SPF PRIVATE CLIENTS
SPF Private Clients Ltd (“SPF”) (“we”, “us”, “our”), is the data controller of the personal information collected via this Site. We are registered with the Information Commissioner’s Office (ICO) under registration Z6474019.
This privacy notice explains how we process your personal information, what type of information we hold, how we receive it and from who. This notice also explains who we may share your information with and details your rights under data protection legislation and how to use them.
We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identified as such.
UPDATES TO THIS PRIVACY NOTICE
This Privacy Notice may be amended by us at any time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will notify you about material changes by prominently posting a notice on our website. Please check this page periodically to review this Privacy Notice so that you will always know what information we collect, how we use it, and with whom we share it.
It was last updated in July 2023.
WHO DOES THIS PRIVACY NOTICE RELATE TO?
This privacy Notice relates to the following types of individuals, where we hold your personal information:
• Individuals who are clients, including prospective clients who have received a quote for a product from SPF, former clients who have previously held a policy via SPF, and client representatives, for example those with power of attorney;
• Our business/corporate clients and their employees, including prospective and former clients and client representatives;
• Visitors to our websites;
• Individuals who contact us with a query, concern or complaint;
• Individuals who respond to job vacancies
• Individuals named on our policies, such as named drivers, joint policy holders, guarantors, or beneficiaries;
• Individuals who request information from us or permit us to contact them for marketing purposes;
There are other types of individuals who this privacy notice does not relate to, for example SPF employees and sub-contractors (including prospective and former employees and sub-contractors), employees of our current, former or prospective business partners and service suppliers, and members of the press.
If you are one of these individuals and would like further information on how we collect, use and store your data, please contact us. Our contact details are shown in the “HOW TO CONTACT US” section of this notice.
HOW YOU CAN CONTACT US
We take data privacy seriously and your opinion matters to us. If you have any questions about this policy or how we use your information you can contact our Data Protection Officer, speak to your adviser or contact SPF email@example.com
OUR DATA PROTECTION OFFICER
SPF’s Data Protection Officer is Stephen Clarke and he can be contacted in the following ways:
By email – firstname.lastname@example.org
Telephone – 020 7330 8500
In Writing – SPF Private Clients Ltd, 33 Gracechurch Street, London, EC3V 0BT
WHAT INFORMATION WE COLLECT AND HOW WE USE IT
We collect your information and use it in different ways depending on your relationship with us and how you have interacted with us. This can include information we share with or receive from other third parties.
THE LAWFUL WAYS WE USE YOUR DATA
We use your information for the following lawful reasons:
• To enter into or perform a contract; for example, to provide you with a quotation or illustration, to start, change or cancel a policy, to answer any queries you may have, or action your requests.
• To comply with a legal obligation; for example, the rules set by our regulator the Financial Conduct Authority (FCA), to fulfil your data rights under data privacy laws, handle complaints about data privacy or our financial products and services and to comply with other legal requirements such as preventing money laundering and other financial crimes.
• For our legitimate business interests; for example, to detect and prevent fraud, money laundering and other financial crimes, monitor and improve our business and our products and services, demonstrate compliance with applicable laws and regulations, handle legal claims, respond to other types of complaint not previously mentioned, and some marketing activities. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to this kind of use. For more information, visit the “YOUR DATA RIGHTS” section of this notice.
• With your consent; for example, when you ask us to provide you with information or permit us to contact you for marketing purposes. You can withdraw your consent at any time, for more information please visit the “YOUR DATA RIGHTS” section of this notice.
• To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
Special Category Data
The processing of special category data, such as health data, requires an additional legal basis to the grounds set out above. This additional legal basis will typically be:
• your explicit consent;
• the establishment, exercise or defence by us or third parties of legal claims; or
• a substantial public interest exemption provided under local laws of EU Member States and other countries implementing the General Data Protection Requirements (“GDPR”), such as where the processing is necessary for an insurance purpose, or to detect or prevent unlawful acts, or to prevent fraud
Our lawful basis for processing your special categories of data will usually be that it is necessary for reasons of substantial public interest and subject to appropriate protections. In the limited circumstances where the benefits are not secured by insurance, and no other legal basis is available, the legal basis of our processing will be your explicit consent.
