This policy explains what information we receive about you, what we use it for, and how we keep it safe.
The types of personal data that we collect
Personal data is information that, by itself or together with other data, can be used to identify you. EQ Investors Limited (‘we’, ‘EQ’) is the controller of your information. We respect the confidentiality of your personal data and are committed to handling it securely.
We collect a range of information about you and your family, including:
- Identity details such as your name, age, date of birth, gender and National Insurance number.
- Contact details such as your email address, telephone and mobile numbers, home address, and social media accounts.
- Financial details such as your salary and other income, savings, investments and other assets, debts and liabilities.
- Family, lifestyle or social circumstances when this is relevant to a specific product or service, such as the number of dependents you have.
- Documents used to verify your identity, to prevent money laundering and fraud.
- Information connected to your product or service with us, such as your bank account details.
- Personal data about family members and/or other named applicants or beneficiaries of products you have with us. In this case you must have the authority to provide their personal data to us.
- Information about your use of our website, including the Internal Protocol (IP) addresses used to access our website, the pages visited and how you interact with the site.
- Information provided by third parties, the scope and extent of which depends on the type of service you are taking from us.
- Sensitive personal data, includes information relating to your health. We only collect and use this information where it is necessary to provide a product or service that you have requested or to comply with our legal obligations. In the case of special category or sensitive and children’s personal data, we require explicit consent from a legal guardian to store and process their data.
How we collect your data
We collect personal information directly from you through a variety of means, including:
- meetings with one of our financial advisers
- phone conversations with us
- emails or letters you send to us
- an application form for a product or service
- registering for one of our seminars or events
- completing forms on our website
- through the use of website cookies (some of which are installed via third party providers).
A cookie is a text-only string of information that a website transfers to your browser so that the website can remember who you are. Cookies in themselves contain no personal information: they typically consist of the name of the domain from which the cookie has come, a value (such as a unique, randomly generated number) and an expiry time (after which they are deleted automatically).
Can I disable cookies?
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use certain tools or services if cookies are disabled.
How and why we use your data
We only ever use your data where:
- we need to in order to perform our contract with you;
- we have a legitimate business interest in doing so, which is not overridden by your right to privacy (which you have the right to object to);
- we have a legal obligation to do so;
- you have given your explicit consent for a specific purpose (which you may withdraw at any time).
For our clients, the use of your information may be required in order to fulfil our contractual or regulatory obligations. Therefore, if you do not provide this information or restrict our use of it then we may not be able to provide certain services to you.
Your data may be shared between the EQ group of companies and is used to administer the services we offer, to provide personalised financial advice (where offered), to enable consolidated reporting of your personal wealth and to inform you of research or services you may be interested in.
Sharing your data
We treat all personal data as confidential. We only disclose details to third parties outside of the EQ group of companies in the following situations, subject to applicable data protection law:
- Companies we have chosen to help us deliver the products and services we offer, including investment platforms, insurance product providers and email marketing tools.
- Agencies that we use to verify your identity and conduct anti-money laundering checks. We also make checks with organisations with whom you have insurance policies and investments.
- Your employer (in the case of corporate clients only).
- HM Revenue & Customs (HMRC), including for the processing of tax relief on pension payments or the prevention of tax avoidance
- Our regulators, including the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO).
- Law enforcement agencies for the detection and prevention of crime.
We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Storing and processing your data
Your personal information will be stored on systems owned or operated by EQ or those of our specific suppliers. The majority of this information is processed in the UK and European Economic Area (EEA). However, some of your information may be processed by us or the third parties we work with outside of the EEA, including countries such as the United States.
Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
Your information will be stored on our secured systems in accordance with EQ’s Data Protection Policy. Where your information is stored in countries outside the EEA or an approved country we will ensure it is protected by encryption during transmission.
We will only store your data for as long as is necessary for the purposes for which it was provided. What this means in practice will vary between different types of information. When determining the period for retaining your data, we take into account factors including:
- whether there are any existing obligations we may owe you or you may owe us;
- whether you require any follow-up communications;
- the likelihood for potential or actual disputes;
- legal obligation(s) under applicable law to retain data for a certain period of time; and
- guidelines issued by relevant data protection authorities.
In accordance with legal and regulatory requirements, this may mean that we retain your information for a number of years following the termination of your relationship with us.
In certain situations we may be required by the FCA to retain records indefinitely.
Keeping your data secure
Your information is protected by controls designed to minimise against loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake regular training on this.
If a data breach does occur we will endeavour to report this to the ICO and yourselves within 72 hours of identification of the breach.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.
Understanding your rights
You have several rights in relation to how we use your personal data. They are:
Right to be informed
Right of access
You have the right of access to your personal data. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request.
Right to request that your personal data be rectified
If your information is inaccurate or incomplete, you can request that it is corrected.
Right to request erasure
You can ask for your information to be deleted or removed if there is not a compelling reason for EQ to continue to have it.
Right to restrict processing
You can ask that we block or suppress the processing of your personal data for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.
Right to object
You can object to EQ processing your personal information where: it’s based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.
Rights related to automatic decision making including profiling
You have the right to ask EQ to:
- give you information about its processing of your personal information
- request human intervention or challenge a decision where processing is done solely by automated processes
- carry out regular checks to make sure that our automated decision making and profiling processes are working as they should.
Accessing your information
You have a right to obtain a copy of the personal information that we hold about you: this will be collated and distributed to you within 30 days of a formal data request being made.
If you believe that any information held is incorrect or incomplete, you should contact our Data Protection Officer at our usual address. Any information that is found to be incorrect or incomplete will be amended promptly.
If you have any questions or concerns about our use of your personal information or wish to request a copy of the personal data we hold about you please contact:
The Data Protection Officer (DPO)
100 Lower Thames Street