Your rights, your information and how we use it.
WPS Advisory Limited is committed to protecting your personal identifiable information (PII).
Whether we gather our clients’ data for the completion of our services, or data about our staff, all personal details – however it is collected, recorded and used – regardless of the media used – will have appropriate safeguards applied in line with the Data Protection Act 2018 and any new or additional data protection legislation that comes into effect in the UK.
Who we are
We are WPS Advisory Limited.
WPS Advisory Limited provides regulated advice. WPS Advisory Limited is authorised and regulated by the Financial Conduct Authority (FCA).
You can check this by visiting the FCA website https://register.fca.org.uk, or by telephoning the FCA on 0300 500 8082
The FCA Reference Number for WPS Advisory Limited is 624546.
We are data controllers and data processors under the terms of the Data Protection Act 2018.
We have the role of ‘data processor’ where we receive personal data from third parties who are the ‘data controllers’.
All information including PII is encrypted. Sensitive information (including PII) passing over public networks is protected by encryption techniques such as VPN, SSL, IPSEC etc.
How to contact us
The Data Protection Officer
WPS Advisory Limited
Unit 7-8 Delta Bank Road,
Metro Riverside Park,
Gateshead NE11 9DJ
A copy of our Privacy Notice can be viewed on our website wpsadvisory.com and please contact us at the above email address if you would like us to send you a copy.
The information we collect and use
The specific, explicit and legitimate interest we satisfy to process your personal data is to enable us to provide financial services and advice, and to maintain our own accounts and records. In order for us to help you, and for us to be in a position to make a recommendation based on your personal circumstances, we need to gather certain information about you. Personal details about you that we collect and use in order to establish proof of identity and provide you with our services shall be sufficient, specifically relevant and limited to the legitimate purposes and includes:
- information about who you are e.g. your name, address and contact details, gender, date of birth, National Insurance number, pension reference number, and a full breakdown of your benefits within the scheme with relevant service periods, and, if still employed and an active member, your salary details
- information connected to your product or service with us e.g. your bank account details
- information about your contact with us, e.g. meetings, recorded phone calls including the voice element of video calls, emails, letters, getting to know you questionnaire, fact find, and covering matters such as your family details, lifestyle and social circumstances, financial details
- information that is automatically collected e.g. via cookies when you visit one of our websites
- information to allow you to access our online services e.g. name, email address, date of birth, National Insurance number
- information classified as ‘special category data sensitive’ personal identifiable information, e.g. relating to your health, marital or civil partnership status. This information will only be collected and transmitted to known processors (such as insurance and investment companies) with your consent where it is needed to obtain specific products relating to a personal recommendation made to you, or to comply with our legal obligations
- information on children, and in these cases we will collect and use only the information required to identify the child and the nature of the relationship with you. Any communication about a policy will be with the policy holder or their authorised legal representative.
Where we collect and use sensitive personal identifiable information, this information will only be collected and used where it is needed to provide the product or service for which we have been contracted to supply or to comply with legal obligations.
What are cookies?
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies.
Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
You can find out more about cookies at: www.allaboutcookies.org
Where we collect your information
We may collect your personal details directly from you or from a variety of sources, including:
- as a member of your employer’s pension scheme, the information we collect and use will most likely have been provided by your employer or the scheme trustee on your behalf
- registering with us
- completion of a getting to know you questionnaire and fact find, and an application form for a product or service
- telephone conversations and video calls with us, the voice element of which are recorded
- emails or letters you send to us
- telephone or face to face meetings with one of our independent financial advisers
- visiting our online client page for your company pension scheme
- if you become a client of ours, and already have other investments with discretionary fund managers and insurance companies, we will need your permission for us to use and collect the information about you from them in order for us to advise you.
We may also collect personal data on you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.
Why we collect and how we use your information
We take your privacy seriously and we will only ever collect and use in a transparent manner information which is personal to you where it is necessary, fair and lawful to do so for the completion of our services, as well as limiting access to your personal data to those needing to carry out the processing.
We will collect and use your information only where one of the following lawful processing conditions set out under the Data Protection laws is satisfied:
- you have given us your consent to send you information about products and services we offer and / or selected third parties with whom we have chosen to work to deliver products and services to you
- it is necessary to provide the product or service you have requested, e.g. if you wish to invest in one of the pension or savings products we recommend, we will require some personal details including, for example, your name, address, date of birth, bank account details
- it is necessary for us to meet our legal or regulatory obligations e.g. to send you annual review information, tell you about changes to terms and conditions in our agreement with you or for the detection and prevention of fraud
- it is in our legitimate interests, e.g. to deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product or investment; where we need to process your information to better understand you and your objectives, and wants and needs
- it is in the legitimate interests of a third party, e.g. sharing information with your employer’s pension scheme administrator for the governance of a pension scheme of which you are a member.
If you do not wish us to collect and use your personal data in these ways, it may mean that we will be unable to provide you with the products or services you require.
