privacy notice

Introduction

This notice provides you with information concerning our collection and use of personal data. If you have any queries regarding this statement, please do not hesitate to contact us.

Legal basis

We collect, control and process your personal information because this is necessary to provide you with information requested, answer any queries you may have and for the provision of our services to you. Contractual necessity is therefore the lawful basis for collecting, controlling and processing your personal details and those of your employees and service providers other than sensitive or special category personal data for which we require individual consent unless we are using the data for insurance underwriting purposes. Where we are advising on or arranging insurances, investment bonds, pensions or other insurance based products, we need to collect and potentially share such information with providers.

Sensitive personal data:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data
  • Data concerning health
  • Data concerning sex life or sexual orientation

We would discuss with you the need for the provision of sensitive data before you provide this information. The subsequent provision of sensitive personal data will be taken as consent to this processing.

It is entirely up to you as to whether or not you choose to provide us with any personal information. If you choose not to, we simply may not be able to assist you.

We do not use your personal data for marketing purposes nor will we share your data with any other organisation for marketing purposes.

What data we collect & what we do with it

In order to provide financial/insurance advisory services, we will obtain personal information from you concerning your finances, circumstances, objectives and other relevant details. We will collect, store and process this information.

Completing our Data Capture Form

Once you complete the Data Capture Form, your data will be stored with Plannr and will be protected by single-factor authentication (SFA). You will require a PIN to access the data capture form which has been set up for your safety and security. Plannr has taken appropriate action to ensure your data is secure and is required to let you know of any breaches. Their privacy policy can be accessed here.

Completing our Attitude to Risk Questionnaire

Once you have completed our Attitude to Risk Questionnaire via Timeline, your responses will then be stored and protected by single-factor authentication (SFA) and require an individual username and password.

What we will do with your data

Once your data has been processed, it will be transferred to Google Drive, a file- hosting system. Google Drive files at rest are encrypted using 256-bit Advanced Encryption Standard (AES).

Where communications are ongoing, we will store your details within our Google Drive and Plannr accounts.

E-support updates

We will store your name and email address with a data processor (Mailchimp), to enable us to communicate service updates to you.

Our communication with you

We will generally communicate with you via email. This will be via Gmail, which is again protected by single-factor authentication (SFA).

Communication between staff

Alongside emails through Gmail, staff members will also communicate with each other  through WhatsApp, which is protected by end-to-end encryption.

Sharing your data

In the course of our work with you, we will share your personal data with product and service providers; we may also share you data with compliance monitoring and support organisations and regulatory bodies who are also ‘Data Controllers’ and registered with a supervisory authority in the EU unless otherwise indicated.

We also use external data processors that will hold information for the following purposes:

  • Secure file sharing
  • Data backup
  • Dissemination of information
  • Record keeping
  • Compliance monitoring

Otherwise, we will not share your personal information with other companies without your express authority except if the firm is sold or where we are required to do so by law.

Cross-border transfer

All our data processing takes place within EU jurisdiction. Should any processor hold any data on our behalf outside of the EU, we will take steps to ensure that it is held in a satisfactory jurisdiction. In the case of the US, we will ensure that the EU-US Privacy Shield applies.

Cookies

A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tell a web site when the user has returned.

Click here to find out more about cookies.

This website uses a web analytics service provided by Google, Inc. (‘Google’). Cookies are used to collect information about how visitors use our site; they do not contain any personal information.

We use the information to compile reports and to help us improve the site and user experience. Google Analytics uses first-party cookies to track visitor interactions. These cookies are used to store information, such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to the web page.

For more information regarding Google Analytics and your data privacy, click here.

It is possible to opt out of Google Analytics tracking on all websites you visit by installing an add-on to your browser.

The Google Analytics Opt-out Browser Add-on is available for Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari and Opera. The add-on can be downloaded here.

Marketing

The information we collect about you is used solely for the purposes for which it was provided. We will never use your data or share it for marketing purposes.

If we have collected information from you for marketing purposes, we will inform you and specifically gain your consent.

Retention

We will keep your personal data throughout our business relationship. At the end of any contractual relationship, we are required to continue to hold personal data under current legislation for varying periods and, in some circumstances, indefinitely. We may also consider it necessary to keep data beyond these timescales in order to defend any future legal action. Where we no longer need regular access to your data, we will transfer your data to a secure archive in order to avoid any unnecessary processing.

Your rights

Under data protection law, you have the right to ask us for a copy of the information we hold about you, and to have any inaccuracies corrected or removed. You may also ask us to delete all personal data held by us or any controller or processor with which we have shared your data.

To do this, please either contact us in writing, by telephone or email.

Complaints

The UK Information Commissioner’s Office is our supervising authority where you can refer any complaints about data protection. Click here for more information.

Where we store your Personal Data

All the data that we collect is stored on our encrypted server or back-up drives in the UK or with our listed processors under contract.

Contact

For any queries about data protection, please contact:

Contact name: Ben Baldwin
Address: 23-25 Foxes Bridges Road, Cinderford, Gloucestershire, GL14 2PQ
Telephone: 01594 729729
Web: stemfinancial.co.uk
Email: hello@stemfinancial.co.uk

"And when you start putting some rainy-day money aside, you'll understand that it isn't "doing nothing." It's letting you sleep at night."

- Shannon Lee Simmons