How we use your information
This privacy notice tells you what to expect when CSL Partnership & Turner Hampton (CSL Turner Hampton) collects personal information. It applies to information we collect about you. To enable us to provide the services we have agreed and for other related purposes – including updating and enhancing customer records, analysis for management purposes and statutory returns, crime prevention and legal & regulatory compliance – we may obtain, use, process and disclose personal data about you.
We may collect and process the following data about you:
- Information that you provide by filling in forms on our websites.
- Information that you provide to us by telephone; e-mail or face to face.
- If you contact us, we may keep a copy of that correspondence.
How long do we keep your personal data for?
During our relationship with you we will retain personal data which is necessary to provide services to you. We will take all reasonable steps to keep your personal data up to date throughout our relationship.
We are also subject to regulatory requirements to retain your data for specified minimum periods. These are, generally:
- Statutory accounting records / tax files & other papers that are legally property of client / former client: 6 years
- Audit working papers: 7 years
- Files of professional accountant as trustee: Period of trusteeship and 7 years thereafter
- Investment business advice: For life of policy and 3 years therafter
- Files on clients’ / former clients’ chargeable assets and gifts: 8 years
- Anti-money laundering rules require members to keep records for 5 years after client relationship ends unless:
- Business is required to retain it under statutory obligation
- Retain it for legal proceedings
- Data subject has consented to the retention
- PAYE records. Per HMRC for 3 years from the end of the tax year
These are minimum periods, during which we have a legal obligation to retain your records.
We reserve the right to retain data for longer where we believe it is in our legitimate interests to do so. IN any case, we will not keep your personal data for longer than 15 years after our relationship with you has ended.
You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
Visitors to our websites
When someone visits our website we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
Our website contains password protected area(s) that require a user to login. This login system offers to remember the user email address if the relevant box is ticked. Ticking the box will create a cookie that will automatically expire after 1 year or if the box is un-ticked on a subsequent visit.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a complaint to us
When we receive a complaint, we create a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. We usually have to disclose details of the complaint to our professional Indemnity Insurance Broker and Insurer. We may be required to provide a copy of our file to the Financial Ombudsman Service should an adjudicator be required to consider the complaint case. We are required to disclose to The Financial Conduct Authority (FCA) high level analytics concerning the number and nature of complaints received. This data does not include names or details that identify the specific data subject.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained indefinitely from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
People who use our services
We provide a range of services to Data Subjects. We process data provided by the data subject and other sources in order to deliver the appropriate products and services to Data Subjects.
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes.
Job applicants, current and former employees
We are the data controller for the information you provide during the process. Should you have any queries about the process or how we handle your information please contact us at email@example.com , firstname.lastname@example.org or email@example.com .
Use of data processors
Data processors are third parties who provide elements of our service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. Our Data processors / Third parties that we use include:
- Regulatory and Compliance
- Sanctions and PEPs
- Back Office Systems
- Research Software Tools
- Software storing client data
- External paraplanning services
- Professional Bodies
- Other third parties
- Providers of third party insurance services
- Other service providers
- Other outsourced service providers
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you. From 25 May 2018 the General Data Protection Regulations (GDPR) come into force.
The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and protect your rights.
Access to personal information (Portability)
Data Subjects may submit a Subject Access Request (SAR) – in order to obtain a copy of the personal data that we hold about them in a structured and portable manner. All SAR requests should be sent to:
For CSL Addlestone – firstname.lastname@example.org
For CSL Woking – email@example.com
For Turner Hampton – firstname.lastname@example.org
You have rights to obtain and reuse your personal data for your own purposes across different services.
Confirmation of whether, and where, the controller is processing their personal data
We are the Data Controller and a Processor, we undertake data processing within the EEA.
Right of Data subjects to erasure (Right to be forgotten)
Data Subjects may notify us if they wish to exercise their right to erasure. Such a withdrawal of Consent does not affect the lawfulness of processing based on consent prior to the withdrawal. Data Subjects that exercise this right will be removed from any marketing or future contact. We may retain a copy of any personal data and be retained by the Controller if the processing is necessary for the establishment, exercise or defence of legal claims.
Right of rectification
We will seek to ensure that inaccurate or incomplete data will be rectified. Data Subjects have the right of rectification.
Right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.
Right to object to processing for the purposes of Direct Marketing
Data Subjects may notify us if they wish to exercise their right to be removed from any Direct Marketing activities. We may still contact the Data Subject in order to fulfil any contractual obligations concerning the policies and services provided. By subscribing to our newsletter through our website, you are giving expressed consent to receive direct marketing from us.
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your national date protection regulator.:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF – 0303 123 1113 (local rate)
The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- Baseless or excessive/repeated requests, or
- Further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request, but, if the request is going to take longer to deal with, we will let you know.
Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.
Sharing Information with Third Parties
We may share your information with third party service providers such as insurance providers, compliance, and other agents relevant to the business activity.
Changes to this privacy notice
We keep our privacy notice under regular review and will post any changes to this policy on our website.
How to contact us
CSL Partnership & Turner Hampton
238 Station Road