Heritable Financial Planning (HFP) is a trading style of Johnston Financial Ltd, and as such how we look after any personal data we hold about you is governed by the Policy as set out by Johnston Financial Ltd and adopted here by HFP.
HFP may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1st April 2019.
How to contact us
FAO Data Protection Officer
Johnston Financial Ltd
49 Northumberland Street
Information we collect and use
Information about you that we may collect and use includes:
- information about who you are e.g. your name, date of birth and contact details
- information connected to the product or service you have purchased through our service e.g. your pension account details
- information about your contact with us e.g. meetings, phone calls, emails / letters
- information that is automatically collected e.g. via cookies when you visit our websites
- information if you visit our office e.g. visitor book registration
- information classified as ‘sensitive’ personal information e.g. relating to your health, marital or civil partnership status, preferences. This information will only be collected and used where it’s needed to provide the product or service you have requested or to comply with our legal obligations
- information you may provide us about other people e.g. joint applicants or beneficiaries for products we advise
- information on children e.g. where a child is named as a beneficiary on a policy. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender)
What are cookies?
A cookie is a small file – it’s saved onto your computer or other device when you visit our website.
Cookies store small pieces of information. For example – they will remember you’ve visited our website or performed a certain action.
Cookies also let us know which pages of our website you visited; they help us develop and market our products and services.
- Persistent cookies – these stay valid, and will work until their expiry date (unless you delete them before they expire)
- Session cookies – these expire when you close your web browser
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Where we collect your information
We may collect our personal information directly from you, from a variety of sources, including:
- a fact find to collect relevant information prior to providing you with a service
- an application form for a product or service
- phone conversations with us
- emails or letters you send to us
- our online services such as our website and social media.
We may also collect personal information on you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.
What we collect and use your information for
We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only where:
- you have given us your permission [consent] to send you information about products and services offered by others / or selected third parties we have chosen to work with which we believe may be of interest and benefit to you
- it’s necessary to provide the product or service you have requested e.g. if you wish to take out a mortgage, we will require some personal information including your name, address, date of birth, bank account details
- it’s necessary for us to meet our legal or regulatory obligations e.g. to send you Annual Statements, tell you about changes to Terms and Conditions or for the detection and prevention of fraud
- it’s in the legitimate interests of HFP e.g. to deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product or investment; where we need to process your information to better understand you and your needs so we can advise you about potential products.
- it’s in the legitimate interests of a third party e.g. sharing information with your mortgage provider for the governance of a loan.
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our products or services.
Who we may share your information with
We may share your information with third parties for the reasons outlined in ‘What we collect and use your information for.’
These third parties include:
- companies that provide the services we offer e.g. pension providers
- companies we have chosen to support us in the delivery of the products and services we offer to you and other customers e.g. technology companies; or companies who can help us in our contact with you, for example an internet service provider
- our regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO)
- law enforcement, credit and identity check agencies for the prevention and detection of crime
- HM Revenue & Customs (HMRC) e.g. for the prevention of tax avoidance.
We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Where your information is processed
Most of your information is processed in the UK and European Economic Area (EEA).
Where your information is processed out with the UK and EEA, we will ensure that there are appropriate safeguards in place to protect that data.
How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.
How long we keep your information
We will keep your personal information only where it is necessary to provide you with our products or services while you are a customer.
We may also keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.
Your individual rights
You have several rights in relation to how HFP uses your information. They are:
Right to be informed
Right of access
You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR).
Right to request that your personal information be rectified
If your personal information is inaccurate or incomplete, you can request that it is corrected.
Right to request erasure
You can ask for your information to be deleted or removed if there is not a compelling reason for HFP and/ or Johnston Financial Ltd to continue to have it.
Right to restrict processing
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving to a different financial adviser.
Right to object
You can object to HFP and / or Johnston Financial Ltd processing your personal information where:
- it’s based on our legitimate interests (including profiling)
- for direct marketing
- if we were using it for research and statistics.
- Rights related to automatic decision-making including profiling
You have the right to ask HFP and / or Johnston Financial Ltd to give you information about its processing of your personal information.
How to make a complaint
If you are still unhappy, you can complain to the supervisory authority, the Information Commissioner’s Office. Their contact details are:
Information Commissioner’s Office Call them on 0303 123 1113
Send a message to Casework@ico.org.uk.