Privacy Policy

Introduction

At Green Financial, as an independent financial planner, protection and sensitive handling of client data has always been a core part of our operation since inception.

We never have and never will, use your information for any other purpose than to provide you with financial planning services and advice or to send you personal items (eg newsletters and birthday cards).

We can assure you that your information never has and will not be disclosed to other parties except organisations requiring access to such information for regulatory purposes, representatives of our compliance advisers or our own purposes in contacting you as part of our services.

Information will only be sent where we feel it to be appropriate.

A few words on Data Protection

The information you have provided to us is subject to the General Data Protection Regulation (Regulation (EU) 2016/679). (GDPR)

The lawful basis which Green Financial and companies associated with us utilise to process your data is for the legal purpose of providing you with Financial Advice and Planning.

Your data will be used for the sole purpose of providing financial advice, administration and management.

Green Financial are both Data Processors and Data Controllers:

“Processing” includes obtaining, recording or holding information or data, transferring it to other companies associated with us, such as product providers, the FCA or any other statutory, governmental or regulatory body for legitimate purposes including, where relevant, to solicitors and carrying out operations on the information or data.

In order to provide services to you we may be required to pass your personal information to parties located outside of the European Economic Area (EEA) in countries that do not have Data Protection Laws equivalent to those in the UK. Where this is the case we will take reasonable steps to ensure the privacy of your information.

The information provided may also contain sensitive personal data for the purposes of the Act, including information that relates to your physical or mental health or condition; the committing or alleged committing of any offence by you; any proceedings for an offence committed or alleged to have been committed by you, including the outcome or sentence in such proceedings.

If at any time, you wish for us to delete and stop processing your personal data or sensitive personal data, please contact Ian Green, who fulfils the functions of the data protection officer, on 0208 877 7890 or in writing at:

Green Financial
Bective House,
10 Bective Place
London
SW15 2PZ

You may be assured that we will treat all personal data and sensitive personal data as confidential and will not process it other than for a legitimate purpose associated with the service we will provide you. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary.

If we provide you with financial advice, your data will be kept in accordance with FCA regulatory expectations, which in some cases may mean the duration could be indefinite.

Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the data.

Subject to certain exceptions, you are entitled to have access to your personal and sensitive personal data that is held by us.

You will not be charged for us supplying you with such data, however we do reserve the right to apply a ‘reasonable fee’ where requests are deemed excessive.

We will respond to your request as soon as possible and within the maximum time frame of one month.

A few words on Data Processing

• Your data will be lawfully and fairly processed in a transparent manner.
  
• Your data is collected on the grounds of explicit and legitimate purposes only.
  
• We will only ask for your data when necessary, explain if data will be shared and how long it will be kept.
  
• Your data will be accurate, kept up to date and erased, without delay, should your data no longer be required for the purposes to be processed.
  
• Your data will only be retained for as long as is necessary.
  
• Your data will be secure.

Occasionally, we may send you communications including newsletters, birthday and seasonal cards via email or other electronic media, telephone or the post.

Our Privacy Policy below contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.

We may need to make changes to our Privacy Policy; so please check our website for updates from time to time. If there are important changes such as changes to where or how your personal data will be processed; we will contact you to let you know.

This version of our Privacy Policy was last updated May 17th 2018.

Privacy Policy

Terms and Disclosure

1. Who we are

When we say ‘we’ or ‘us’ in this notice we’re referring to Green Financial.

Green Financial is a ‘generic’ term we use to describe our services and is your main point of contact for both of our companies. We have two companies who sit underneath this term.  Within Green Financial the following firms will process information to provide your products and services:

Green Financial Advice Limited is authorised and regulated by the Financial Conduct Authority, number 523308.
Registered in England and Wales number 7224594.
Green Legal and Financial Consultancy Limited is Registered in England and Wales number 7168027.

