Harding Financial Ltd Fair Processing Notice

The General Data Protection Regulation (GDPR) protects the rights of individuals by setting out certain rules as to what organisations can and cannot do with information about people. A key element to this is the principle to process individuals’ data lawfully and fairly. In order to meet the fairness part of this we need to provide information on how we process personal data.


For the purpose of this document, the word process shall serve to mean all elements of the data life-cycle from generation and/or collection through processing, storage, management, analysis, sharing and destruction.

This Fair Processing Notice satisfies this element of legislation and is designed to highlight the areas of Data Protection which may be of particular concern to prospective clients, prospective staff, prospective suppliers and others accessing or using our pre-contractual services by way of channels including email, telephone and our publicly accessible websites including www.hardingfinancial.co.uk, as well as clients, staff, suppliers and others that Harding Financial Ltd has formed a contractual relationship with.

This Fair Processing Notice is designed to help those people understand how information about them will be used. It will also provide guidance on an individual’s data rights and how to make a complaint to the Information Commissioner’s Office (ICO), the regulator for data protection in the UK.


More widely, Harding Financial Ltd is committed to meeting the entirety of its responsibilities to current and former staff under the General Data Protection Regulation (GDPR) and other related legislation, taking these matters very seriously. We will always ensure that personal data is collected, handled, stored, shared, retained and disposed of in a secure manner.


For the purpose of data protection, Harding Financial Ltd is the recognised ‘controller’ of the data we reference below, and Harding Financial Ltd makes a Data Protection Officer available to data subjects, who can be contacted about any of the content held herein via:


Postal Address:

Data Protection Officer
Harding Financial Ltd
The Estate Yard
East Shalford Lane
Guildford
Surrey
GU4 8AE
United Kingdom


Telephone: +44 (0) 1483 80 20 10

Email: [email protected]
Please mark all emails for the attention of the Data Protection Officer.


The legal basis by which we will process and may have already processed data about data subjects:

When we process data about data subjects, we have to observe the requirements of the General Data Protection Regulation (GDPR).

Under the General Data Protection Regulation, our legal bases for processing information about data subjects will be that processing is necessary for one of these reasons:

  • With data subjects’ consent, we may process data about data subjects on a pre-contractual basis, for example in order to deal with a prospective business enquiry that data subjects have made in written or verbal form. Such consent will be collected by us using the same platform and/or medium by which the data subject’s enquiry was made. You may withdraw that consent at any time and you may do so by contacting us using the details, below.

  • We may process data about data subjects in order to form and/or execute a contract, either because data subjects have asked us to take specific steps before entering into or during a contract, and/or because an executed contract otherwise sets out that we should do so.

  • We may sometimes process data in the exercise of official authority vested in us or the public interest, for instance to assist with anti-money laundering efforts.

  • We may process data about data subjects in order to satisfy a legal obligation, for instance, an order that we may receive from a court of law that has jurisdiction over that data and/or an organisation that can provide evidence of a legal entitlement to that data.

  • In rare circumstances, we may process data about data subjects for the reason that it is either in the legitimate interest of the data subject or another person for protecting their finances (for example sharing information with fraud prevention services), or because it is in the vital interest of the data subject or another person for the purpose of protecting life (for example sharing information with emergency services if you were to fall ill during the course of us communicating or meeting with you).

If data subjects gave Harding Financial Ltd data before May 25th 2018 (the date on which GDPR came into effect), it is important for data subjects to remember that data subjects’ personal data was already protected another way, by way of The Data Protection Act (The DPA). The DPA established a framework within which information about living individuals can be legally gathered, stored, used and disseminated. At its core were eight Data Protection Principles, which Harding Financial Ltd and other organisations needed to abide by. These specified that personal information must be:

  • Processed fairly and lawfully, and only if certain conditions are met

  • Obtained for specified and lawful purposes, and not used for purposes other than those for which it was gathered

  • Adequate, relevant and not excessive

  • Accurate and where necessary kept up to date

  • Kept for no longer than necessary.

  • Processed in accordance with individuals’ rights

  • Kept secure

  • Not transferred outside the European Economic Area unless certain conditions are met

GDPR builds on these requirements and states that from 25 May 2018 information must be:

  • processed lawfully, fairly and in a transparent manner in relation to individuals;

  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;

  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

GDPR also requires that:

  • “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

These protections apply to information in electronic form and also many types of data in paper form. Further information about the Data Protection Act and the General Data Protection Regulation is available from the Information Commissioner’s Office at www.ico.org.uk .


