This privacy notice is to let you know how companies within the Group will look after your personal data. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing information you want us to send you.
Your personal data will be processed by The Mellor Practice Limited (the “Firm”) and Lighthouse Advisory Services Limited, which is part of Lighthouse Group plc (the “Group”).
This notice explains how we do this and tells you about your privacy rights and how the law protects you.
Data Protection law says that we can only use personal data if we have a proper reason to do so. This includes sharing it outside The Mellor Practice Limited and Lighthouse Group plc. For example (and as described in more detail below) in different scenarios the following reasons may justify our processing of your data:
· To fulfil a contract we have with you, or
· When it is our legal duty, or
· When it is in our legitimate business or commercial interest (provided that our legitimate interest is not overridden by your rights), or
· When you consent to it.
- Information we collect about you;
The personal data that we collect from or about you includes the following:
- date of birth
- phone numbers
- recording of calls you make to our advisers
- information about your health where relevant to the products or services that we provide to you
- information about any trade unions you’re a member of in circumstances where you contact us as a result of your trade union membership
- demographic information and other information provided by you
- information about your visit to our website, including technical information about how you access our web services such as your IP address, information about how and when you use our website (products you viewed or searched for, page response times, and length of visits to certain pages).
We may also need to collect data about other people such as your spouse, children or other related parties or third party beneficiaries. Depending on the nature of the data and what we propose to do with it (which will always relate to the service we provide to you or to them), we may require you to provide them with certain information (which may include this policy) or may ask for their consent.
- How we collect information about you;
We may collect information in a variety of ways including:
- directly from you when you voluntarily provide this information to us, for example during phone calls, via our website, or at a meeting;
- through your browser or device or through our servers;
- from other sources, such as: other Group / Network advisers, third party product providers, your other advisers, credit reference agencies, professional introducers, affinity groups, third parties that we purchase your personal data from and other relevant third parties.
- How we use your personal data, and our justification for doing so:
We use your personal data for a variety of purposes related to the services that we provide. From a legal perspective, there are various reasons for doing so. We have set out our uses and our reasons in the table below.
What we use your personal data for:
Primarily, we use your data and data about you and your family to provide financial advice to you and complete and administer transactions on your behalf. We use, analyse, and assess your data to maintain and develop our relationship with you.
We use your data in this way either because we have a contract with you (for example, a contract to provide you with financial advice) or because it is in our legitimate interests to do so (for example, it is in our interests to measure customer satisfaction and ‘troubleshoot’ any customer issues).
The FCA also requires us to hold records in respect of advice and guidance we give to you for a statutory period and, accordingly, we will use this data in order to comply with our regulatory obligations.
To respond to complaints and seek to resolve them.
We may use information about your health to help us provide the most appropriate financial advice for you and may share this with third party product providers as described below.
In some instances, the third party product provider will require information about your health in order to provide an indication of costs, for example if you require life assurance. In other instances health information may improve the outcome for you, such as when obtaining a personalised annuity rate.
Where required to do so by law, we will make sure we have consent from you before passing on any data relating to your health.
We may use your personal data to tell you about relevant products and offers (“marketing”).
We can only use your personal data to send you marketing messages if we have consent from you to do so or, in some cases, we can rely on a legitimate interest.
You can ask us to stop sending you marketing messages by contacting us at any time.
You will, however, still receive statements and other important information such as changes to your existing products and services since we need to send those messages to make sure that you receive information that you need.
We may ask you to confirm or update your choices if you take out new products or services with us in future. We may also ask you to do this if there are changes in the law, regulation, or the structure of our business.
To monitor the use of our website and ensure that our website is presented in the most effective and relevant manner for you and your device(s).
We have a legitimate interest to ensure that our website works properly and that our products and services are high quality and efficient.
We may record calls you make to us and will use this data for training and quality assurance purposes (where your call is recorded we will tell you in advance).
We use data in this way for a variety of reasons. It may be pursuant to a legal obligation and it is also in our legitimate interests to review recorded calls for quality control purposes.
We may use your data to make checks with credit rating agencies to authenticate and verify your identity and credit status where you are interested in a product which requires this.
We will make credit checks when it is in our legitimate interests and appropriate to do so in order to manage our financial risk. For example, we will undertake credit checks when advising you regarding the availability of certain mortgages.