Where necessary, documentation that you need to complete to provide that information will include a provision where you can indicate that consent. You may withdraw your consent to such processing at any time, however you should be aware that if you choose to do so we may be unable to continue to provide our services to you (and it may not be possible for your policy to continue). This may also mean that your policy will need to be cancelled. If you choose to withdraw your consent we will tell you more about the possible consequences, including that we may no longer be able to act as your broker of record or place or administer your policy and that you may have difficulties finding other cover.
WHEN WE COLLECT YOUR PERSONAL DATA
We collect personal data from you when:
• You approach SPF for advice on a financial services product, including a mortgage, pension, investment, protection and insurance.
• When you are named on the policy of another individual, for example as a named driver on a vehicle insurance policy, a joint policy holder, a beneficiary, a guarantor, or a power of attorney;
• You contact us to request information or to make a complaint;
• You visit our website or the websites of other Howden UK & Ireland companies;
• You visit one of our stands and give us your information, for example at a show or trade fair;
• You have given permission to other companies to share your information with us;
• You have made your information publicly available, and we have a legitimate reason to review it.
We also collect your information from other third-party sources where we have legal grounds to do so. These include anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.
WHAT INFORMATION WE USE AND HOLD ABOUT YOU
Depending on your relationship with us, we may hold the following types of information about you:
• Identity and contact data: for example, your name, date of birth, postal address, telephone number and e-mail address.
• Payment and account data: for example, your bank account details for refunds.
• Location data: for example, your postal or IP address, the location of any property.
• Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.
• Internet data: for example, information collected by cookies and other online technologies such as Google Analytics, as you use our website or contact us by online methods.
• You can find more information about the information we collect using cookies and other technologies in our Cookies Notice, available here.
• Information we obtain from other sources; including anti-fraud and other financial crime prevention agencies.
• Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with the Financial Ombudsman Service or other third-party adjudicator services.
• Some of our processes combine different sets of information we hold. This can include combining different data sets we have about you, or combining your information with that of other individuals.
SENSITIVE PERSONAL DATA (SPECIAL CATEGORY DATA)
Some of the information we collect about you may be sensitive, for example data relating to your health and any medical conditions, race or ethnicity, or data relating to criminal convictions. We only collect this information where it is relevant to do so, such as:
• When it is relevant to the type of insurance or mortgage you are enquiring about, have purchased, previously held or that you have been named on;
• Where it is relevant to a complaint or issue you have raised with us.
Certain types of information are known as “special categories” under data protection law, and receive additional protection due to their sensitivity, for example information that reveals your race or ethnicity, your political views or your religious beliefs. We only use these types of data with your explicit consent, or to protect your vital interests or when it is necessary to meet a lawful purpose under the current legislation.
WHO WE SHARE YOUR INFORMATION WITH
Where applicable, we share your personal information with the following types of third parties when we have a valid reason to do so;
• Other companies in Howden UK & Ireland and/or the wider Howden Group;
• Business partners, brokers, intermediaries, lenders, banks, insurers, finance product providers, suppliers and agents involved in delivering products and services to you;
• Fraud prevention agencies;
• Law enforcement, government bodies, regulatory organisations, courts and public authorities, for example the Financial Conduct Authority (FCA), The Financial Ombudsman Service, The Information Commissioner’s Office (ICO) and HMRC;
• Lenders, banks, insurers and financial product providers;
• Media agencies and other marketing organisations that we advertise with or conduct marketing activities through;
• Solicitors (who may be legal representatives for you, us or a third party claimant) and other professional services firms (including our auditors)
• Potential purchasers of our businesses.
• Service Providers who help manage our IT and back office systems, or who provide platforms and portals for administering policies and member details
• Marketing fulfilment, webinar and customer satisfaction service providers, acting on our behalf in facilitating online events, providing marketing communications and capturing feedback from our customers on our service levels,
A third party where disclosure is required to comply with legal or regulatory requirements;
• Personal representatives appointed by you to act on your behalf, or those appointed to represent a third-party claimant.