Why and How Harding Financial Ltd processes personal data

Harding Financial Ltd processes personal data for a variety of reasons, including in order to:

  • enable us to collect interest from prospective clients wishing to engage the services of Harding Financial Ltd;

  • enable us to communicate marketing and operational messages to data subjects via multiple platforms including but not limited to traditional letter post, email, SMS, Whatsapp and other forms of digital and social media;

  • apply for decisions in principle for financial products for prospective and contracted clients;

  • enable us to administer client-related functions;

  • refer data subjects to third parties who might assist them in ways that we ourselves cannot;

  • plan and account for the use of the services provided;

  • produce information including statistics for relevant external agencies;

  • monitor, develop and update Harding Financial Ltd systems to ensure they continue to operate effectively and securely;

  • gather feedback;

  • respond to complaints and/or legal claims about our service;

Harding Financial Ltd also processes personal data in relation to prospective and current staff. This is undertaken to facilitate recruitment activity and to administer the requirements Harding Financial Ltd must meet as an employer in line with UK law. Particularly relevant activity to staff data subjects would be Harding Financial’s:

  • administration of prospective, current and past employees including self-employed, contract personnel, temporary staff or voluntary workers;

  • recruitment and selection process;

  • administration of third party staff contracted to provide services on behalf of Harding Financial Ltd;

  • planning and management of Harding Financial Ltd’s workload or business activity;

  • occupational health service;

  • administration of agents or other intermediaries;

  • pensions administration;

  • disciplinary matters, staff disputes, employment tribunals;

  • staff training and development;

  • ensuring staff are appropriately supported in their roles;

  • vetting checks;

We may disclose data subjects’ data to certain outside organisations as outlined in this Fair Processing Notice.

We may process data in a variety of ways using a variety of mediums and platforms, also as detailed herein.


We may use copies of the data, including sensitive personal data, which we hold about data subjects for the purpose of testing our IT systems, but data subjects’ data will not be kept in the test environment for longer than is necessary for testing purposes. Data in that environment will not be used for purposes other than testing and we will also apply appropriate security precautions to the data.


What personal data does Harding Financial Ltd collect?

Harding Financial Ltd processes data in a variety of ways. The general volume and nature of the personal data collected is described next, but may not be absolutely limited to these items:

• contact information
• identity information
• financial information
• employment information
• lifestyle information
• health information
• data about criminal convictions or offences
• details of any vulnerability
• attitude towards investment risk and capacity for loss.
• product and investment details
• details of dependants and/or beneficiaries under a policy.


Please note that if a data subject is providing information about another person in order to notify us of a beneficiary or dependant, and/or indeed any other connected third party, we expect the data subject to ensure that they know about and consent to such supply. Data subjects might find it helpful to show them this privacy notice and if they have any concerns, they should contact us in one of the ways described, herein.

We may also obtain personal data about data subjects from other sources in the course of providing our services. Where we obtain this information from another party, it is their responsibility to make sure they have the necessary permissions to provide it, before sharing information with us. Such personal data may include the same data items referenced above, for instance in the case that Harding Financial Ltd was to acquire the business of another advisory or provide services to data subjects on behalf of a third party that they were already engaged with, but may also routinely (ie in the course of our day to day business operations) include sanction check information and reference information, in order to verify data subjects as a client, supplier or staff member.

Harding Financial Ltd also collects personal data from prospective and current staff, applying to work and working at Harding Financial Ltd. The volume and nature of the personal data collected is described below, but is not limited to the data items specified next:

  • name and address

  • national insurance number

  • contact details (telephone number, email address)

  • self-declaration of permission to work in the UK and upload of passport/visa copy if necessary

  • relevant qualifications or indication of highest qualification held

  • professional development / training and membership of any professional body

  • employment history

  • supporting statement

  • Referee details

  • Criminal record disclosure

  • Data captured for equal opportunities monitoring (gender, date of birth, nationality, marital status, sexual orientation, religious belief, ethnicity)

  • Declaration about any disability as defined under the Equality Act 2010

Sensitive Data


Some of this information described above, such as data subjects' ethnicity, medical information and information about disabilities, is classed as “sensitive” personal data under the Data Protection Act. Under the General Data Protection Regulation sensitive data covers information consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. Sensitive personal data is subject to extra legal protection and we have to meet an additional set of conditions in order use the data fairly and lawfully.

Sensitive data about data subjects, for example relating to data subjects' health, may be shared with restricted departments within Harding Financial Ltd to ensure that data subjects have access to appropriate services and support. Sensitive personal data may also be used to monitor equality of opportunity and access to services, but will not be used to make decisions about data subjects. For further information about sensitive personal data, see Harding Financial Ltd’s Data Protection Policy.