In some cases we will need to use your personal data to fulfil a legal obligation or comply with regulations that apply to us. This includes where we receive a legitimate request from a law enforcement agency or for the purposes of detecting fraud. For example, we undertake money-laundering checks on all our customers.
To detect, investigate, report and seek to prevent financial crime.
To manage risk for us and our customers.
To obey laws and regulations that apply to us.
- Whom we share your personal data with;
Some services are provided to our firm or advisers by third parties such as processing business or obtaining compliance or regulatory advice, which warrant the disclosure of more than just your basic contact details. In such cases personal data held by the Firm or Group may be disclosed on a confidential basis, and in accordance with relevant data protection law.
Other professional advisers:
Depending on the instructions we receive from you, we may pass your data to other professional advisers to enable us to provide advice most suited to your circumstances. Usually, this would be referrals to accountants, solicitors, tax advisers and sometimes to specialist advisers in the financial and insurance industry if we believe you may benefit from the expertise of such third parties. We, and any third party specialist advisers to whom we introduce you, will pass your data to product providers, lenders and investment managers when you agree to make an investment, or purchase or amend policies or mortgages.
Sharing data to comply with laws:
There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as with law enforcement agencies, regulatory bodies (such as the Financial Conduct Authority) or public authorities in order to prevent or detect crime. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law.
International Group data processing and Group structure:
The Firm and Lighthouse Group shares various operations and business processes. We may share your personal data with any member of our Group to fulfil our contracted obligations to you, or because it is in our legitimate interests to do so. We may also share your personal data if the make-up of the Firm or Lighthouse Group Plc changes in the future:
- We may choose to sell, transfer or merge parts of our business or our assets. Or we may seek to acquire other businesses or merge with them.
- During any such process, we may share your data with other parties. We will only do this if they agree to keep your data safe and private.
- If there is a change to the Firm or the Group, then other parties may use your data in the same way as set out in this notice.
- Transfers of your data outside of Europe:
Product providers, lenders and investment managers may administer your policies, including any policies you already have with them, and provide other services from centres in countries outside the European Economic Area (the “EEA”) (such as India and the USA) that do not always have the same standard of data protection laws as the UK. However, they are required to put a contract in place that ensures that your information is adequately protected, and they will remain bound by their obligations under the relevant data protection law even when your personal information is processed outside the EEA.
If we do transfer information to investment or insurance companies outside the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
- For data sent to the USA, transfer it only to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU. It makes sure those standards are similar to what is used within the EEA.
- If you choose not to give personal data:
We may need to collect personal information by law, or under the terms of a contract, we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts or policies. It could mean that we cancel a service you have with us.
Any data collection that is optional would be made clear at the point of collection.
- The way we store your data:
We keep records of all your transactions. You, or your appointed agent, have the right to inspect the records at a mutually convenient time. As we treat all our client records as confidential, we reserve the right to give you copies of your records if, in certain circumstances, releasing the original would compromise other clients’ confidentiality. Unless you tell us otherwise, when we arrange products for couples or joint parties we will assume that information can be passed freely between us and the parties involved with the contract.
- Keeping your personal data safe:
We take the security of your data very seriously and have implemented various strategies, controls and measures to protect the integrity and confidentiality of your data. We keep these measures under review, including by reference to broader industry standards,
- How long we keep personal data:
We will keep your data for as long as necessary, which would typically be for the whole of your life. We need this data to allow us, where agreed, to provide an on-going service and to allow us, if required, to undertake future reviews and fulfil our obligations to regulators.
- Your rights and how to contact us:
The law gives you a number of rights in relation to your personal data and our use of it. You have the right:
(a) to ask us not to use your personal data for direct marketing purposes;
(b) to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party);
(c) to ask us to correct or update any personal data which is inaccurate;
(d) to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to use it;
(e) to ask us to temporarily stop using your data if you don’t believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
(f) not to be subject to decisions made solely on the basis of ‘automated processing’ (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
- How to complain:
Please let us know if you are unhappy with how we have used your personal information. Please refer to the contact details for our Customer Liaison Team shown above.
You also have the right to complain about the use of your personal data to the Information Commissioner’s Office. Find out how on their website https://ico.org.uk/concerns/ or call their helpline on 0303 123 1113.