Type of Personal Information
Privacy Policy
Last updated 5th October 2020
From 25th May 2018 a new Data Protection law called the General Data Protection Regulation (GDPR), gives you more rights around how your information is used.
To make sure you feel confident with how we use your information, we’ve updated our Privacy Notice to make things easier to understand.
For further information please contact us by email at compliance@tfagroup.co.uk or by post to Compliance, TFA, Prudence House, Langage Business Park, Plymouth, PL7 5JX.
We’ll continue to update this notice as we receive feedback on how to make it clearer, and when we learn more about what the ICO – Information Commissioner’s Office expects.
You can find out more about our Cookie Declaration here.
Your information will be held by TFA Ltd which trades as TFA Wealth, TFA Mortgages and TFA Trusted Financial Advice. More information on TFA can be found at www.tfagroup.co.uk
TFA is a “data controller” which means we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This notice applies to both current and former clients and does not form part of any contract to provide services. We may update this notice at any time.
We are committed to protecting your privacy and security of your personal information and we ask you to therefore read this policy before providing us with any information about you or any other person.
This privacy notice describes how we will look after your personal information. How we will collect it, store it and use it both during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR).
This includes what you tell us about yourself, what we learn by having you as a client, and the choices you give us about what marketing you want us to send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you. By agreeing to our Privacy Policy you consent to us collecting, using, disclosing and transferring that information as set out in this privacy policy
Data protection law says that we are allowed to use personal information only if we have a proper reason to do so. The personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
We collect information about you when you engage us for financial planning/financial advice/mortgage advice/investment management services. We use many different types of personal information in the following groups:
Description
Financial
Your financial position, status and history
Contact
Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
Socio-demographic
This includes details about your work or profession, nationality, education and where you fit into general social or income groupings
Transactional
Details about payments between yourself and TFA
Contractual
Details about the services and products we provide you and date of birth, gender, marital status and dependents
Locational
Data about where you are such as may come from your mobile phone, the address where you connect a computer to the internet.
Behavioural
Details about how you use our services or the products we recommend
Technical
Details on the devices and technology you use
Communications
What we learn about you from letters, emails and conversations between us
Social Relationships
Your family, friends and other relationships
Open Data and Public Records
Details about you that are in public records such as the Electoral Register, and information about you that is openly available on the internet.
Usage Data
Other data about how you use our services and products
Documentary Data
Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate, payroll records and tax status information.
Special Types of Data
The law or other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so:
- Racial or ethnic origin
- Religious or philosophical beliefs
- Trade Union Membership
- Genetic and bio-metric data
- Health data including gender
- Criminal convictions and offences
Consents
Any permissions, consents or preferences that you give us. This includes things like how you would like us to contact you, whether you get paper reports or prefer large print formats.
National Identifier
A number or code given to you by a government to identify who you are, such as a National Insurance Number.
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively.
Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations. Where special category data is required we’ll obtain your explicit consent in order to collect and process.
We may also use your personal information where it is necessary for our legitimate interests (or those of a third party). A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
Here is a list of how we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
What we use your personal information for
Our reasons
Our Legitimate interests
COMMUNICATION & INTERACTION
- To manage our relationship with your or your business.
- To develop new ways to meet our client’s needs and to grow our business.
- To develop and carry our marketing activities.
- To study how our clients use products and services recommended by us and other organisations.
- To provide advice and guidance about the products and services we provide.