In simple terms, Green Financial Advice provides all services that are authorised and regulated by the Financial Conduct Authority. Examples would be personalised, specific financial advice, and product recommendation advice, such as pensions, investments and insurance.
Green Legal & Financial Consultancy provides services not covered by the Financial Conduct Authority, such as generic data provision, Wills and Trusts.
There is more detail here: www.iangreen.com/GFdifference

2. What kinds of personal information do we hold about you?

We may collect and process the following:
information about you – for example name, age, gender, date of birth, nationality.  We need this information to help us identify you, but also to allow us to contact you at the right time - such as when you’re approaching the end of your policy term.
government identifiers – for example identification document (driving license, passport) information and National Insurance number. 
contact information - for example email, address, postcode and phone number.
online information – at the time of writing (May 2018) we do NOT collect cookies, but we may need to change this in the future if rules insist we do - for example cookies and IP address (your computer’s internet address), if you use our website.
financial information – for example salary and bank account details for any payments you make to financial products or payments from your investments back out to you. 
transaction data - may include details about payments between us and other details of transactions requested by you.
technical data - may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
profile data may include your username and password for certain systems, your interests, preferences, feedback and survey responses.

Please note that we do not collect cookie data on our website

audio or video recordings – At the time of writing (May 2018) we do NOT record calls, but we may need to change this in the future - for example voice recording when you contact us. Calls may then be recorded for use in providing you with our services or for training and monitoring purposes to help us continually improve our client service and also to protect you and your information.
contractual information – for example details about your services, products and benefits
socio-demographic information – for example your education and where you sit within the UK’s social and income groups
family & beneficiaries information – for example marital status, next of kin or nominated beneficiaries. 
health information such as smoker status or medical related issues relevant to your financial advice.

Sensitive Data

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic and biometric data. We do not collect any information about criminal convictions and offences.

When we collect your information, we’ll let you know if any of it is optional. If it is, we’ll explain why it would be useful to us, and you can decide whether it’s something you’re happy for us to have. 

3. How we use your personal information?

We use any information we obtain directly from you or your existing product providers for a number of reasons: 
• setting up and administering a policy or the service we provide to you
• completing any requests or claims you make
• verifying your identity and preventing fraud
• researching your opinion and exploring new ways to meet your financial planning needs
• assessing and developing our services, systems, fees and brand
• fulfilling any legal or regulatory obligations
• sending you marketing information

We can assure you that your information will not be disclosed to other parties except other businesses in the Green Financial group, representatives of our compliance advisers, our auditors and any organisation requiring access to such information for regulatory purposes.

We never have and never will, use your information for any other purpose than to provide you with financial services or advice or to send you personal items such as newsletters and birthday cards. Information will only be sent where we feel it to be appropriate.

4. Where do we get your information from?

Most of the information we receive comes directly from you or your existing product provider if you have one.  You may provide data by filling in forms on our website (or other software) or by communicating with us by post, phone, email or otherwise. We may also get personal information about you from other sources: 
tracing companies - if we lose touch with you, we may source information such as contact details so we can get in touch and remind you about your service provision.
medical professionals – but only when it is necessary to apply for insurance or to support an ill health or death claim and we only ever get ‘administration information’, not medical information.
An online electronic ID check agency - so we can check your identity in line with financial services rules and regulations when we take on a new client or review an existing client, or help/facilitate an investment of money.
introducers - We may be provided with information by organisations that introduce you to us when you have shown an interest in one of our services, for example your accountant or solicitor.

5. What are our legal grounds for using your personal information?

Data Protection gives organisations a number of different conditions to allow us to process your information lawfully. 
We’ll only use your personal information when one of these conditions has been satisfied.  Below you can see how we use your information and the legal grounds for processing this: 

Lawful Basis

We take your privacy very seriously and will only use your personal information and data to administer the services we have agreed to provide you with, including but not limited to any products or contracts; typically investments, pensions, and life and health cover.

We process your personal information under the lawful basis of legal purpose. Your personal information may be processed when we receive your consent to provide you with Financial Advice Services.

The consent you provide must be freely given, informed, specific, unambiguous and be given with a positive affirmative action. We usually obtain this by asking you to sign a document stating as much.

