Privacy Notice

We will collect the following types of personal data dependent upon the financial services required:

• Information such as your name, date of birth and contact details (e.g. address, phone numbers & email address);

• Identification information including passport, driving licence, national identity card (for non-UK nationals), government issued ID verification, shotgun licence, and address verification documents such as council tax letters or bank statements and evidence of benefit entitlement;

• Employment information such as job title and employment history (e.g. payslips);

• Information relevant to products we provide (e.g. pension and life policies, long term care polices);

• Information relating to your personal finances such as your annual expenditure, financial liabilities and assets, investments, income and outgoings;

• Information classified as ‘sensitive’ or special category personal information, e.g. relating to your health, race or ethnic origin. This information will only be collected and used where it’s needed to provide a product or service you have requested or to comply with our legal obligations;

• Information connected to providing a specific product or service;

• Information about your family including information about your dependants;

• Information about your contact with us, e.g. meetings, phone calls, emails / letters;

• Information that is automatically collected e.g. via cookies when you visit one of our websites or an IP address from submission of an online form;

• Information if you visit our office, e.g. visual images collected via closed circuit television (CCTV);

• Information relating to your marketing preferences.

Different variations of personal data are required for each product/service so we may not be required to collect all of the data types listed above.

You directly provide us with the personal data we collect and we may also obtain your personal information from other sources, this includes:

• original physical copies of relevant documents;

• certified scanned copies of relevant documents either by email or post;

• your meetings with us, telephone conversations or video conferences;

• emails, letters or forms (including online) you send us;

• application forms you complete for products or services;

• questionnaires (including online ones) you complete;

• publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines and social media sites;

• from third parties who provide anti money laundering and fraud prevention services who carry out electronic ID checks, sanctions and politically exposed persons checking services.

Access to your personal data is permitted only for those employees, Advisers and other contracted staff who require it to fulfil their responsibilities on your behalf. Your personal data will be initially processed by Nexus IFA Limited and/or Nexus Financial Planning. Both firms are Appointed Representatives of In Partnership, a trading name of The Whitechurch Network Limited. Your personal data will be further processed by On-Line Partnership Group Limited on behalf of its subsidiary company The Whitechurch Network Limited who act as our Principal for regulatory purposes. All parties who process your personal data will do so in accordance with this Privacy Notice and the requirements of Data Protection legislation. All such parties are subject to information security training to enforce and communicate best practice when handling information.

Though there are some legal exceptions, if we wish to process your personal data for any other unrelated purpose than those we have informed you about we will notify you.

Your personal data is essential to enable us to take steps (at your request) prior to entering into a contract or to perform a contract to which you are a party. Without this information we will not be able to proceed in providing any financial service.

The lawful basis for the processing of your personal data as per Article 6 of the UK GDPR is:

• Consent - you can remove consent at any time by contacting our Data Protection representative (details below);

• necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;

• for compliance with a legal obligation to which we are subject;

• necessary to perform a task in the public interest;

• for the purposes of the legitimate interests pursued by us.

We will record your information exactly as you provide it. You may ask us to update it at any time and we will action your request promptly and where possible notify relevant third parties of any changes.

We will only process sensitive, or special category, personal data, such as data concerning health, racial or ethnic origin, or sexual orientation, with your explicit and informed consent for specific processing activities. In such cases you will be asked to sign a separate consent form to evidence this and that you understand the purpose(s) of the processing of such data. Your consent may be withdrawn at any time. The processing is in order to:

• To carry out obligations in respect of FCA requirements

• To carry out obligations in respect of financial application requirements on your behalf

• To protect your vital interests, e.g. we may pass on information about medical conditions to paramedics if you are unable to give consent due to illness.

• To contact you to ensure that our records of your personal information are correct;

• to respond to questions or complaints you may have about our services;

• to update you with changes in our terms;

• for statistical or research analysis relating to the performance of our business or that of our principal and understanding the changing needs of our clients;

• to review, improve and develop services we offer or to handle complaints;

• to pursue debts or unpaid fees;

• to evidence company practices, for example to fulfil our legal requirement to provide independent audit undertakings;

• to evidence the standards and processes carried out conform to the company's ethical standards and expectations;

• for direct marketing activities;

• to protect the business from risks which might be introduced by an individual.

You have the right to object to processing for these purposes and we shall cease unless we can show we have compelling legitimate grounds to continue.

We will use your personal data to protect members of the public against dishonesty, money laundering or fraudulent activities. This must necessarily be carried out without your explicit consent to ensure this function is not prejudiced. Part of this processing involves verifying your identity using third parties such as GB Group Plc or Creditsafe Business Solutions Ltd.

We only collect data that is necessary to carry out the purposes listed above. This includes data you supply and data we receive from reference agencies. Where practical and lawful we will inform you about any of your personal data we receive from third parties that you may be unaware of.

We will ensure that your data is only accessible to authorised people in our firm and will remain confidential at all times. Appropriate security measures will be in place to prevent unauthorised access, alteration, disclosure, loss, damage or destruction of your information. If we have a contract with another organisation or individual to provide us with services or a service on our behalf to process your personal information, we’ll ensure they give reassurances regarding appropriate security measures in place, act in compliance with Data Protection legislation, and only process your data in the way we’ve authorised them to. These organisations or individuals won’t be entitled to use your personal information for their own purposes. Please contact our Data Protection representative if you would like further information.