Our websites may also share information with Google via the use of internet cookies, where you have agreed to this. You can find out more information about how Google uses data collected by cookies on Google’s Privacy & Terms site, available here.
TRANSFERRING DATA INTERNATIONALLY
For business purposes, to help prevent/detect crime or where required by law or regulation, we may need to transfer your personal data internationally. Where we do this, we will ensure that your information is protected in accordance with the applicable data protection requirements.
If the data protection laws of the country that the recipient of your data is based in are not recognised as providing sufficient protection by relevant laws, we will ensure that the recipient enters into a formal and enforceable legal agreement that reflects the standards required.
You have the right to ask us for more information about the safeguards we use when sending your personal data overseas. You can request more information by contacting us on the details shown in the “how you can contact us” section of this notice.
We will ask you to consent to the transfer of personal information in accordance with the protections outlined above.
RETAINING AND DESTROYING DATA
We retain information about you and the products you purchase to meet a number of legal and regulatory requirements, as well as our own legitimate business interests. For the period we retain your information, it is held securely by us or by third-party service suppliers contracted to store it on our behalf.
You can request further information about our retention periods and the data sets that they apply to by contacting us on the details shown in the “HOW YOU CAN CONTACT US” section of this notice.
We are also subject to regulatory and legislative requirements to retain your data for specified minimum periods. We reserve the right to retain data for longer where we believe it’s in our legitimate interests to do so. In any case, we will not keep your personal data for longer than seven years after our relationship with you has ended.
• in some circumstances we may retain your personal data for longer periods of time, for instance;
• Where we are required to do so in accordance with legal, regulatory, tax or accounting requirements;
• So that we have an accurate record of your dealings with us in the event of any complaints or challenges;
• If we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
Please note that where you unsubscribe or opt out from a marketing communication, we need to keep a record of your email address to ensure we do not send you marketing emails in the future.
SECURITY OF DATA
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our Site, and our social media pages may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage.
The transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition, we recommend that you take the following security measures to enhance your online safety:
• When creating a password, we recommend use at least 12 characters with a combination of letters and numbers.
• Keep your passwords private.
• Remember, anyone who knows your password may access your account.
• Avoid using the same password for multiple online accounts.
• We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from Organisation.
• If you receive such an email claiming to be from the Organisation asking you to do so, please ignore it and do not respond and report it to us.
We may contact you from time to time by email, telephone, post or SMS with information on financial services products we offer, this includes mortgages, general insurance, protection, pensions, investments and market commentary. For more information please visit the Information Commissioner Officer’s website: https://ico.org.uk/your-data-matters/does-an-organisation-need-my-consent/
If you would rather not receive this information or market commentary please contact Privacy@spf.co.uk
Please note, if you are an existing customer and you opt out of receiving marketing communications SPF will still contact you prior to the end of your mortgage or renewal of your insurance contract or in line with any agreed service offering. This is to ensure your financial product remains suitable and that your insurance remains active.
If you (whether an individual or business customer) wish to be removed from our direct marketing list and do not wish to receive any further information from us (opt-out) you can inform us of this by clicking on the link at the bottom of each e-mail communication you receive from us. Once this information is received we will immediately remove you from our direct marketing database. Alternatively, you can asked to be removed via one of the methods below:
Email – Privacy@spf.co.uk
Telephone – 020 7330 8500
In Writing – Jayne Shaw, Marketing Director, SPF Private Clients Ltd, 33 Gracechurch Street, London, EC3V 0BT
We may send you marketing material relying upon the lawful ground of legitimate interest. For more information please visit the Information Commissioner Officer’s website: https://ico.org.uk/your-data-matters/does-an-organisation-need-my-consent/
YOUR DATA RIGHTS
Data protection law gives you rights relating to your personal information. This section gives you an overview of these and how they relate to the information you give us.
