limited is incorporated in England and Wales (company registration number 4812616) and is a “controller” under the General Data Protection Regulation.
We are authorised and regulated by the Financial Conduct Authority (number 579899).
You can contact us:-
- By mail at our registered office which is at is at 17 Southernhay East, Exeter EX1 1QE
- By telephone – 01392 346464 (ask for the Data Protection Officer)
- By e mail – ku.oc1556050815.sfsn1556050815ehpet1556050815streb1556050815lig@l1556050815ortno1556050815catad1556050815
What we mean by “Personal Data”
Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date or birth, National Insurance number. Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.
In the context of providing you with assistance in relation to your Investment / Mortgage / Finance / Insurance requirements Your Personal Data may include:
- Title, names, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity
- Employment and remuneration information, (including salary/bonus schemes/overtime/sick pay/other benefits), employment history
- Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependents
- Health status and history, details of treatment and prognosis, medical reports (further details are provided below specifically with regard to the processing we may undertake in relation to this type of information)
- Any pre-existing investment / mortgage / finance / insurance products and the terms and conditions relating to these
Whose data do we hold?
We may hold data about the following people:
- Suppliers and service providers
- Advisers, consultants and other professional experts
- Prospective clients
The basis upon which our Firm will deal with Your Personal Data
When we speak with you about your investment / mortgage / finance / insurance requirements we do so on the basis that both parties are entering a contract for the supply of services.
In order to perform that contract, and to arrange the products you require, we have the right to use Your Personal Data for the purposes detailed below.
Alternatively, either in the course of initial discussions with you or when the contract between us has come to an end for whatever reason, we have the right to use Your Personal Data provided it is in our legitimate business interest to do so and your rights are not affected. For example, we may need to respond to requests from mortgage lenders, insurance providers and our Compliance Service Provider relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.
On occasion, we will use Your Personal data for contractual responsibilities we may owe our regulator The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing Your Personal Data in order to meet a legal, compliance or other regulatory obligation to which we are subject.
The basis upon which we will process certain parts of Your Personal Data
Where you ask us to assist you with for example your insurance / ethical investments, in particular life insurance and insurance that may assist you in the event of an accident or illness, we will ask you information about your ethnic origin, your health and medical history (Your Special Data). We will record and use your Special Data in order to make enquiries of insurance / investment providers in relation to insurance products that may meet your needs and to provide you with advice/guidance regarding the suitability of any product that may be available to you.
If you have parental responsibility for children under the age of 13, it is also very likely that we will record information on our systems that relates to those children and potentially, to their Special Data.
The arrangement of certain types of insurance may involve disclosure by you to us of information relating to historic or current criminal convictions or offences (together “Criminal Disclosures”). This is relevant to insurance related activities such as underwriting, claims and fraud management.
We will use special Data and any Criminal Disclosures in the same way as Your Personal Data generally, as set out in this Privacy Notice.
Information on Special Data and Criminal Disclosures must be capable of being exchanged freely between insurance intermediaries such as our Firm, and insurance providers, to enable customers to secure the important insurance protection that their needs require.
How do we collect Your Personal Data?
We will collect and record Your Personal Data from a variety of sources, but mainly directly from you. You will usually provide information during the course of our initial meetings or conversations with you to establish your circumstances and needs and preferences in relation to investment / mortgages / finance / insurance. You will provide information to us verbally and in writing, including email.
We may also obtain some information from third parties, for example, credit checks, information from your employer, and searches of information in the public domain such as the voters roll.
If we use technology solutions to assist in the collection of Your Personal Data for example software that is able to verify your credit status. We will only do this if we have consent from you for us or our nominated processor to access your information in this manner.
With regards to electronic ID checks we would not require your consent but will inform you of how such software operates and the purpose for which it is used.
What happens to Your Personal Data when it is disclosed to us?
