TFAS’ group of companies is a group of companies that help UK clients receive financial advice that is suitable to their individual needs but instead of meeting face-to-face, we meet our clients by telephone and video call. Because of this we can help people wherever they live, and we can do so in a more convenient manner than traditional face-to-face advice. We represent a new choice for customers who wish to deal with their financial planning needs more cost-effectively by phone.
The group is made up of the following companies which are registered as data controllers with the UK Information Commissioner’s Office:
– TFAS Wealth Limited registration number ZB370703 which is directly authorised by the FCA (968148)
– The Financial Advice Service Limited registration number ZA116677 which is an FCA authorised (682428) appointed representative of TFAS Wealth Limited
Scope of this Privacy Notice
We are committed to protecting and respecting your privacy whilst being transparent with you regarding how we process your data. We are a “data controller” which means we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained within this notice.
This privacy notice sets out the way in which the personal data you provide to us (and the data collected by us) is handled, stored, and processed.
Data Protection Principles
We will comply with data protection law and principles, which means that your information will be:
– Used lawfully, fairly and in a transparent way
– Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
– Relevant to the purposes we have told you about and limited only to those purposes
– Accurate and kept up to date
– Kept only as long as necessary for the purposes we have told you about
– Kept securely
How we obtain your information
Your information may come to us from several different sources. You may provide it directly to us when using our services, it may be generated while using those services or it may be publicly available information.
Information may be provided directly by you in some of the following circumstances:
– As part of our advisers’ fact-finding meeting and any other meetings with you
– When you complete a form online
– When you provide information via our secure, online personal finance portal (PFP)
– When you contact us and provide information over the telephone
– When you send us information as part of ongoing service delivery
Other examples of where we obtain your personal data from include:
– Where you are referred to us by an introducer, they will ask for your agreement to send this information to us to provide you with advice and guidance
– We will also collect data about you and your family from other people such as providers and existing schemes who you hold policies with
– Information about you provided by our clients where it is necessary to do so e.g. as a beneficial owner of their assets or as an individual making payments to their account
– Information provided by legal firms in relation to legal proceedings
– Where information is collected via cookies online
– Where we access your publicly available contact details online e.g. to contact you about a service of interest
Where personal data is provided to us by a third party, we will make sure that these third parties have provided you with appropriate privacy information on the sharing of this data with us and have a clear lawful reason for sharing this data. Where this is found not to be the case, we will make every effort to make sure you are aware that we are processing this information. Where contacting you directly in relation to this is difficult to achieve, we will ensure that our privacy notices clearly detail where this is happening.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this notice.
Profiling and automated decision making
The UK General Data Protection Regulation includes certain provisions around how personal data can be used for:
– Profiling – where personal data is processed to evaluate certain things about an individual
– Automated individual decision making – where a decision is made based on your personal data solely by automated means
This includes ensuring that individuals are made aware of this profiling, how decisions are made based on this and the consequences of these decisions.
In relation to automated decision making, we may need to carry out automated identity verification and financial checks as part of offering you the relevant service. In all cases you are entitled to challenge the decisions made by these automated means and request human intervention into this process.
When we might disclose your data
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors insofar as is reasonably necessary for the purposes set out in this notice.
We may share your data with third parties to perform services on your behalf. Types of third parties who may have access to your personal data include:
– Other professional service providers – depending on the instructions we receive from you; we may pass your data to other professionals to enable us to provide advice most suited to your circumstances. We will always notify you if we are going to share your information in this way and these professionals would all be based within the UK. Usually, this would be referrals to accountants, solicitors, tax advisers and sometimes to specialist advisers in the financial and insurance industry where you may benefit from the expertise of such third parties. We, and any third-party specialist advisers to whom we introduce you, will pass your data to the relevant organisations if you agree to purchase or amend policies and products.
– The regulator – we may be required to share your data with our regulator, the Financial Conduct Authority, or the Financial Ombudsman and other third parties including our auditors or insurers.
– Identification authentication agencies – we will make checks with third party agencies to authenticate and verify your identity. These checks will also cover global adverse media checks, politically exposed person, and sanction lists. Any personal data obtained for the purposes of meeting with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 will only be processed for the purposes of preventing money laundering or terrorist financing, unless the use of the data is permitted by or under another enactment other than those regulations, or otherwise where consent has been obtained from you.
– Product providers – we also make checks with organisations with which you have policies of insurance and investments. These checks are to help us with our legal obligations and to ensure that we provide you with advice that suits your circumstances. The scope and extent of the gathering of information from third parties depends on what type of service you are taking from us.
