Capital Professional Ltd trading as Ascot Lloyd is part of the Capital Professional Group. For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
Purpose of this notice
This notice explains how we use any personal information we may collect and is designed to help you understand what kind of information we collect in connection with our services and how we will process and use this information. In the course of providing you with our services we will collect and process information that is commonly known as personal data.
This notice describes how we collect, use, share, retain and safeguard personal data.
This notice also sets out your individual rights, we explain these later in the notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences.
For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.
What information do we collect about you?
As a provider of financial services, we will collect the following categories of personal data:
- personal data such as an individual’s name, address, date of birth, gender and contact details
- special categories of personal data such as data relating to medical health to help identify vulnerable individuals or where you or others inform us of a medical condition
- financial details (e.g salary and other income, details of accounts held with other providers, loans, mortgage and other debt)
- education and employment details/employment status
- information from publicly available sources for the prevention of financial crime
Where we collect special categories of personal data we will obtain your explicit consent in order to collect and process this information.
When will we collect personal data?
We collect information about you when you engage us for financial planning, financial advice mortgage advice, investment management services and corporate benefits services. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health, where this is necessary for the provision of our services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us and when you request information about our services, client events, promotions and campaigns.
Depending on the services being provided, we may need to collect personal data relating to others such as close family members and dependants. In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are legally entitled to do so and have the consent of the people concerned. We can provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
You may provide us with personal data when signing up to our services, through application forms, when completing contact forms, when you contact us via the telephone, when writing to us directly or where we complete forms in conjunction with you.
We will collect electronic personal data when you first visit our website where we will place a small text file that is commonly known as a cookie on your computer. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website and when using features. We will also collect your unique online electronic identifier; this is commonly known as an IP address.
We may record your communications with us when contacting our customer care, complaints and other customer focused functions.
Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. Where we use third parties to process your data, these parties are known as processors of your personal data. Where there are other parties involved in managing your investment, if they referred you onto us, we will be a joint data controller of your personal data.
Where you provide us with the personal data of others as part of any commercial arrangement, we would be a processor of data.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
How will we use your personal data?
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively.
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.
Who might we share your information with?
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you. Some example third parties follow:
- product providers such as insurance companies, investment platforms and investment managers.
- pension providers and pension administrators
- mortgage lenders such as a bank
- financial and compliance auditors
- credit reference agencies
- electronic verification agencies
Where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we will send your details to third party agencies for identity verification purposes.
We may share your personal data within our group of companies and with business partners. This is normal practice within our industry where it is necessary to share information to manage and administer your investments and to administer our business.
International data transfers
We may transfer your data to third parties based outside the European Economic Area. This is necessary for the purposes of administering our business and managing your investments. Such parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law.
How long do we keep hold of your information?
During the course of our relationship with you we’ll retain personal data which is necessary to provide services to you. We’ll take all reasonable steps to keep your personal data up to date throughout our relationship.
We’re are also subject to regulatory requirements to retain your data for specified minimum periods. These are, generally:
- five years for investment business
- three years for mortgage business
- indefinitely for pension transfers and opt-outs
- three years for insurance business
These are minimum periods, during which we have a legal obligation to retain your records.
We reserve the right to retain data for longer where we believe it’s in our legitimate interests to do so. In any case, we’ll not keep your personal data for longer than six years after our relationship with you has ended or past the death with the exception of occupational pension transfer, opt out and FSAVC advice which must be retained indefinitely in accordance with the Financial Conduct Authority’s record keeping rules.
You have the right to request deletion of your personal data. We’ll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
How do we keep your data secure?
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our group of companies and authorised third parties.
To ensure data privacy and protection has appropriate focus within our organisation we have a compliance team who reports to our senior management team. Contact details can be found at the end of this notice.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as ‘individual rights’ under the Data Protection Act 2018. The following list details these rights:
- the right to be informed about the personal data being processed
- the right of access to your personal data
- the right to object to the processing of your personal data
- the right to restrict the processing of your personal data
- the right to rectification of your personal data
- the right to erasure of your personal data
- the right to data portability (to receive an electronic copy of your personal data)
- rights relating to automated decision making including profiling
You can exercise your rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your rights, you should understand that in some situations we may unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedent over any request you make. Where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
The flow of data within the financial services sector is complex and we ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.
We would like to send you information about our products and services and those of other companies in our group which may be of interest to you. If you’ve agreed to receive marketing information, you may opt out at a later date.
This does not include information that we send to you as part of our initial or ongoing service or in relation to a financial product you hold with us, for example a valuation or statement.
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.
If you enter your personal information to download our guides or register for our professional briefings, the information you have provided will only be stored by us if you give us your consent to do so. If you provide your consent we will send you information about products and services that may be of interest to you. You can opt out of these communications at any time.
What can you do if you are unhappy with how your personal data is processed?
In the instance please contact our compliance team if you are unhappy with any aspect of the processing of your data.
You also have a right to lodge a complaint with the supervisory authority for data protection. In the United Kingdom this is:
Information Commissioner’s Office
How to contact us?
Reading Bridge House