In the course of handling Your Personal Data, we will:
- Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees and consultants within our Firm and only when it is necessary to provide our service to you and to perform any administration tasks associated with or incidental to that service
- Submit Your Personal Data to Product Providers / Mortgage Lenders / Commercial Lenders and/or Insurance Product providers, both in paper form and on-line via a secure portal. The provision of this information to a third party is essential in allowing us to progress any enquiry or application made on your behalf and to deal with any additional questions or administrative issues that lenders and providers may raise.
- Use Your Personal Data for the purposes of responding to any queries you may have in relation to any investment / mortgage / finance product or insurance policy you may take out, or to inform you of any developments in relation to those products and/or polices of which we might become aware
Sharing Your Personal Data
From time to time Your Personal Data will be shared with:
- Investment Providers / Mortgage lenders / Finance lenders and insurance providers
- Third parties who we believe will be able to assist us with your enquiry or application, or who are able to support your needs as identified. These third parties will include but may not be limited to, our Compliance Advisers, Product specialists, estate agents, providers of legal services such as estate planners, conveyancing, surveyors and valuers (in each case where we believe this to be required due to your particular circumstances).
In each case, your Personal Data will only be shared for the purposes set out in this customer privacy notice, i.e. to progress your investment / mortgage / finance and/or insurance enquiry and to provide you with our professional services.
Please note that this sharing of Your Personal Data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this Customer Privacy Notice.
We do not envisage that the performance by us of our service will involve Your Personal Data being transferred outside of the European Economic Area.
How long will we keep your information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When it is no longer necessary to retain your personal information, we will delete or anonymise it. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal or regulatory requirements.
If you were an existing client as at 1st May 2018, and have been receiving information about our services (marketing) from us, we will continue to contact you by postal and electronic means (e-mail) with information about our legal services, unless you ask us not to do so by contacting ku.oc1556050815.sfsn1556050815ehpet1556050815streb1556050815lig@l1556050815ortno1556050815catad1556050815
If you become a client after 1st May 2018, we will contact you by post or electronic means with information about our services, but only if you have consented to this. You can choose to not receive these types of communication by contacting ku.oc1556050815.sfsn1556050815ehpet1556050815streb1556050815lig@l1556050815ortno1556050815catad1556050815
We will ensure that all of the information you provide us with is kept secure using appropriate technical and organisational measures. In the event of a personal data breach we have in place procedures to ensure the effects of such a breach are minimised and will liaise with the Information Commissioner’s Office and with you as appropriate. More information is available from the Data Protection Officer.
What rights do you have?
You have the following rights under the GDPR:-
- A right to be informed about how we process your data
- A right of access – you are entitled to find out what information we hold about you and why- see below.
- A right to rectification so that we must correct or update your details.
- A right to erasure – see below.
- A right to restrict processing.
- A right to data portability enabling you to obtain and re-use the personal data you have given to us.
- A right to object to us processing your data for marketing or profiling purposes.
- Rights concerning automated decision making and profiling.
Right of access
You have a right to see the information we hold about you. To access this you need to provide a request in writing to our Data Protection Officer, together with proof of identity. We will usually process your request free of charge and within 30 days. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further 2 months if the request is manifestly unfounded or vexatious and/or is very complex. Further details are available in our Data Subject Access Policy which is available on request from the Data Protection Officer.
Right to erasure
You have a right to ask us to erase your personal data in certain cases. Details can be found in Article 17 of the GDPR. We will deal with your request free of charge and within 30 days, but reserve the right to refuse to erase information that we are required to retain by the law or regulation or that is required to exercise or defend legal claims. To exercise your right to erasure please contact our Data Protection Officer.
Who you can complain to
If you are unhappy about how we are using your information or how we respond to your request then initially you should contact the Data Protection Officer. If your complaint remains unresolved then you can contact the Information Commissioner’s Office, contact details are available at www.ico.org.uk.
To find out more information about the General Data Protection Regulation and the way in which it is administered contact the Information Commissioner’s Office or online at www.ico.org.uk.