We help you consider all areas and put together a financial plan that helps you to achieve your financial goals
Looking for Financial Advice?
Book a free call with one of our experts
Capital Professional Ltd trading as Ascot Lloyd (referred to in this policy as "we", "us" or "our") is part of the Ascot Lloyd Group. For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
Purpose of this Policy
This policy explains what kind of personal information we collect in connection with our services and how we will process (use) this information.
This policy describes how we collect, use, share, retain and safeguard personal data.
This policy also sets out your individual rights. We explain these later in the policy but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, date of birth, gender, and contact details but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. Personal data does not include data where the identity has been removed (anonymous data).
Personal data may contain information which is known as special category personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences. This data is treated in the same manner as special category personal data, where we are legally required to comply with specific data processing requirements.
When will we collect personal data?
We collect information about you when you engage us for financial planning, financial advice, mortgage advice, investment management services and corporate benefits services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us and when you request information about our services, client events, promotions, and campaigns.
You may provide us with personal data when signing up to our services, through application forms, when completing contact forms, when you contact us via the telephone, when writing to us directly or where we complete forms in conjunction with you.
When you first visit our website, we will place a cookie on your computer.
We may record your communications with us when contacting our customer care, complaints, and other customer focused functions.
Where we collect data directly from you, we are considered to be the controller of that data i.e., we are the data controller. Where we use third parties to process your data, these parties are known as processors of your personal data. Where there are other parties involved in managing your investment, we will be a joint data controller of your personal data.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
Personal information we collect from you
The information we hold about you will often be provided by you directly (for example, when you apply for a service or product) but sometimes it we collect data from other sources. As a provider of financial services, we will collect and hold the following categories of personal data:
Other sources where we collect information about you
We may also collect information relating to you from the following:
How will we use your personal data?
We must always have a legal basis (lawful reason) to process your personal data. The primary legal basis that we use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.
In most cases, processing your personal data and the legal basis for doing so will be as follows:
Why we process your data
To enable us to carry out actions that are necessary for us to provide you with the product or service (for example, receiving payments) under a contract with you.
To enable us to meet our legal obligations (for example, we need to get proof of your identity so that we can meet our anti-money laundering obligations).
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where you give us specific permission to use your information for a specific purpose.
In the public interest
It some cases it is in the substantial public interest (for example, to give you support you need if you are or become a vulnerable customer) to use your sensitive personal data/special categories of personal data.
Based on our legal basis for using your personal information, the table below expands on how we use your personal information. Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data:
How we use your information
The legal basis for using the information
To provide our services to you, to manage these services and to personalise our services to you.
To communicate with you to confirm your instructions to us and to assess and improve our services for training, quality, and improvement purposes. Our communications with you, electronic methods and telephone calls which may be recorded and monitored.
To make checks, including checking verifying your identity and the identity of joint account holders to make sure we are speaking to the right persons.
To detect and prevent fraud, money laundering and other financial crimes including identity theft. We may use:
Your location and device information for identity verification purposes.
To communicate with you in relation to our products/ services, legal or regulatory information, and to manage your agreement with us.
To communicate with you regarding any complaints you may have about our products and services.
To develop and improve products and services by analysing information, including helping us to decide if you are suitable for a product or service.
To market and personalise our communications and products/ services to you.
Unless you have opted out of our marketing services or the law prevents us from doing so, we will send you information about our products and services.
To observe the laws and regulations that apply to us and to cooperate with the regulators and law enforcement.
Special Categories of Data/Sensitive Personal data
Some of the information we need to collect is sensitive personal data (also called special category data). We may need to process personal data relating to your health, biometric data and data on criminal convictions and offences. We usually use personal sensitive data on the legal basis that:
Where we tell you that providing certain personal data or special category information is mandatory for a specific product or service, and you decide not to provide that information, we cannot provide you with the service as we will be unable to meet our legal obligations.
What we use your sensitive personal data for
The legal basis for doing so
For due diligence checks. This may disclose information about criminal offences or convictions or may reveal information on your political opinions.
Biometric data may be used to check your identity and for the purpose of detecting and preventing fraud and money laundering.
Your medical information may be used as described previously, to provide quotations for certain products or for highlighting special medical circumstances including visual or hearing impediments.
