Westerby (“We”) are committed to protecting and respecting your privacy. For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is Westerby Trustee Services Limited registered at The Crescent, King Street, Leicester LE1 6RX. Visit our contact page for contact details.
TYPES OF PERSONAL DATA WE COLLECT
We may collect, use, store and transfer different kinds of personal data about you, as follows:
- Full Name;
- Permanent residential address (and previous addresses, if you have lived there for less than three years);
- Telephone contact numbers;
- E-mail addresses;
- Date of birth;
- National Insurance Number;
- Country of residence;
- Expected retirement age;
- Whether you are married or in a registered civil partnership;
- Spouse/civil partner’s name and date of birth;
- Employment status;
- Employer’s name and address;
- Details of any pension transitional protection and restrictions on contributions to pension schemes relating to you;
- Details of Lifetime Allowance used by you in other registered pension schemes;
- Financial information about you;
- Your personal bank details;
- Details of any agents/intermediaries acting on your behalf;
- Supporting information to verify your name and address;
- Outcome of identity searches and anti-money laundering due diligence;
- All communications to and from you (and anyone acting on your behalf) by telephone, e-mail, post or otherwise)
- We will also collect details of beneficiaries who are to receive benefits from your pension funds in the event of your death on an Expression of Wish form. We will only hold this data for the purpose of assisting in determining how benefits may be payable on your death.
We may, in certain circumstances, need to collect, process and hold sensitive personal information including any health or condition of any nature or your religion. Due to the nature of this personal information we will always seek your consent prior to requesting it for processing.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
WHY DO WE COLLECT INFORMATION?
We will only use your personal data when the law allows us to. We will collect sufficient personal information in order to establish Self-Invested Personal Pensions (SIPPs) and Small Self Administered Schemes (SSASs), including the provision of pre-contract illustrations where requested to assist you in making a decision about whether or not to establish such a pension scheme with us.
We will use your personal information for the following purposes:
- To enable you to obtain a projection/illustration;
- To process your application for membership of a SIPP or SSAS and for the underlying investments; • To administer your SIPP or SSAS, included the payment of benefits;
- To comply with legal or regulatory requirements, including (but not limited to) submission of information that is required by law by HM Revenue & Customs and the Financial Conduct Authority; • For the detection and prevention of illegal activities and in the protection of our legal rights, including liaison with regulatory bodies and law enforcement agencies;
- To inform you of changes to our products and services;
- For market research, statistical analysis, customer profiling and to aid in the development of our products and services.
WHEN DO WE COLLECT INFORMATION?
You may give us the data listed above by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you complete a SIPP or SSAS application form or when you submit an enquiry via our website.
If you use our online policy information system, a cookie is used to store a session identifier when a member or adviser logs into the website. This cookie contains no personal data, and is destroyed when you log out of the website or after 20 minutes of inactivity. No information apart from the date/time a user last accessed the site is stored by the website.
We may receive personal data about you from various third parties, such as when we carry out electronic identification verification checks.
WHEN WILL WE SHARE YOUR PERSONAL DATA?
We shall not share your personal data with any third parties for marketing purposes without your express consent. We may however, share your personal data with third parties as detailed below:
- Agents selected by you and for whom you have given prior consent for us to share personal information, including your appointed financial adviser(s);
- The managers/administrators of the underlying assets of your pension scheme;
- Co-trustees and/or co-owners of your pension scheme assets;
- Our service providers and agents (including their sub-contractors) or third parties who process information on our behalf in relation to, for example, banks for processing payments, printing services, bulk communication purposes and internet services;
- Any third party in the context of actual or potential legal proceedings provided we can do so lawfully.
We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce our terms and conditions, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE WILL WE STORE YOUR PERSONAL DATA?
All personal data that you provide to us is stored on our hosted company server, which is located within the United Kingdom. We have put in place appropriate security measures (including physical and electronic access controls, firewall technology, and other security measures) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WILL WE KEEP HOLD OF YOUR PERSONAL DATA?