– Purchasers/investors – we may share your information with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets or who are stakeholders or investors in our business. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this notice.
– Other third parties ((1)Third Party IT System Suppliers who may host your data on their systems and may need some level of access to resolve technical concerns. (2) Solicitors, counsel, and claimants in relation to legal matters. (3) Accountants in relation to finance matters.)
We may disclose your personal information:
– to the extent that we are required to do by law
– in connection with any on-going or prospective legal proceedings
– to establish, exercise or defend our legal rights (including providing information to others for the purpose of fraud prevention and reducing credit risk)
– to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such or authority would be reasonably likely to order disclosure of that personal information
We will never sell or share your personal information with other organisations for their direct marketing purposes without your explicit consent. Except as provided in this policy, we will not provide your personal information to other third parties.
We require all third parties to respect the security of your personal data and to treat it in accordance with data protection laws. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Transferring data outside the UK
Occasionally, to meet the purposes defined in this notice, we may need to transfer personal information you submit to us to countries or jurisdictions outside the UK.
In each case, we ensure that our suppliers provide adequate protection for the confidentiality and security of this information and the rights of data individuals in connection to the transfer of their personal data.
Specific safeguards exist to govern this sharing, including ensuring that these countries have adequate data protection provisions in place as agreed by the Information Commissioner’s Office or other additional safeguards are in place, most commonly implementing standard contractual clauses agreed by the European Data Protection Board and the ICO for international transfers within their contracts.
Security of your data
We are committed to processing and retaining data within established technological controls in a transparent manner, as well as promoting and safeguarding the information rights of data subjects.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are required to do so.
Cookies and our websites
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps respond to you as an individual by remembering previous data stored. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We periodically use traffic log cookies to identify traffic patterns anonymously. This can be optionally blocked by opting out of your web browsers analytics programme.
Externally you can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent the website operating correctly and is an unsupported environment and as such we offer no guarantee of the correct operation of the website.
How long we keep your data for
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
Personal data that we process for any purpose will not be kept for longer than is necessary for that purpose. Different purposes will have different retention periods, and we will (for example) retain data about financial records longer than we would retain information for general enquiries.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where we give you a recommendation, your information, along with supporting documentation will be retained indefinitely.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Notwithstanding the other provisions of this section, we will retain your personal data:
– To the extent that we are required to do so by law
– If we believe that the information may be relevant to any on-going or prospective legal proceedings
– In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
– To support the ongoing business purposes as specified above (with due consideration for the rights and freedoms of individuals privacy)
You have several rights under Data Protection law including:
– The right to be informed about the collection and use of your personal data e.g. via this privacy notice
– The right to access your personal data
– The right to have any inaccurate personal data rectified, or completed if it is incomplete
– The right to have your personal data erased in certain circumstances
– The right to request the restriction or suppression of their personal data in certain circumstances
– The right to data portability – to obtain and reuse your personal data for your own purposes across different services
– The right to object to our use of your information in certain circumstances e.g. for marketing or profiling purposes
If you would like to access your data or ask for your information to be updated, restricted, or deleted or raise a general query or concern about the use of your personal information, you should contact the Data Protection Officer (see below) who will deal with your request promptly.
In most cases, we will respond to your request within one month of receiving the necessary information required to deal with your request. We may ask you to supply appropriate evidence of your identity and any additional information to help us to deal with your request effectively.
There may be some exemptions to dealing with your rights as specified in Data Protection law, but we will ensure you are fully informed of this within a month of receiving your request.
Full information on your rights under the Data Protection Act can be found from the following link:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us (see below). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We take any complaints we receive about the collection and use of personal information very seriously. We encourage you to bring it to our attention if you think that our collection or use of information is unfair, misleading, or inappropriate. You can make a complaint at any time by contacting us (see below).
If you think our collection or use of personal information is unfair, misleading, or inappropriate or if you have concerns about the security of your personal information, you also have the right to make a complaint to the Information Commissioner’s Office. You can contact the Information Commissioner’s Office at the following address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Changes to our privacy notice
This privacy notice will be reviewed annually or sooner, should any new types of processing be identified or changes to current data protection legislation may mean changes are required. Any changes we may make to our privacy notice in the future will be posted on this page.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact firstname.lastname@example.org or write to: The Data Protection Officer, TFAS Wealth Limited, Second Floor, St Andrew House, 119-121 The Headrow, Leeds, LS1 5JW. Please note, there are some specific circumstances where these rights do not apply, and we can refuse to deal with your request.