To observe any laws and regulations that apply to us and to cooperate with regulators and law enforcement.
Using your personal information to communicate with you
We will send you messages by post, telephone, text message, email and other digital methods, including, apps, push notifications (messages that pop up on mobile devices) and through new methods that may become available in the future. These messages may be:
Who might we share your information with?
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy, or legal services as well as product and platform providers that we use to arrange financial products for you. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Some example third parties follow:
Who we share your personal data with
Ascot Lloyd Group. We work closely with other Group companies. We may share your personal data within our Group. This is normal practice within our industry where it is necessary to share information to manage and administer your investments and to administer our business.
Product providers including insurance companies, investment platforms, mortgage lenders and investment managers to provide you with the relevant services.
Pension providers and pension administrators to provide you with pension services.
UK and overseas regulators, law enforcement agencies and other authorities in relation to their duties such as preventing crime (whether directly or through third parties such as credit reference agencies) or those engaged in carrying out social or economic statistical research.
Your advisers including your accountants, lawyers, or other professional service providers, that you have authorised to represent you, or any other person you have told us is authorised to give instructions on your behalf such as your attorney or trustee.
Fraud prevention agencies. We will always inform fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations within the UK or abroad, including law enforcement agencies to use this information to detect and prevent fraud or other crimes. We can provide you with details of the fraud prevention agencies we share information with if you request this information.
Our advisors including our accountants, auditors, lawyers, lenders or other professional service providers, where this is required for the provision of their professional services, by law or regulation.
Electronic identify verification agencies in order fulfil our obligations in respect of prevention of money-laundering and other financial crime we will send your details to third party agencies for identity verification purposes.
Third-party providers who you (or another party you have authorised to give instructions on your behalf) ask us to share information with. If we share your information with these third parties, we will have no control over how they use it. You, or the person/persons with authority over your dealings with us, will need to agree this directly with the third party.
Sharing personal data of others on your instruction. If you share personal details of others with us (including joint account holders, lawyers, accountants, attorneys and trustees) and you ask us to share their personal data with third parties, you should confirm that they understand the information in this policy about how we will use their personal data. For example, credit reference checks may be carried out for persons who you appoint your attorney or trustees.
Our service providers or agents, including their subcontractors to help us administer and manage our business. Where third parties are involved in processing your personal data, we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.
Our business partners who provide services and other service providers and agents who provide services on our business partners behalf.
Any sellers after we acquire a company as part of the transitional arrangements relating to the acquisition of the business.
Any prospective purchasers of the whole or any part of our business as part of the due diligence process relating to the sale of the business.
Anyone we transfer or delegate (or may transfer or delegate) our rights or obligations to, as allowed under the terms and conditions of any contract you have with us.
Credit reference agencies as described below.
Credit reference agencies and fraud prevention agencies
We use reference agencies and fraud prevention agencies to carry out credit and identity checks on you. For this, we will send your personal data to the credit reference agencies or fraud prevention agencies and they will in return send us information about you. The credit reference agencies may also share your personal data with other organisations, and those organisations may use the information to make decisions about you. This may affect your ability to get credit. We may continue to collect information about you from credit reference agencies after the business relationship we have with you has ended.
We do not give information investments to credit reference agencies. The Credit Reference Agency Information Notice (CRAIN) describes how the three main credit reference agencies in the UK use and share personal data. The CRAIN is available on the credit reference agencies’ websites.
In some circumstances we may share your information, or information about your spouse/partner or other members of your household with credit reference check agencies for the following reasons:
Your information held by credit reference agencies may be linked to people who are associated with you. For example, your spouse/partner or other members of your household. These linked records are called associated records. Enquiries we make to a credit reference agency may be answered from both your own record and any associated records. Another person’s record will be associated with yours when:
An associated record will be considered for all future applications made by either or both of you. The association continues until one of the associated persons files and is successful in a ‘disassociation’ request. You can check for any associations with you by getting your credit record direct from the credit reference agencies.
We, and fraud prevention agencies, may also share your personal data with law enforcement agencies to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or products. Fraud prevention agencies can hold your personal data for different periods of time. If you are considered to be a risk for fraud or money laundering, your personal data can be held for up to six years.
