Blevins Franks Group takes the security and privacy of our contacts about which we hold personal information seriously. The purpose of this notice is to describe to you the information we may hold about you, explain what we use it for, explain your rights in relation to it and who you can contact if you need further clarification.
Who we are
This Privacy Notice is provided for all of the Blevins Franks entities listed below. Any of these entities can act as controllers of your personal data and information:
In the UK, the following Company is registered as a Data Controller with the Information Commissioner`s Office (ICO).
- Blevins Franks Financial Management Ltd (ICO registration number Z5603413)
In France, the following Company is registered as a Data Controller with the Commission Nationale de l'Informatique et des Libertés (CNIL)
- Blevins Franks France SASU
In Malta, Data Controllers are not required to register themselves with the Information and Data Protection Commissioner (IDPC). In Malta, the companies that would fall within the umbrella of the IDPC are: :
- Blevins Franks Trustees Ltd
- Blevins Franks Gamma Ltd
- Blevins Franks Wealth Management Limited
Controllers Contact Details
Blevins Franks Group, Gasan Centre, Triq il-Merghat, Zone 1, Central Business District, Mriehel CBD1020, Malta
Data Protection Officer
Our Data Protection Officer is Alex Miller.
You can contact him at firstname.lastname@example.org or via our postal address.
Please mark the envelope 'Data Protection Officer'.
Purpose for processing personal information
We use your personal information in the following ways:
- To provide you with services and information that you request from us.
- To get quotations or arrange investments for you with regulated entities.
- To comply with our legal and regulatory obligations, co-operate with our regulators and law enforcement agencies and to prevent and detect crime.
- To keep you updated about your investments during regular reviews.
- To improve the quality of our services and to train our staff.
- To check instructions you’ve given us or to resolve disputes.
- To process any job application you submit, or that an agency submits for you.
- To tell you (by mail, email, telephone or otherwise) about products and services we think you may be interested in, based on products or services you have shown interest in or may already have. You can opt out of these communications at any time.
- To invite you to events or provide information or news that you may be interested in. You can opt out of these communications at any time.
- To confirm your identity and address.
- Gathering data to provide management information or other services.
- To administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes.
- To improve our sites to make sure that our content is as effective as we can for you and for your computer.
- As part of our efforts to keep our sites safe and secure and to prevent and detect money laundering, financial crime and other crime.
- To monitor, record, store and use any telephone, email or other communication with you. We’ll update your records with any new information you or a third party give us, and we’ll add it to any information we already have.
- When you call us we will keep a copy of the call for training and security purposes.
- To deal with any enquiries or issues you have about how we collect, store and use your information, or any requests made by you for a copy of the information we hold about you.
Sources of Personal Data
Blevins Franks Group process data from a number of sources for the purposes detailed above. The following sources of data apply:
- When you use our website;
- Where you attend one of our events or visit a stand at a show or seminar;
- When you speak to the advisers at one of our offices;
- When you complete a fact find or financial planning questionnaire (FPQ);
- When you phone one of our offices;
- When you are referred to us by your financial adviser;
- From a product provider when you transfer a pension or investment;
- From an existing product provider when they send regular updates on your investments;
- From a product provider via their own client relationship management (CRM) systems or through integration with Blevins Franks CRM systems;
- When we act on your behalf to transfer an existing pension to an advised scheme, in this case data will be compiled by our partners (Equinity/Hazell Carr)
- When you apply for a job with any Blevins Franks Group company or office;
- When we receive a reference for you relating to a job application.
Legal basis for processing your data
Our legal basis for collecting, holding and processing your personal information depends on the information that we are collecting and the purpose of use of that information. We will normally only collect personal information from you, your employer, or another third party where one of the following applies:
- You have given us your consent to hold your data and to send you information that we feel may be of interest to you. You have the right to withdraw your consent and or to opt out of marketing information.
- We need your personal information to perform our legal obligations (for instance where you have received advice from us or are a client of ours we have responsibilities to maintain your information).
- We need to process your data for performance of a contract (for instance where you are a permanent or temporary employee of the Company).
