Our Approach to privacy and data protection
Under the Data Protection Act 2018, each Brunsdon Financial company is a Data Controller of the personal data that it gathers on its clients. Clients can be individual, Corporate or employees of a Corporate client – all references to ‘you’, ‘your’ or ‘our’ relate to either an individual client, corporate client or employee of a corporate client. In addition, references in the ‘third sense’ also refer to our individual clients, Corporate clients or employees of a Corporate client.
By definition, the data controller determines the purposes and means of the processing of that data.
As Data Controller, we have an obligation to provide information to our clients and third parties about how we process your data in a fair and transparent manner. This Privacy Statement explains what type of information we collect, how we may use any personal information we hold, its origin and who it is shared with.
We have appointed the Compliance Director for Brunsdon Financial Services Limited (BFS), as our nominated Data Protection Compliance Manager and contact for the Brunsdon Financial group of companies.
Our Privacy Statement
Your rights, your information and how we use it
Brunsdon Financial is committed to protecting your personal information.
Our Privacy Statement contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.
We may need to make changes to our Privacy Statement. If there are important changes such as changes to where your personal data will be processed; we will contact you to let you know.
This version of our Privacy Statement was last updated 16th March 2023.
Who We Are
Brunsdon Financial Services Limited; Brunsdon Employee Benefits Limited, B Mortgages Limited, Brunsdon Estate Planning Limited and Brunsdon Asset Management Limited; collectively known as ‘Brunsdon Financial’ of Goodridge House, Goodridge Avenue, Gloucester, GL2 5EA (the Data Controller). Brunsdon Financial is a 100% privately-owned financial services consultancy, mortgage and insurance intermediary.
What information do we collect about you?
We collect information about you when you engage with us for financial advice, ongoing financial planning services and Corporate / Employee benefits solutions. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services. Information about you that we collect and use includes:
- Information about who you are e.g. your name, date of birth and contact details
- Information connected to your product or service with us e.g. your policy details, financial data, bank account and payment card details, historic details of transactions
- Information about your contact with us e.g. meetings, phone calls, emails / letters
- Recording telephone calls – To ensure we carry out your instructions accurately, to help us to continually improve our service and in the interests of security, we’ll record and may monitor your telephone communications or conversations with us.
- Information relating to usage of our website is collected using cookies. These are text files placed on your computer to collect standard internet log information and visitor behaviour information. We’ll use your information collected from the website to personalise your repeat visits to the site.
- Information relating to browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Information classified as ‘sensitive’ personal information e.g. relating to your health, marital or civil partnership status. This information will only be collected and used where it’s needed to provide the product or service you engage with us for, or to comply with our legal obligations
- Information you may provide us about other people e.g. joint applicants or beneficiaries for products and services you engage with us for
- Information on children e.g. where a child is named as a beneficiary on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender)
- We may also collect information when you voluntarily complete client surveys or provide feedback or your marketing and communications preferences to us.
Information about connected individuals
We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases, it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We’ll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
Where we collect your information
We may collect your personal information directly from you, from a variety of sources, including:
- meetings with one of our financial advisers;
- an application form for a product or service;
- phone conversations with us;
- emails or letters you send to us;
- registering for one of our events e.g. charity events and seminars;
- participating in research surveys to help us understand you better and improve our products and services;
- our online services such as websites, social media and mobile device application (‘Apps’);
- official bodies such as Companies House;
- the UK Sanctions List;
- credit-reference and fraud prevention agencies;
- professional advisers (including solicitors and accountants) and business networks with which we are connected; business aggregators; and your employer. If you are a member of your employer’s pension scheme, or other group schemes; such as Death in Service, Group Private Medical Insurance; Group Income Protection; etc. the information we collect and use will most likely have been provided by your employer on your behalf.
Why do we need to collect and use your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- for the performance of our contract with you (or a contract we are about to enter into with you).
- Where it is necessary for our (or a third party’s) legitimate interests, and your interests and fundamental rights do not override those interests.
- Where we need to comply with our legal and regulatory obligations.
Where special category data is required, we’ll obtain your explicit consent in order to collect and process this information unless the law allows us to use your personal data without having obtained your consent.
How will we use the information about you?
We collect information about you in order to provide you with the services for which you engage us.
We will only use your personal data for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
|Purposes for which we will use the information you give to us
|To register you as a new client and verify your identity
|It will be necessary for the performance of the contract between you and us, and necessary for us to comply with a legal obligation to which we are subject under the Proceeds of Crime and Anti-Money Laundering legislation
|To process your instructions and, if accepted, to provide the services to you (including managing payments, fees and charges)
|It will be necessary for the performance of the contract between you and us
|Where you are acting as a representative of a company or organisation, then to register that company or organisation as a new client
|It will be necessary for us to comply with a legal obligation to which we are subject under the Proceeds of Crime and Anti-Money Laundering legislation, and it will be necessary for our legitimate business interests, namely with a view to performing the services
|Where you are acting as a representative of a company or organisation, to process your instructions and, if accepted, to provide the services to that company or organisation (including managing payments, fees and charges)
|It will be necessary for our legitimate business interests, namely with a view to performing the services
|To obtain further information about you, any company or organisation you represent, and the matter that is the subject of the services we have agreed to provide
|It will be necessary for our legitimate business interests to ensure we are fully aware of all issues relating to the matter that is the subject of the services we have agreed to provide
|To collect and recover money owed to us
|It will be necessary for our legitimate business interests, namely to ensure we receive payment for services that we have provided
|It will be necessary for our legitimate business interests, namely to ensure you are aware of our current terms and conditions
|To administer our website, to apply online security processes and for internal operations, including troubleshooting, data analysis, remote email access, cyber-security, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them
|To enable you to participate in a prize draw, competition or complete a survey
|It will be necessary for our legitimate business interests, namely to study how clients, prospective clients, referrers and other third parties use our services, to develop them and help grow our business
|To provide you with information about other services we provide.
