This privacy notice explains how at Cambridge Financial Advisers (CFA) we use any personal information we collect about you, and complies with the EU General Data Protection Regulation 2018 (‘GDPR’) and UK Data Protection Act 1988 (‘DPA’).
What information do we collect about you?
We collect information about you when you engage us for wealth management or financial planning services. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us.
Why do we need to collect and use your personal data?
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to carry out the services that you require from us. Without collecting your personal data we would also be unable to fulfil our legal and regulatory obligations.
Where special category data is required, we will obtain your explicit consent in order to collect and process this information.
How will we use the information about our clients?
We collect information about you in order to provide you with the services for which you engage us, as detailed in our Terms of Business and our other compliance documents.
Where we are being provided information on behalf of another individual, i.e. when a client provides us with the personal data of their spouse, child, power of attorney, etc, we will assume that they have the other individual’s permission to do so and that they will share this Privacy Notice with them.
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, as well as custodians, product and platform providers that we use to arrange financial products for you.
Where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.
Where it is necessary for your personal data to be forwarded to a third party we will use appropriate security measures to protect your personal data in transit.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
Where your assets are held in a third country (outside of EU) we will share your personal information for the purpose of contractual reason.
How long do we keep hold of your information?
We will retain your personal data for as long as permitted and required by law. In any case, we will not retain your personal data for longer than 10 years past the notification of the time of your death. However, we are subject to regulatory requirements to retain data for specified minimum periods. We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us.
You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests, as noted above.
How can I access the information you hold about me?
You have the right to request a copy of the information that we hold about you. If you would like to request a copy of some or all of your personal information please email or write to our Data Protection Manager using the contact details noted below.
We will have one month to provide you with the information (two months in case of complex or numerous requests). We are obliged to verify your identity for this request.
We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.
What can you do if you are unhappy with how your personal data is processed?
You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:
Information Commissioner’s Office
0303 123 1113 (local rate)
How to contact us