How long we store your personal information depends upon the type of information we are holding and the purpose for which we need it.
Where you have established a SIPP or SSAS with us we will retain your data indefinitely in order to assist with any queries made by you (or an agent authorised by you) in relation to your historic policies/arrangements.
Where you cease to hold any pension schemes under our administration we will not use the information that we hold to contact you, other than in response to an enquiry by you or your agents.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. In respect of the personal information and the purposes for which we may process your personal information which are set out in this Notice, we have confirmed the legal basis upon which we collect and process your personal information in the TYPES OF PERSONAL DATA WE COLLECT’ and WHY DO WE COLLECT INFORMATION? sections above.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you or with your explicit consent, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “About us” heading above
Under certain circumstances, you have the following rights:
- to request that we provide you with a copy of the information we hold about you (“Access Request”);
- to request that we rectify any information we hold about you (“Right to Rectification”);
- to request that we erase any information we hold about you (“Right to be Forgotten”);
- to restrict the level of processing we carry out with your information (“Restriction of Processing”); • to obtain from us all personal data we hold about you in a structured, machine readable form, and have this information transmitted to another organisation (“Data Portability”);
- to object to our processing your information in certain ways (“Right to Object”); and
- to withdraw your consent at any time to our processing of your data.
Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at email@example.com, or by writing to us at The Crescent, King Street, Leicester LE1 6RX.
We shall comply with any request made under this section as soon as possible, and normally within one month from the date of your request. However, if necessary, for example if your request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify you if we need to do this.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). Please note that where we receive requests under this section which are manifestly unfounded or excessive, for example because they are repetitive in nature, we may charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested or refuse to act on the request.
You have the right to request a copy of the information that we hold about you at any time. Please note that in most circumstances, we shall not make a charge for this, however we may make a reasonable fee based on administrative costs for any further copies requested. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
RIGHT TO RECTIFICATION
You have the right at any time to ask us to rectify any personal data that we hold for you which is incorrect or incomplete. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.
RIGHT TO BE FORGOTTEN
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
RESTRICTION OF PROCESSING
You can ask us to restrict how we use your data in the following circumstances:
- where you believe that the information we hold about you is inaccurate, you can ask that we refrain from using your data until we can verify the accuracy of it;
- where we have unlawfully processed your data, you can ask that we restrict our usage of it rather than erase it completely; or
- where we no longer need to hold your information, but you wish us to retain your information for the purpose of establishing, exercising or defending a legal claim.
You have the right to obtain from us all personal data which you have provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on your consent, or for the purpose of a contract between us and the processing was carried out by automated means. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we are doing this for the performance of a task carried out in the public interest (which we shall have told you about, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.
You also have the right at any time to ask us not to process your personal data for direct marketing or profiling purposes (to the extent that such profiling is related to such direct marketing). We shall have informed you before the time we obtained your personal data whether we intend to process your personal data for this purpose, or if we intend to disclose your information to any third party for such purposes.
If we process your personal data for automatic decision making or profiling purposes (i.e. to analyse or predict your personal preferences, and such profiling is automated) we shall ensure that we tell you about this beforehand, and will only do this where this is a necessary condition of entering into a contract between you and us, or where you have given us your explicit consent to do this.
RIGHT TO WITHDRAW CONSENT
Where you have given us your consent to our processing of any of your personal data, you have the right to withdraw your consent at any time, for example if you no longer wish for us to share your information with third parties for marketing purposes (where you have previously consented to this). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Please be aware that you cannot opt out of receiving regulatory or legal information, or updates (such as information regarding a change to our product terms and conditions).
HOW TO MAKE A COMPLAINT
If you have any concerns about our use of your personal information, you can make a complaint to us by email at firstname.lastname@example.org, by post Compliance Department, Westerby Trustee Services limited The Crescent, King Street, Leicester LE1 6RX or by telephone on 0116 3260183.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
COOKIES USED ON OUR WEBSITE