- Your consent
- Fulfilling contracts
- Our legitimate interests
- Our legal duty
- Keeping our records up to date, working out which products & services may be of interest to you and telling you about them
- Seeking your consent when we need it to contact you
- Being efficient about how we fulfil our legal duties
OPERATIONAL & SERVICES
- To develop and manage our brands and services
- To manage how we work with other companies that provide services to us and our clients
- Fulfilling contracts
- Our Legitimate interests
- Our Legal duty
- Developing new services and what we charge for them
- Defining types of clients for new services and products
- Being efficient about how we fulfil our legal and contractual duties
FINANCIAL & CONTRACTUAL
- To deliver our services
- To make and manage client payments
- To manage fees, charges and amounts due on client accounts
- To collect and recover money that is owed to us
- Fulfilling contracts
- Our legitimate interests
- Our legal duty
- Being efficient about how we fulfil our legal and contractual duties
- Complying with regulations that apply to us
REGULATORY
- To detect, investigate, report and seek to prevent financial crime
- To manage risk for us and our clients
- To obey laws and regulations that apply to us
- To respond to complaints and seek to resolve them
- Fulfilling contracts
- Our legitimate interests
- Our legal duty
- Developing and improving how we deal with financial crime, as well as meeting our legal duties in this respect
- Complying with regulations that apply to us
- Being efficient about how we fulfil our legal and contractual duties
GOVERNANCE
- To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning communications, corporate governance and audit
- Our legitimate interests
- Our legal duty
- Complying with regulations that apply to us
- Being efficient about how we fulfil our legal and contractual duties
CONTRACTUAL
- To exercise our rights as set out in our agreements or contracts
- Fulfilling contracts
“Special categories” of particularly sensitive personal information e.g. data about your health, require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances where it is necessary for the provision of our services, with your explicit written consent.
- Where we need to carry out our legal obligations and in line with our data protection policy.
- Where it is needed in the public interest and in line with our data protection policy
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent in compliance with the above rules, where this is required or permitted in law.
We typically collect personal information about you or your business through the fact find process either directly completed by yourself on our Personal Finance Portal or through communication with your adviser or administrator. Where you are providing personal information about a third party, your husband/wife or child for example you acknowledge that you have the right to share that personal information with TFA. We will notify the third party that their personal information has been shared with us and by whom. They will be provided with this privacy notice. We may also collect personal information from these sources:
Data you give us:
- When you apply for services or products recommended by us
- When you talk to us on the phone or in person
- When you use our websites, mobile device apps, web chat, secure client portal PFP, Open Banking
- In emails and letters
- In insurance claims or other documents
- In financial reviews and interviews
- In client surveys
- If you take part in competitions or promotions
Data we collect when you use our services
This can include the amount, frequency, type, location, origin and recipients:
- Payment and transaction data
- Profile and usage data. This includes the profile you create to identify yourself when you connect to our internet, mobile and telephone services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software. This includes all personal data processed through the PFP, as well as information collected from payment service providers. Please see our Cookie declaration for more information.
Data from third parties we work with:
- Companies that introduce you to us
- Financial Advisers & Introducers
- Insurers
- Accountants
- Lawyers
- Social Networks
- Comparison Websites
- Fraud prevention agencies
- Payroll service providers
- Land agents
- Public information sources such as Companies House
- Government & Law enforcement agencies
- Medical Practitioners
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage with for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you.
Product & Platform Providers:
If you apply for insurance through us, we will pass your personal or business details to the insurer and onto any reinsurers.
If you apply for a mortgage, secured loan, bridging loan or any other type of finance through us, we will pass your personal or business details to the mortgage provider and may also share with an additional third-party broker and/or separate packaging company.
If you apply for a pension or investment through us we will pass your personal and relevant sensitive data or business details to the relevant provider and/or platform.
If we assist you with an insurance claim, information you give to us or the insurer may be put on a register of claims. This will be shared with other insurers.
If you apply for a protection policy through TFA, we will share your personal and relevant sensitive data with the relevant providers.
Professional Compliance:
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we will send your details to third party agencies for identity verification purposes. Once you become a client of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks with Fraud Prevention Agencies (FPA).
We or an FPA may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
When applying for any finance agreement such as a mortgage or secured loan, your information may be supplied to a Credit Reference Agency via the recommended product provider. The CRA will note on your credit file that a search has taken place. Other lenders may see this and the product provider may see credit searches from other lenders.
If you apply for a product with someone else, i.e. partner/spouse/ parent the CRA will link your records with theirs. The same applies if you are in business with other partners or directors. Before you apply for a product or service you should tell them about this. It is important that they know your records will be linked together, and that credit searches may be made on them. These links will stay on your files unless one of you asks the CRAs to break the link. You will normally need to give proof that you no longer have a financial link with each other.