Who else has access to my data?


We will never share data subjects’ information with third parties for their own marketing purposes, unless we’ve specifically asked you for your consent to do so. If you’ve previously provided consent, you may withdraw it at any time by contacting us using the details below.


To deliver our services to you effectively and legally, however, we will often need to send your details to third parties, such as those that we engage for professional compliance, accountancy or legal services, as well as the regulator and all of the product and platform providers that we use to arrange financial products for you.

Data subjects' data may also be sent to different companies/departments within the Harding Financial Ltd ‘group’ where this is necessary for our day to day operations, and Harding Financial Ltd may itself process data using a variety of different systems and platforms.

Not all of these systems and platforms will be owned and/or operated by Harding Financial Ltd ; for example, those provided as Software As A Service. Where Harding Financial Ltd is using a third party system or platform for the purpose of processing data, such as Mailchimp for Marketing Emails, or Facebook for targeting messages to you via Social Media.

Where there is no statutory instrument in place to cover the supply of data to a third party, we’ll have a contract in place with the third party to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.

We’ll use appropriate security measures to protect your personal data in transit to the third party, and although we do not transfer data outside of the European Economic Area (EEA) as a matter of course of usual business, if a transaction was ever to involve the transfer of data subjects' data outside the European Economic Area (EEA), we will inform data subjects of this in advance, along with information about the safeguards in place. The data will only be transferred outside the EEA in compliance with the conditions of transfer outlined in the General Data Protection Regulation.


How long does Harding Financial keep data for?


For as long as a data subject is a contracted client, supplier or staff member of the organisation, we will retain all connected personal data as if it is current, as such data may be important and/or useful in providing ongoing advice and services.


If 5 years should pass without Harding Financial Ltd being in a contracted relationship with a data subject, Harding Financial Ltd will securely destroy personal data, save for situations in which Harding Financial Ltd may be subject to legal or regulatory requirements to retain data for longer minimum periods, and save for data items that warrant long-term or indefinite storage either because of their permanent nature or risk profile, where such data may be required to defend a future claim against us.


What are my rights regarding the personal data held relating to me?


An individual has the right to be informed about data collection via a Fair Processing Notice. This is that notice.


An individual has the right to ask Harding Financial Ltd what personal data we hold about them , and to ask for a copy of that information. Harding Financial Ltd reserves the right to ask data subjects to provide proof of identification and for data subjects to clarify data subjects' request if it is unclear in the first instance. Data subjects will receive a reply no longer than 30 calendar days from the date data subjects make the request in writing. If data subjects are unhappy with the initial response data subjects can ask Harding Financial Ltd to undertake a further search if there is specific information data subjects have good reason to believe exists but that hasn’t been delivered to data subjects.

Data subjects have the right to rectify data that is incorrect. If data subjects believe Harding Financial Ltd holds information about data subjects that is factually incorrect please email our HR department to provide the correct information, and Harding Financial Ltd should update it within one month.

Where there is not a legal / statutory obligation for Harding Financial Ltd to hold data about data subjects, data subjects have the right to be forgotten.


Data subjects have the right to data portability where the personal data is processed with the consent of the data subject, not where the personal data has been collected using any of the other legal basis for processing.

Data subjects have the right to restrict processing.


Data subjects have rights in relation to automated decision making and profiling.


Data subjects also have the right to object / withdraw consent from the processing of data subjects' personal data by Harding Financial Ltd at any time , if data subjects' consent was sought initially to use data subjects' personal data.


Data subjects also have the right to complain to the UK Regulator the Information Commissioner’s Office (the ICO) if data subjects believe data subjects request has not been dealt with properly or data subjects have a complaint to raise against Harding Financial Ltd for any other data protection related issue. A complaint can be raised via the ICO’s website at www.ico.org.uk or by writing to the following address:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom


How do I exercise my rights under GDPR?

For the purpose of data subjects' data protection, Harding Financial Ltd is the recognised ‘controller’ of data subjects' data, and Harding Financial Ltd makes a Data Protection Officer available to data subjects, who can be contacted about any of the content held herein via:


Postal Address:

Data Protection Officer
Harding Financial Ltd
The Estate Yard
East Shalford Lane
Guildford
Surrey
GU4 8AE
United Kingdom

Telephone: +44 (0) 1483 80 20 10

Please mark all emails for the attention of the Data Protection Officer.

Contact Us

Get in touch today

Call us, email, drop in, or fill in the form so that one of our expert advisers can be in touch.

We look forward to hearing from you and being your financial partner.

The Estate Yard
East Shalford Lane
Guildford
Surrey
GU4 8AE