|Where you have previously received marketing communications from us, then it will be necessary for our legitimate business interests, namely to ensure you continue to receive communications that you have previously agreed to receive Where you specifically ask us to provide you with certain marketing communications, then it will be necessary for our legitimate business interests, namely to ensure we provide you with the communications that you have requested In all other cases, we will only do this if you give us your consent
|To invite you to corporate events, such as seminars, workshops, charity golf days and corporate hospitality and thereafter to manage your attendance at the event in questions to include managing information on your dietary preferences if the event is catered
|It will be necessary for our legitimate business interests to ensure you are aware of the latest developments in relation to the services we have provided to you, or are providing to you, or otherwise to develop our relationship with you outside of the working environment. Where you would not normally have a reasonable expectation of receiving such invites from us, we will only send you invites if you agree Where the information collected relates to any dietary preference which may be considered to be ‘special category data’, for example by indicating a particular religious or philosophical view, or a medical issue or allergy, we will only process this information with your explicit consent.
What if you cannot or will not provide us with your personal data?
It is a statutory requirement for you to provide us with certain information, namely sufficient information to verify your name and address. If you do not provide us with that information, we will be unable to provide you with our services.
It is also a contractual requirement for you to provide us with certain information. If you do not provide us with that information, we may be unable to provide you with the full range of our services.
Who might we share your information with?
If you agree, we may email you about other products or services that we think may be of interest to you.
If you agree, we’ll pass on your personal information to our group of companies so that they may offer you their products and services.
We will not share your information for marketing purposes with companies outside our group of companies.
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you.
Where third parties are involved in processing your data, we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.
Where it is necessary for your personal data to be forwarded to a third party we’ll use appropriate security measures to protect your personal data in transit, such as password protection and/or encryption of data etc.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
We may share your information with third parties for the reasons outlined in ‘Who might we share your information with?’ and ‘Why do we need to collect and use your personal data?’
These third parties include:
- Companies within the Brunsdon Financial group of companies;
- Your adviser or employer;
- Companies, business partners, suppliers and sub-contractors we have chosen to support us in the delivery of the products and services we offer to you and other customers e.g. research, consultancy or technology companies; or companies who can help us in our contact with you, for example marketing; communication and service providers;
- Professional advisers (e.g. solicitors, bankers, auditors and insurers), our quality assurance assessors and business networks with which we are connected;
- HM Revenue & Customs (HMRC), the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO), the Financial Ombudsman Service and any other regulators or authorities who require reporting of processing activities in certain circumstances;
- Law enforcement, credit and identity check agencies for the prevention and detection of crime;
- Caterers and hospitality staff, event organisers, training providers and other parties we collaborate with for the purposes of organising and staging our corporate events;
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy;
- credit-reference and fraud prevention agencies;
- our outsourced IT services providers of wi-fi, IT and system administration services to our business, including OGL Computer Services Group and Intelliflo and other online cloud and data-room providers; and
- analytics & search engine providers that assist us in improvement & optimisation of our website
We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
How long do we keep hold of your information?
We will keep your personal information only where it is necessary to provide you with our products or services while you are a client. We will take all reasonable steps to keep your personal data up to date throughout our relationship.
We may also keep your information after this period, but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet and subject to regulatory requirements to retain data for specified minimum periods. These are, generally:
- Five years for investment business
- Indefinitely for pension transfers and opt-out business
- Three years for insurance business
- Four years for Auto-Enrolment business
- Six years for invoicing/accounting records (HMRC)
These are minimum periods, during which we have a legal obligation to retain your records.
We reserve the right to retain data for longer where we believe it is in our legitimate interests to do so. In any case, we will not retain your personal data for longer than 6 years past the end of your policy contract or after our relationship with you has ended. To determine the appropriate retention period for personal data, we consider the requirements of the applicable laws (including FCA and regulatory requirements), the amount, nature and sensitive nature of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means, together with all applicable legal requirements.
You have the right to request deletion of your personal data. Please note that this right can only be exercised in certain circumstances and, if you ask us to delete your information and we are unable to do so, we will explain why not.
How can I access the information you hold about me?
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us using the contact details noted above.
When your personal data is processed by automated means you have the right to ask us to move your personal data to another organisation for their use.
We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.
Automated decision making and profiling
We do not use automated decision-making processes.
We would like to send you information about our products and services and those of other companies in our group which may be of interest to you. If you have agreed to receive marketing information, you may opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the group, even where you have previously given us consent to contact you. If you no longer wish to be contacted for marketing purposes, please contact us by email or post.
Our website contains links to other websites. This privacy statement only applies to this website so when you link to other websites you should read their own privacy policies.
What can you do if you are unhappy with how your personal data is processed?
You have the right to ask us to stop using your personal data. Please note that this right can only be exercised in certain circumstances and, if you ask us to stop using your data and we are unable to do so, we will explain why not.
You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF 0303 123 1113 (local rate)
How to contact us
If you have any questions about our Privacy Statement or the information we collect or use about you, please contact;
FAO Data Protection Guardian, Brunsdon Financial Services Limited, Goodridge House, Goodridge Avenue, Gloucester, GL2 5EA