Your consent for us to act as your Financial Adviser can be withdrawn at any time.

While you are a client of Green Financial our processing of your data is necessary for the performance of our services, products or contracts.
The personal information you provide or that of a joint party to the contract may be processed when it is necessary in order to enter into or perform a contract. E.g. where we process your information to assess your application or to provide your service.

Setting up and administering your policy or service

This includes matters such as:

• processing your application
  
• managing any changes of personal details i.e. change of address or name
  
• responding to queries or complaints
  
• managing your funds and deciding what your funds are invested in / what options are available.
  
• keeping you updated about your policy, such as sending you regular statements

Completing any requests or claims you make

This includes matters such as:

• paying a lump sum 
  
• paying a regular income  
  
• changing your cover
  
• changing the terms of your policy and who is covered
  
• processing a claim in the unfortunate event of your ill health.

If we lose touch

We may source information such as contact details so we can get in contact and tell you about your product or service.  

Necessary for compliance with a legal obligation

Your personal information may be processed where Green Financial has a legal obligation to perform such processing. eg where we must share information with our regulators or the courts.

Verifying your identity and preventing fraud

We verify your identity when you decide to work with us. We normally need copies of your identification documents, or identification numbers for example passport or driving licence number. This is to make sure we meet our obligations with anti-money laundering or other laws.
This isn’t a credit check and doesn’t affect your credit rating.

Fulfilling any other legal or regulatory obligations

These will vary according to the nature of your service or product you have taken out. For example we may need to provide yearly statements as required by the Financial Conduct Authority or the Pensions Regulator.

Necessary for an insurance product

The UK laws that will bring GDPR into effect give legal grounds for processing your medical information in connection with an insurance product.

We’ll obtain medical information about you from you, by filling in a data collection form (it might be paper, it might be online) and/or an application form from an insurance company if it’s needed for underwriting your policy or for claims assessment, and where you’ve provided your permission under the Access to Medical Reports Act.  We’ll also obtain information from your family, executors of your Will or next of kin in the event of a death claim.

Use of your information – Legitimate Interests

Assessing and developing our products, systems, prices and brand

Our services are developed with a particular set of client needs in mind.  In order to make sure your service or policy is still suitable for you and is working as we intended, we combine your information with other clients’ to analyse and segment it.   

As a regulatory requirement, to make sure we meet FCA capital adequacy rules, we also combine your investment information with other clients’ to assess how much money we need to have available at any time. 

We need to be able to identify groups of clients who might be interested in any new products or services we’re considering.
We need to develop those products and services, and make sure our fees and charges are fair.
We need to make sure we’re treating you fairly and check your service or policy remains suitable for you.
We need to make sure we’re looking after your money (even though, we do not hold your money ourselves).

We need to make sure our products are suitable for the intended audience.
We need to see how many categories of clients we have and to tailor our products and services accordingly.
We need to make sure our communications are easy to understand and that our services are being purchased by the correct audience.
We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.

6. Who do we share your personal information with?

As you’d expect, our employees will access your records in order to use your information for the uses mentioned above.  However, only those employees who need access to particular information are given it. For example, our client service and administration staff need access to your policy details to support you when you get in contact, and our research team will need access to a subset of your information to perform their analysis.  We regularly check who has access to our systems.

We may also share your personal information with these categories of third parties:

• Our service providers and agents e.g. providers of investment ‘platform or ‘wrap’ technology who administer some of our policies, our providers of back office software, mailing houses for printing, offsite storage companies, confidential waste disposal and IT companies who support our technology.
  
• Our professional advisers: auditors; insurance companies, investment and pension companies; and legal advisers;
  
• Our independent panel of providers who help us to provide quotes and services for you
  
• Identity authentication and fraud prevention agencies.
  
• HM Revenue & Customs, regulators such as the Financial Conduct Authority and other authorities like the Information Commissioner’s Office.
  
• UK Financial Services Compensation Scheme.
  