We may share your data with:

• Appropriate staff such as those who carry out financial or compliance functions.

• Organisations that need your data because we are required to provide it by law (e.g. The FCA, ombudsman services, HMRC, etc.).

• Organisations that help us process your personal data to establish your personal characteristic. This is necessary if we are to provide you with the best possible advice and service.

• Organisations that carry out credit references or identity checks such as GB Group Plc or CreditSafe Business Solutions Ltd. These organisations may keep a record of the information and may disclose the fact that a search of its records was made to its other customers for the purposes of assessing the risk of giving credit, to prevent fraud and to trace debtors.

• Sometimes other authorised firms with specialist advisers, such as pension specialists, who assist us in providing suitable financial advice and services. You will be provided with their details if this applies.

• Organisations and individuals contracted by us to carry out specific administrative, financial, compliance or direct marketing functions. These contractors only act as data processors and will only process your information under our instructions and operate under the same obligations for data protection as we ourselves operate. Examples of such organisations would be to provide product research quotes; e-signature facilities; email marketing platform (for direct marketing).

• Law enforcement agencies, courts or other public authorities if we have to, or are authorised to, by law.

• Product providers we use to provide financial services or for direct marketing (see below).

• Where we or our Principal go through a business transaction, such as a merger, being acquired by another company or selling a portion of its assets, your data will, in most instances, be part of the assets transferred.

• Where you give clear written consent for us to share your personal data with a specified third party.

We do not usually transfer any of your personal information outside of the UK or EU except when we need to perform pre-contractual measures (credit and identity checks) or because the checks we request are necessary for important reasons of public interest. Some companies, like Creditsafe Business Solutions Ltd, may transfer data outside of the EU to countries which do not, in the view of the EU Commission, offer an adequate level of protection. In such cases Creditsafe encrypts any data it sends to other agencies and only transfers information necessary to carry out checks. (A list of countries used to perform checks include Germany, Netherland, Belgium, France, Sweden, Norway, Finland, Luxembourg, Switzerland, Liechtenstein, Spain, USA, Estonia, Latvia, Lithuania, Poland, Slovakia, Czech Republic, Hungary, Slovenia, Bosnia, Serbia, Montenegro, Croatia, Macedonia, Kosovo, Albania, Bulgaria, Romania, Ukraine, Austria, Denmark, Moldova, Portugal, Italy, Canada, Brazil, Greenland, China, India, Australia, Russia, South Korea, Taiwan, Mexico, South Africa, New Zealand, Hong Kong, UK)

Furthermore, we may use a third party data processor contracted to perform direct marketing functions using an email platform such as Mailchimp, who may transfer and process data (e.g. a name & email address) outside of the UK & EU. Mailchimp have committed “to transfer and process all of its users’ European data in compliance with the Standard Contractual Clauses (the “SCCs”),” which provides the ability to lawfully transfer data subject to the European data protection law (including the GDPR) outside of Europe to Mailchimp in the United States. In addition Mailchimp continues to protect European data in compliance with the EU-US Privacy Shield Principles, ensuring an essentially equivalent level of protection.(https://mailchimp.com/en-gb/help/mailchimp-european-data-transfers/).

We will use your personal data now and in the future to carry out direct marketing activities as these are legitimate interests pursued by us. Sometimes this includes, with your consent, sharing data with product providers for their marketing activities. You can choose which method you’d prefer us to use to contact you (by email, telephone, SMS or post) and you have the right to object at any time to the use of your personal data for this purpose and we will cease marketing activity. Contact our Data Protection representative (see below) to let them know about your preferences.

In line with The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 we may record incoming or outgoing telephone conversations for the following purposes:

• establishing facts and evidence for business transactions;

• ensuring compliance with regulatory or self-regulatory practices;

• ascertaining and demonstrating that standards are being met;

• preventing or detecting crime;

• investigating or detecting the unauthorised use of that or any other telecommunication system;

• safeguarding the effective operation of the telecommunications system.

The Financial Conduct Authority lays down rules relating to how long information should be held for and we will keep your information to meet these requirements. We will not keep your information for longer than is necessary in light of the reason(s) for which it was first collected. The following factors will be used to determine how long your personal data is kept by us:

• Business requirements

• Legal requirements

• Regulatory requirements

You may at any time ask for a copy of the personal data we hold about you – it is your legal right. This is known as a “subject access request”. We will provide you with a copy of any non-exempt personal information within one month, unless we ask you for an extension of time, for example if your request is complex or we receive numerous requests at the same time. To protect your personal data, we will ask you to verify your identity before we release any information. We may refuse your request if we are unable to confirm your identity.

Information will be provided to you in a concise, transparent, intelligible, and easily accessible format, using clear and plain language.

Please contact our Data Protection representative (details below) or use our Subject Access request form to to request a copy of your data. We ask that all subject access requests be made in writing (including by email) if possible. There is not normally any charge for a subject access request.