Third parties with whom we may share your information
We may share your information with third parties for the reasons outlined above in, Why we collect and how we use your information.
These third parties include for example:
- Companies who provide benefits comparison illustrations.
- Insurance and investment companies through which we are arranging, or considering arranging, a policy on your behalf.
- We will send personal data back to the scheme administrator when confirming the outcome of an engagement and advice process where you have made contact with us.
- Regulators and ombudsmen for our services.
- Credit reference and identity check agencies, and law enforcement authorities for the prevention and detection of crime.
- HM Revenue & Customs (HMRC), e.g. for the processing of tax relief on pension payments or the prevention of tax avoidance.
- Parties with a legitimate concern in how we run our business, such as insurers.
- Service providers, suppliers and contractors whom we use to provide our customer relationship management system, hosting services, e.g. third party software or IT support providers for the purpose of system administration, data security, data storage, back up, disaster recovery and IT support.
We will never sell your details to a third party. Whenever we share your personal data, we will do so in line with our obligations to keep your information safe and secure.
Where your information is processed
The data you provide to us is held securely on servers within the European Economic Area (EEA) and the United Kingdom. If you have any questions or concerns about your data held with us you can write to the Data Protection Officer at the address above.
How we protect your information
We take information and system security very seriously and we work rigorously to comply with our obligations at all times. Any personal details that are collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Methods for handling your information are clearly described and recorded. Appropriate procedures, forms and documentation covering data protection and privacy are maintained. Internal and external audit and specialist third party consultants conduct regular, independent assurance and benchmarking exercises across our business to ascertain the effectiveness of our information security control environment and strategy.
Your information is protected by controls designed to prevent loss or damage or unauthorised or unlawful processing through accident, negligence or deliberate actions. Our employees are supervised and contractually obligated to protect sensitive or confidential information when storing or transmitting information electronically and are required to undertake annual training on GDPR and information security.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.
How long we keep your information
We will keep your personal data where you have made contact with us. If you have engaged with us and sought our guidance and advice then in most circumstances we will not delete your data. We keep your information only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.
In certain circumstances, if you do not make any contact with us, we will anonymise your records after a set period of time.
Your individual rights
Under Data Protection laws you have certain rights in relation to how we use your information. They are:
Right to be informed
Right of access
You have the right of access to your personal details. If you wish to receive a copy of the personal data we hold on you, you may make a data subject access request about yourself.
You can receive the personal data concerning yourself which you have previously provided in a ‘commonly used and machine readable format’ and you have the right to transmit that data to another controller. Unless agreed otherwise with you, your personal data will be provided in an electronic format.
Right to request that your personal identifiable information be rectified
If your personal details are inaccurate or incomplete, you can request that it is corrected. As part of our normal practice we will check with you that the data held is accurate.
Right to request erasure
Also known as ‘the right to be forgotten’, you can ask for your information to be deleted or removed if there is not a compelling reason for us to continue to have it.
Right to restrict processing
You can ask that we block or suppress the processing of your personal data where you have a particular reason for wanting the restriction. It is not an automatic right and only applies in certain circumstances. Restriction of processing means that we are still permitted to retain your information.
Right to data portability
You can ask for a copy of your personal data for your own purposes to use across different services, e.g. if you appointed another financial adviser.
Right to object
The legitimate interest we have to process your personal data is to enable us to provide financial services and advice, and to maintain our own accounts and records. You can object to our processing your data including our use of historical data for statistical analysis. If you do object we may not be able to provide you with advice. We do not have to comply with a request to stop processing the personal data where:
- we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
- processing is for the establishment, exercise or defence of legal or compensation claims.
We do not use your data for direct marketing.
Rights related to automatic decision making including profiling
We do not make use of automated decision making processes.
You can contact us about any of the individual rights at the Data Protection Officer’s address.
In most cases you are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
We always want to deliver the service you are paying us to provide. However, there may be exceptional circumstances which mean this is not possible for reasons that are outside our control. Wherever possible we will give you advance notice if as a result we have to change the service we are able to provide. We will always seek to return to providing you with the service as soon as possible.
We will only do this due to occurrences that are not caused as a result of our fault or negligence and which we are unable to control, prevent or provide against through the exercise of reasonable care and diligence. These occurrences will include but will not be limited to war, civil war, act of God, fires, flood, epidemic, utility disruption, subsidence, strikes, lock-outs, insurrection or riots, embargoes, unavailability of raw materials or services, delays in transportation, changes to requirements or regulations of any governmental authority or regulatory authority.
How to make a complaint
The Data Protection Officer
WPS Advisory Limited
Unit 7-8 Delta Bank Road,
Metro Riverside Park,
Gateshead NE11 9DJ
We will endeavour to resolve the issues you raise with us, though you have the option to complain to our Supervisory Authority, the Information Commissioner’s Office, or another supervisory authority.
The Information Commissioner’s Office
Cheshire SK9 5AF
Helpline on 0303 123 1113
To view our Privacy Notice click here.