• Your existing product provider(s) where you have given your authority;
  
• Organisations that introduce you to us;
  
• Anti Money laundering software to confirm your ID
  
• Direct debit (DD) scheme - if you use DDs
  
• Companies you ask us to share your information with.

7. Overseas Transfers

We always try to use local service providers where possible. We sometimes use third parties located in other countries to provide support services.  As a result, your personal information may be processed in countries outside the European Economic Area (EEA). 

These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements.  Some countries have been assessed by the EU as being ‘adequate’, which means their legal system offers a level of protection for personal information which is equal to the EU’s protection.   Where the country hasn’t been assessed as adequate, the method we have chosen is standard contractual clauses.

The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights and we’ll use these where required ensuring adequate protection for your information.
An example would be our use of ‘dropbox’ software for internal file sharing.

We always ensure all personal information is provided with adequate protection and all transfers of personal information outside the EEA are done via companies and services that do so lawfully.  

8. Security

Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.

9. How long do we keep personal information for?

In the absence of specific legal, regulatory or contractual requirements we’ll keep your personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve keeping your information for a reasonable period of time after your service, policy, plan or your relationship with us has ended.

In some circumstances we may retain your information for longer, for example we are required by the Financial Conduct Authority to keep some transaction and policy information for a certain number of years and some pension information indefinitely. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.

Do we make solely automated decisions about you or profile you?

No. Automated decisions are where a computer makes a decision about you without a person being involved.  We do NOT do this.
Automated Profiling of customers - means a company makes assumptions about you to process your data. We do NOT do this.

Vulnerability

The Financial Conduct Authority defines a vulnerable consumer as someone who, due to their personal circumstances, is especially likely to experience disadvantage.  Many people may be vulnerable at some point in their life, for example after an accident, a bereavement or as part of the aging process. We need to make sure we can identify who these clients are and support them.

For example, we may provide additional information on our statements where, for whatever reason, we suspect our client might be less financially capable or less engaged in financial matters.

If we consider you to be vulnerable we keep a note against your records, so we can tailor our communications to suit you.  Before we do this we’ll assess if this is fair.

12 What are my rights?

Your rights are outlined below. The easiest way to exercise any of your rights would be to contact Ian Green, who fulfils the duties of a Data Protection Officer at the contact details provided. We’ll provide a response within 30 days, if not sooner.  There’s normally no charge for exercising any of your rights.

Accessing your personal information

You have the right to find out what personal information we hold about you, in many circumstances.
Correcting or adding to your personal information
If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information.

Data portability

In some circumstances you can ask us to send an electronic copy of the personal information you have provided to us, either to you or to another organisation.

Objecting to the use of your personal information for legitimate interests

You also have the right to object to any processing done under legitimate interests.  We’ll re-assess the balance between our interests and yours, considering your particular circumstances.  If we have a compelling reason we may still continue to use your information.

Objecting to direct marketing

You have a specific right to object to our use of your information for direct marketing purposes. However, we do not carry out any direct marketing.

Restricting the use of your personal information

If you are uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved.  We will let you know the outcome before we take any further action in relation to this information. 

Right to Erasure

You can ask us to delete your personal information in some circumstances, such as if our work together has ended and we do not need to keep your information for legal or regulatory reasons. 

13. Right to complain to the supervisory authority

If you’re unhappy with how we’re using your information, you have the right to complain to the Information Commissioner’s Office.  We’d encourage you to contact us first, so we can deal with your concerns.
The Information Commissioner’s Office can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF and there is further information here: https://ico.org.uk/your-data-matters/raising-concerns/

14. Changes to our Privacy Notice

Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review.  We’ll update our notice as changes are required.

15. Contact us about GDPR

If you have any questions or comments regarding this privacy notice, or if you’re not happy with the way Green Financial uses your information, please contact us using the details below.

If at any time, you wish for us to delete and stop processing your personal data or sensitive personal data, please contact Ian Green who fulfils the duties of a Data Protection Officer on 0208 877 7890 or in writing at:

Green Financial
Bective House,
10 Bective Place
London
SW15 2PZ

or
Email: iangreen@iangreen.com