The three main Credit Reference Agencies are Callcredit , Equifax and Experian .
Legitimate Business Interest:
We may share your personal information with other third parties where we have a legitimate interest in doing so or if the make-up of TFA changes in the future:
We may choose to sell, transfer or merge parts of our business or our assets. Or we may seek to acquire other businesses or merge with them.
During any such process we may share your data with other parties. We’ll only agree to do this if they agree to keep your data safe and private.
If the change to our Company happens, then other parties may use your data in the same way as set out in this notice.
Where third parties are involved in processing your data we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.
Where it’s necessary for your personal data to be forwarded to a third party we’ll use appropriate security measures to protect your personal data in transit.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
If an automated decision is taken on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
We do not take any decisions about you using automated means, however we will notify you in writing if this position changes. Any finance, annuities or protection application could be subject to automated decision making by the third-party providers.
We will only send your data outside of the EU to:
- Follow your instructions and to perform our contract with you
- Comply with a legal duty
- Work with third parties who we use to help run your accounts and services
If we do transfer information to third parties outside of the EU, we will make sure that it is protected in the same way as if it were being used in the EU. We’ll use one of these safeguards:
- Transfer it to a non-EU country with privacy laws that give the same protection as the EU. Learn more on the European Commission Justice Website.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EU. Read more about this here on the European Commission Justice Website
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between US and EU countries. It makes sure those standards are similar to what is used within the EU. Read more about this here on the European Commission Justice Website
We have put in place measures to protect the security of your information. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
In principle, your personal data shouldn’t be held for longer than is required under the terms of our contract for services with you. However, we’re subject to regulatory requirements to retain data for specified minimum periods. We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us.
In the absence of specific legal, regulatory or contractual requirements, any other personal information is kept for our baseline retention period – this is seven years after your plans are no longer under our agency.
Details of retention periods for different aspects of your personal information are available in our retention policy.
You have the right to request deletion of your personal data. We’ll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
Your rights are outlined below:
Accessing your personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Please see our Subject Access Request Information Pack for more information on how to request this. Agent Authorisation Form & Subject Access Request Form.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party. When the data privacy laws change on 25th May 2018 you will have the right to get your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information in this format to other organisations.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact compliance@tfagroup.co.uk . Alternatively, you can write to us using the contact details below:
Head of Compliance
Prudence House
Langage Business Park
Plymouth
Devon
PL7 5JX
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please contact compliance@tfagroup.co.uk . Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so we will tell you.
We may need to collect personal information by law, or under the terms of the contract we have with you.
If you choose not to provide certain personal information when requested, it may delay or we may not be able to perform the contract we have entered into with. you, or we may be prevented from complying with our legal obligations. It could mean that we need to cancel the service you have with us.
We’d like to send you information about our products, services and information which may be of interest to you.
We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.
You can ask us to stop sending you marketing messages by contacting us at any time.
Whatever you choose you will still receive statements, valuations, report and other important information such as changes to your existing products and services.
We may ask you to confirm or update your choice, if you take out any new products or services with us in the future. We will ask you to do this if there are changes in the law, regulation or the structure of our business.
We’d like to send you information about our products, services and information which may be of interest to you.
Please let us know if you are unhappy with how we have used your personal information. You can contact us by emailing compliance@tfagroup.co.uk
You also have the right to lodge a complaint with the supervisory authority for data protection. In the UK this is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113 (local rate)
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information. This privacy policy was last updated 15th May 2018.
Please let us know if you are unhappy with how we have used your personal information. You can contact us by emailing compliance@tfagroup.co.uk
You also have the right to lodge a complaint with the supervisory authority for data protection. In the UK this is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113 (local rate)
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at compliance@tfagroup.co.uk . You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Or write to us at:
Head of Compliance
TFA
Prudence House
Langage Business Park
Plymouth
Devon
PL7 5JX