ASFC LLP takes the directives of the General Data Protection Regulation (GDPR) very seriously. Please see below our guidelines on client data.
Incoming Phone Calls
ASFC LLP never gives out personal data by phone without being sure whom we are speaking to and that the individual or company has the consent of the client to receive that data.
The GDPR includes the following rights for individuals:The right to be informed: Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
ASFC LLP (the company) collects data about a client from the client themselves and any other person the clients give their explicit consent to. The company then stores this data on a number of systems, including CRM programmes as well as protection, pension, and investment platforms. The data is only used to make financial plan recommendations and is never given to a 3rd party for marketing purposes. Full data is only ever passed to a 3rd party with explicit consent from the client to make an application to a specific investment, pension, or protection provider. However, we may need to send some client data without explicit consent, at the beginning of our research process to check that they meet certain providers’ requirements and to obtain generic quotes or terms.
A list of these providers as well as their privacy notices is available on request.
We may also pass client data to AS Financial if a client requires a mortgage, or to Black Frame Consulting if they require bookkeeping services. These companies are part of the Atlantic Swiss Group and data will only ever be passed to them without a client’s explicit consent, for research and quoting purposes but never for marketing. However, if a client is referred to AS Financial for a mortgage, they may be contacted by AS Financial when their mortgage fixed rate is due to expire or regarding financial protection products, irrelevant of whether their mortgage application was completed or not.
The right of access: Individuals have the right to access their personal data.
- This is commonly referred to as subject access.
- Individuals can make a subject access request verbally or in writing.
- We have one month to respond to a request.
- We cannot charge a fee to deal with a request in most circumstances.
Any Subject Access request will be escalated to Saul Conway (the Data Protection Officer)
The right to rectification: The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
ASFC LLP prides itself on its accuracy of data. This is an ongoing process and part of our daily duties.
The right to erasure: The GDPR introduces a right for individuals to have personal data erased.
- The right to erasure is also known as ‘the right to be forgotten’.
- Individuals can make a request for erasure verbally or in writing.
- You have one month to respond to a request.
- The right is not absolute and only applies in certain circumstances.
The Financial Ombudsman states the following about complaints;
Time limits apply to making a complaint. So it’s best to take action as soon as you realise there’s a problem – or decide you’re unhappy with the business’s response.
We might not be able to help if:
- what you’re complaining about happened more than six years ago and
- you complain more than three years from when you became aware (or should reasonably have become aware) that you had a reason to complain.
Due to FCA regulatory purposes and potential complaints that can be realised at any point, we do not give clients the right to be forgotten. Nonetheless, any client has the right to opt out of all communication from us and for their data to be archived so only senior individuals can access it.
However, if a person has only ever had initial contact with us (a lead) and has not signed our client agreement, they may fully exercise their right to be forgotten.
The right to restrict processing: Individuals have the right to request the restriction or suppression of their personal data.
- This is not an absolute right and only applies in certain circumstances.
- When processing is restricted, you are permitted to store personal data, but not use it.
To give advice and implement investment, pension, and protection applications for clients, ASFC LLP cannot have restrictions on the data it passes on. As a professional independent financial advisory service, ASFC LLP must be transparent and act with integrity with both the client and the investment, pension, or protection providers. Therefore, we must pass on all relevant data when making applications.
The right to data portability: The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
- It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
All requests in this area will be escalated straight to Saul Conway (the Data Protection Officer)
The right to object: The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
- Individuals have an absolute right to stop their data from being used for direct marketing.
- In other cases where the right to object applies you may be able to continue processing if you can show that you have a compelling reason for doing so.
- You must tell individuals about their right to object.
As a professional firm, should you wish for us to stop processing your data, the company will cease all processing and cancel all applications.
The right not to be subject to automated decision-making, including profiling. The GDPR has provisions on:
- Automated individual decision-making (making a decision solely by automated means without any human involvement); and
- Profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
- You can only carry out this type of decision-making where the decision is:
- Necessary for the entry into or performance of a contract; or
- Authorised by Union or Member state law applicable to the controller; or
- Based on the individual’s explicit consent.
Some financial protection and pension applications have an element of automatic decision-making. However, in most cases, we are able to refer your application to manual underwriting if needed. This will be explained to you and your explicit consent will be received before going through this process.
Name: Saul Conway
Position: Data Protection Officer (DPO)
Postal address: Atlantic Swiss, 10-16 Elm Street, London, WC1X 0BJ
Telephone: 03706 260 250
Fax: 03706 260 255