- It is in our, or your legitimate interest. These legitimate interests include:
- To provide client services;
- To provide relevant advice to clients and prospective clients;
- To market and develop our business;
- For internal administrative purposes;
- To locate, contact and verify beneficiaries;
- To clarify aspects relating to a technical tax guide or book;
- If we rely on our legitimate interests for using your personal information, we will balance this to ensure that our legitimate interests are not outweighed by your personal interests or fundamental rights and freedoms which require protection.
Categories of Personal Data
The data we process for the purposes outlined above is generally personal data however there are some controlled and specific areas where we may process special categories of data.
Health information is a special category of data under GDPR and we will take particular care to restrict access to this data to those who need it, to protect the data and to ensure that this data is not kept for longer than required. We may process ‘special categories’ of data in the following ways:
- We may process health information in order to fulfil our obligations to support vulnerable clients. This is detailed in our vulnerable clients policy;
- As part of our recruitment process we may hold a health declaration against an employee record.
- In both these cases we will ask for specific consent before processing this data and access to this data will be restricted to those people who need access to it.
Retention Period of Data
Data will be retained if it is still required to support clients or our legal obligations. Pensions data will be retained indefinitely. All other required data will be retained while the data subject is still a client. For a data subject who ceases to be a client of the Company, data will be retained for 10 years following the date that the clients leaves. Where an employee leaves the Company data will be retained for 10 years.
Your Data Protection Rights
You have a number of rights concerning your personal data that we hold. If you have any questions in relation to these please contact the Data Protection Officer at email@example.com.
- Right to be informed: This privacy notice highlights information about how and why we will process your data, if you have any further questions please contact our Data Protection Officer.
- Right to access: You have the right to request your personal data from us in a ‘Subject Access request’. If you would like to do so, please request a Subject Access request form from firstname.lastname@example.org. We may ask you for verification of your identity at this stage however once that has been confirmed we will respond to your request with the data you have asked for within 1 month for a standard request or within 3 months where a request is more complex. If the request for data involves a number of different systems and may be complex then we will inform you within the first month.
- Right to rectification: You have the right to request that any errors in the data we hold for you are corrected. You can make a request by contacting the Data Protection Officer.
- Right to erasure: You have the right to request that we delete your personal data and if we don’t have a legal obligation or other legal basis to process your data then we will delete it. You can make a request through the Data Protection Officer.
- Right to restrict processing: In certain circumstances, for instance in the case of a dispute, you may ask us restrict data processing. In this case we will not delete the data but will limit the use of the data and restrict access internally, this may take the form of archiving the data on our IT systems.
- Right to data portability: You may request that we send you your data in a usable format, for instance. If you would like to make a request, please contact the Data Protection Officer.
- Right to object: You have the right to object to our processing of your personal data, this includes where we are processing under a legal basis of legitimate interest. If you make an objection we will respond to you within one month.
- Rights in relation to automated decision making and profiling: You have the right to know if we are using any automated decision making or profiling using your personal data and we will inform you if that is the case.
Automated Decision Making and Profiling
- The data that you supply to us in attitude to risk surveys will be checked through a system which uses algorithms to benchmark attitude to risk so that investment choices can be viewed in the most appropriate manner.
- We will check your data to ensure that we and you are protected under anti money laundering legislation. This may involve some automated checking.
Lodging a Complaint
If you would like to make a complaint concerning our processing of your data. Please in the first instance contact the Data Protection Officer at the email address: email@example.com.
You also have the right to complain about use or collection of your personal data to the supervisory authority. In the UK this is the Information Commissioner’s officer (ICO). In Malta this is the office of the Information and Data Protection Commissioner (IDPC) and in France this is the Commission Nationale de l'Informatique et des Libertés (CNIL)
You may also complain to the supervisory authority in the country where you usually work or live or where an alleged infringement may have taken place.
In the UK, you can contact the ICO at:
Information Commissioner’s Office, Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK
or by phone on +44 (0)303 123 1113.
In Malta, you can contact the IDPC at:
Information and Data Protection Commissioner
Level 2, Airways House, High Street, Sliema SLM 1549, Malta
or by phone on (+356) 2328 7100
In France, you can contact the CNIL at:
Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France
Tel +33 (0)1 53 73 22 22 Fax +33 (0)1 53 73 22 00
From time to time we may update this privacy notice. This may be to comply with new regulations. Please review this notice on a periodic basis to ensure that you are updated with the most current version, how we use it and under what circumstances we disclose it.