The UK supervisory authority for data rights, the Information Commissioner’s Office (ICO), has also published detailed information about your rights on their website: www.ico.org.uk, under the section entitled “for the public”.
YOUR RIGHT TO ACCESS
You have a right to request copies of the personal information we hold on you, along with meaningful information on how it is used and who we share it with.
This right always applies, but there are some instances where we may not be able to provide you with all the information we hold. For example, we may not be able to provide you with your personal data where doing so could have an adverse impact on one or more of the following:
• The privacy, rights or freedoms of other individuals;
• The prevention and detection of crime, including financial crimes such as insurance fraud and money laundering;
• Legal professional privilege, or;
• Negotiations with the individual(s) concerned.
The above list is illustrative only and is not exhaustive, but it does give the most-common scenarios that arise in connection with insurance.
In order to furnish you with a copy of your personal data that we hold we may need to verify your identify.
Normally, we will tell you if we are unable to provide you with some or all of your personal data and explain why when we respond to your request, unless the relevant laws or regulations prevent us from doing so.
YOUR RIGHT TO RECTIFICATION
If information we hold is inaccurate or incomplete, and this has an impact on the way we are using your data, you have the right to have any inaccuracies corrected and for any incomplete data to be completed.
If you ask us to rectify your information, we will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.
Depending on the type of personal data you believe is inaccurate, we may ask you for further proof to ensure that the personal data is being corrected properly. If we are satisfied that the personal data is inaccurate, we will make the necessary changes.
YOUR RIGHT TO ERASURE (THE RIGHT TO “BE FORGOTTEN”)
You have the right to request that your personal information is erased in certain circumstances, for example if the data is no longer needed for the purpose(s) it was originally collected for. This right does not apply where we have to comply with a legal obligation or where we need personal data for the establishment, exercise or defence of legal claims.
If you ask us to erase your information, we will either confirm to you that this has been done, or if we are unable to delete it, let you know why and also inform you how long we will hold it for. For more information, see the “RETAINING AND DESTROYING DATA” section of this notice.
In addition, if you opt out of marketing communications or have previously opted out of marketing communications, we have to keep a record, of such opt out to ensure that we don’t contact you in the future.
YOUR RIGHT TO RESTRICT PROCESSING
You can ask us to restrict the use of your information in certain circumstances.
If you ask us to restrict your information, we will either confirm to you that this has been done, or if we are unable to restrict it, we will inform you why.
YOUR RIGHT TO OBJECT TO DIRECT MARKETING
You can always object to receiving direct marketing from us.
If you do so, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future.
YOUR RIGHT TO CHALLENGE OUR LEGITIMATE INTERESTS
You can challenge the use of your personal data where we use a legitimate business interest as a lawful basis to process your information. You can find more information on when we use this lawful basis in the “LAWFUL WAYS WE USE YOUR DATA” section of this notice.
If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
YOUR RIGHT TO OBJECT
You can object to us using your information for statistical purposes in some instances.
If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
YOUR RIGHT TO DATA PORTABILITY
In certain circumstances, you have the right to request that your information be compiled into a common, machine readable format and either provided directly to you or sent by us to a third-party you nominate.
If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why.
YOUR RIGHT TO COMPLAIN
If you are unhappy with how we have used your data or if you believe we have failed to fulfil your data rights, you have the right to complain to us, and can contact us to raise your concerns using the details shown in the “HOW YOU CAN CONTACT US” section of this notice.
If you remain unhappy with our response you may raise a complaint with a supervisory authority responsible for data rights in the public interest. In the UK, this is the Information Commissioner’s Office (ICO). Although they do not award compensation, the ICO can investigate concerns brought to them and take action if they decide that an organisation has failed to meet its data protection obligations. The ICO can be contacted using the following details:
Via their website: www.ico.org.uk
By e-mail: email@example.com
By telephone: 0303 123 1113
By post: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
EXERCISING YOUR DATA RIGHTS
You can exercise any of your data rights by contacting us using the information in the “HOW YOU CAN CONTACT US” section of this notice and telling us which right (or rights) you would like to exercise.