Ashcroft Financial Solutions Ltd – Privacy Notice
This explains what you should expect from us, why and how we will use your personal data and whether we intend to share it with anyone.
2. Data Controllers and Processors
Ashcroft Financial Solutions Ltd is the data controller, unless we state otherwise. We are also the data processor, unless we tell you otherwise.
You can contact us by e-mail at email@example.com, by phone (01302 496300) or by post to the Data Protection Officer, Ashcroft Financial Solutions Ltd, Gresley House, Ten Pound Walk. Doncaster, DN4 5HX. Our Data Protection Officer is Mark Blanchfield.
3. Processing Personal Data
Most of the data we process is provided by you as part of our discussions about your circumstances.
We get limited data from Companies within our Group or third parties (normally your name, contact details and basic information about your current pension) if you have enquired about pensions, or annuities.
If you’re applying for a job with us, we’ll tell you how we use your information in a separate note which we’ll send as part of any application, you can request this using any of the methods above.
3.1. What data we collect
• Information about you (e.g. name, date of birth, gender, address)
• Health data (e.g. height, weight, smoking status and where applicable medical conditions)
• Financial Data (e.g. pension size, property value, income and outgoings)
• Historical or Social data (e.g. “soft” information about you, your objectives, employment history if you are a job applicant)
• Contact details (e.g. phone number, e-mail)
• Technical data (IP address, device type etc)
This data is processed in the following ways:
3.2. What we do with your data
We use data to deal with your enquiry, provide illustrations and process applications, analyse the effectiveness of our processes and systems, and communicate with you where there are legitimate interests to do so.
What We Do What data and why
Contact you to fulfil an enquiry
We’ll use any data you share with us to make sure we can answer questions, provide illustrations.
We need personal data to provide you with personalised illustrations. This might include health data, we’ll ask for your consent and explain why we need that before we take any special category data.
We use a third party (IRESS) to provide illustrations, so we share information about you to generate illustrations. We may use a third party to post these illustrations to you.
If you choose to apply for a product we will use the information you have given us to fulfil that application.
This means any info you provide will be shared with a 3rd party (the provider you choose), and for pensions your old provider, you will give your consent before an application is made.
When we process an application we are required to check your identity, this involves sharing data with Lexis Nexus.
Administer our sites, analyse effectiveness of our sites
We need to understand where and how our sites are accessed to make sure they work for you.
Analyse our customer journey and processes
We use technical and personal data to understand what we can do to improve things for our customers.
Marketing activity (either online, or solicited direct marketing)
We use personal and technical data to keep you up to date about services relevant to the enquiry you make. You can opt out of marketing at any time.
This data will be held electronically on secure servers, only for as long as it’s needed (see section 5 – How long do we keep your data?).
We don’t make any decisions by “automated processing”, a person always has the final say.
We record all our calls to monitor our service, keep records of what we have agreed and to cut down on paperwork.
3.3. Phone, e-mail or letter?
We do what we can over the phone and e-mail, because it’s instant and efficient. We don’t like sending too much information by e-mail, especially when it relates to your personal information: it’s encrypted when it leaves us but e-mail isn’t the most secure way of communicating, please bear that in mind if that’s how you want to communicate with us.
There are some things we like to send out by letter to make sure you have a permanent “hard copy”.
Cookies are used by us to work out how many unique users we get to our sites, recognise if a user has visited us before, and log information about your device to allow us to track website usage and resolve problems. We use Google Analytics to gather statistics on site usage, Google may aggregate data they receive and we have no control over their data collection.
We also use them to customise the website to mobile / tablet / desktop users, and track how effective our advertising has been (by recording which links etc got you to us in the first place)
4. Transferring Data to 3rd Parties – Overview
We will only transfer data to 3rd parties:
• When it is necessary to fulfil your enquiry or application
• When you request us to
• When we have to by law (e.g. to verify you or if we are required to inform any regulator / ombudsman / government agency)
• If we buy or sell any business or assets.
• For our legitimate interests (for example, identifying customers to our advertisers to tailor our advertisements (your data is not used by them in any other way), or sharing customer data with Trustpilot)
If for any reason we transfer your data outside the European Economic Area (for example if a supplier’s servers are held overseas) we make sure appropriate protection is in place.
5. How Long Do We Keep your Data?
Pensions and Equity Release are long term products, so if you make an application with us we keep the data we used to assess suitability indefinitely.
Where you have not made an application with us, but we hold some personal data, we conduct an annual review to establish if we still need that data, we delete data if we no longer need it. You can of course ask us to delete any information we do not need at any time (see section 6 below).
6. Your rights
You have rights around what happens to your personal data:
• Right of access – we will supply a copy of your personal data on request, you can contact us at firstname.lastname@example.org
• Right to rectification – if you think we have something wrong, you can tell us and we’ll put it right
• Right to erasure – you can ask us to delete personal data, because you don’t want us to hold it any more. Please note if you have made an application with us there are certain things we have to keep to comply with law or regulation. We’ll tell you if there’s anything we can’t delete, and why.
• Right to restriction of processing – if you think we are handling your data inappropriately, but you still want us to retain it, you can ask us to restrict what we do with it.
• Right to data portability – you can ask us to transfer any data we hold about you to someone else
The Information Commissioner’s Office has more information about each of these rights here.