International data transfers
We may transfer your data to third parties based outside the European Economic Area. This is necessary for the purposes of administering our business and managing your investments or performing the contract with you. Such parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law.
When we share your information with organisations in other countries, we will make sure that they agree to apply high levels of protection for personal data as we do. For example, we will put in place relevant clauses in our contract with them to make sure that data is adequately protected in line with the law.
How long do we keep hold of your information?
During the course of our relationship with you we will retain personal data which is necessary to provide services to you or for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We will take all reasonable steps to keep your personal data up to date throughout our relationship. Once our relationship with you has ended, we will only keep your personal data for a period of time that is appropriate for the type of personal data, and what we hold it for.
We are also subject to regulatory requirements to retain your data for specified minimum periods. We reserve the right to retain data for longer where we believe it is in our legitimate interests, or we have a legal obligation to do so.
In general, we will not keep your personal data for longer than six years after our relationship with you has ended or your death, with the exception of occupational pension transfer, opt out and Free Standing Additional Voluntary Contributions (FSAVC) advice which must be retained indefinitely in accordance with the Financial Conduct Authority’s record keeping rules.
In some circumstances you have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
How do we keep your data secure?
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our Group and authorised third parties. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data. These rights are known as ‘individual rights’ under the Data Protection Act 2018. The following list details these rights:
You can exercise your rights at any time. In accordance with the law, we will not charge you for responding to your request unless we consider it to be repetitive, unfounded, or excessive when we may charge an administration fee. Alternatively, we could refuse to comply with your request in these circumstances.
In exercising your rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes. We will notify you of these legal reasons, if applicable, at the time of your request.
You should understand that when exercising your rights, a substantial public or vital interest may take precedent over any request you make. Where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
The flow of data within the financial services sector is complex and we ask you to keep this in mind when exercising your rights of access to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.
The methods we use for analysing personal data in relation to our services involves profiling. This means that we use software that can evaluate your personal circumstances and other factors to predict outcomes or risks. We may also use such profiling, or other automated methods, to make decisions about you in relation to the following:
These activities are known as ‘automated decision-making’ and are only allowed if there is a legal reason for this type of decision-making. We may make automated decisions about you in the following situations:
How automated processing makes decisions
Protecting us against criminal or fraudulent activity
We will assess several factors, such as whether you have provided false information in the past or other information about your credit history, to decide whether if you are a fraud or financial-crime risk (for example, if offering services to you may not be in line with financial sanctions).
If your account has not been used for a long period, this will automatically trigger action by us, and we would delete your records in line with our data retention schedules.
Pricing (including insurance)
We will assess several factors to set the price of certain products for you. For example, insurance premiums will depend on your previous claims, where you live and the value of the items you wish to insure.
Based on various factors such as your credit history and how you use our products and services, we will make recommendations to you. You can ask us to stop.
Anti-money laundering and sanctions checks
We may decide that you are a fraud or money laundering risk if the automated processing finds that your behaviour is consistent with money laundering or known fraudulent behaviour or you appear to have deliberately provided false information. If we, or a fraud prevention agency, so decide we may:
Where we make solely automated decisions you have the right:
If at any point you wish to query any action that we take on the basis of this or wish to request ‘human intervention’ to review the action, you have the right to do so. Please contact us to find out more.
We would like to send you information about our products and services and those of other companies in our group which may be of interest to you. If you have agreed to receive marketing information, you may opt out at a later date. We do not pass your details to third parties for their marketing purposes.
You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the group. Please note you may withdraw your consent to the use of your personal data for receipt of marketing communications at any time. If you no longer wish to be contacted for marketing purposes, you can opt out by completing our unsubscribe form: www.ascotlloyd.co.uk/marketingpermissions or by post addressed to: Marketing Preferences, Ascot Lloyd, 45 Church Street, Birmingham, B3 2RT.
This does not include information that we send to you as part of our initial or ongoing service or in relation to a financial product you hold with us, for example a valuation or statement.
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result. For more information see our Cookies Policy.
What can you do if you are unhappy with how your personal data is processed?
In the first instance please contact our compliance team if you are unhappy with any aspect of the processing of your data, contact details provided below.
You also have a right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk):
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Informing us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How to contact us?
Data Team Ascot Lloyd 45 Church Street Birmingham B3 2RT