Introduction
When it comes to the privacy and security of your personal information, we know this is extremely important.
This Notice sets out what information we collect and from where, how it is processed and how we keep it secure, as well as your rights relating to this information.
From time to time, this website may contain links to and from other websites, including those of our advertisers and affiliates. If you follow a link from/to any of these websites, please note that they have their own privacy policies, and we don’t accept any responsibility or liability for your data if you choose to use these websites. Please check these policies before you submit any personal data to these websites.
Privacy Statement – 8 May 2024
PSG SIPP Limited (the Data Controller) is committed to protecting and respecting your privacy and personal data.
Who We Are
In accordance with the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) (collectively referred to as “Data Protection Legislation”), your Data Controller is PSG SIPP Limited, Unit F1, Avonside Enterprise Park, New Broughton Road, Melksham, Wiltshire, SN12 8BT.
The Data Protection Lead is Natalie Pike:
Email: info@psgsipp.co.uk
Tel: +44 3330 918 618
www.psgsipp.co.uk.
What is Personal Data?
Personal data means any information that may be used to identify an individual, we collect and process the following including, but not limited to:
- First and last name;
- Home or other physical address;
- Email address;
- Telephone number;
- Other contact information;
- Date of Birth;
- National Insurance Number;
- Employment details;
- Marital status;
- Nationality;
- Gender;
- Source of Wealth information;
- Dependant and Spouses information;
- Health and illnesses or disabilities;
- Personal Financial status e.g., bankruptcy;
- Documents relating to your identity, residency, nationality, including passport information, tax numbers etc;
- Birth certificates, death certificates, marriage certificates;
- Driving license or other Proof of Identity or address documentation supplied to us.
Article 4 of the GDPR states that Personal Data is:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Any reference to data or personal data in this notice must be taken in this context.
Purpose of processing
- Verify identity;
- Contact you about your products, our services, regulatory obligations and contractual obligations;
- Authority and consent to carry out transactions in line with your terms and conditions;
- Understanding your circumstances;
- Defining target markets;
- Paying appropriate benefits from your account;
- Carrying out transactions;
- To provide updates on regulator changes/service levels or other changes in line with Terms and conditions.
The Legal Basis for use of your personal information:
We will only collect, use, and share personal information where we have an appropriate legal basis to do.
Data Protection Legislation sets out several different reasons for which a company may collect and process personal data that include:
Legitimate Interest
For example, when you make an enquiry or receive our newsletters on updates around pensions and the products/services we provide. You have the right to object as below.
Contractual Obligation
When you become our client, we enter into a contract with you to provide you with your chosen product. We need your personal data to comply with our obligations under that contract.
Legal Obligation
Some of the information that you provide to us when we enter into a contract with you is required to comply with legal obligations such as the need for compliance with anti-money laundering legislation, FCA regulatory requirements, HMRC rules and other regulations or legal requirements.
When Do We Collect Your Personal Data?
We can collect your personal data when:
- you visit any of our websites and make an enquiry or subscribe to our newsletters;
- you purchase a product or service by completion of applications forms and thereby entering a contract with us. This could be done directly or via a financial intermediary;
- you may engage with us on social media;
- you contact us by any means with queries, enquiries, complaints etc;
- you ask us to provide you with information about a product or service;
- you’ve given a third-party permission to share with us the information they hold about you.
How We Use the Information We Collect
We may use information held about you in the following ways:
- to provide you with services and/or information you request from us that includes carrying out any obligations arising from any contracts entered into between you and us;
- to notify you about any changes to our services;
- to prevent and detect money laundering, financial crime and other crime;
- to facilitate investments with investment providers as directed by you;
- to answer queries, correspondence, enquiries, complaints etc;
We may collect information by:
- your completion of our application forms;
- copies of documents you provide to prove your age or identity where the law requires this. (including your passport, driving licence and evidence of residential address). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality;
- an intermediary or third party to whom you have previously provided consent for your personal data to be passed to us.
We may also collect data from publicly-available sources (such as Companies House) where the information is in the public domain by matter of law. We will only ever only obtain data necessary for the completion of our duties to you.
We only ever obtain information from third parties where permitted by law. We may use legal public sources to obtain information about you, for example, to verify your identity. This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the Data Protection Legislation.
We undertake always to protect your personal data in a manner that is consistent with Data Protection Legislation and to take reasonable security measures to protect your personal data in storage.
To whom your data will be disclosed
We may share the personal data we hold about you with third parties only when essential to fulfil our legal obligations under the contract between you and us. Examples of such third parties are:
- professional payroll providers for the purposes of assisting in the payment of retirement benefits;
- investment providers chosen by you as part of your financial planning strategy;
- professional accountants to assist in the administration of products we are contracted to provide and administer, as well as those who may act for investments selected by you;
- any other our partners and suppliers who may be engaged by us to fulfil the terms of a contract between you and us;
- Regulators and tax authorities;
- Credit reference and fraud prevention agencies/ ICO etc;
- The Trustee company appointed at Asset Trustee of your SIPP, which will be a wholly owned subsidiary of PSG SIPP Limited;
- Financial advisors/DFM etc that you have appointed;
- Data/software providers.
When sharing your information with a third party, we provide only the information they need to perform their specific services and stipulate that they may only use your data for the exact purposes we specify in our contract with them. We work closely with third parties to ensure that your privacy is always respected and protected. If we stop using their services, we will request that any of your data held by them either be deleted or rendered anonymous.
We have an obligation to share personal data with the police or other enforcement, regulatory or government body, upon receipt of a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our clients into consideration. Similarly, we have an obligation to share data with relevant authorities where we suspect fraudulent or potentially fraudulent activity.
We will only disclose your information with any other third parties with your express consent.
Your choices:
You can choose not to provide us with personal data. If you choose to do this, you can continue to use the PSG SIPP website and browse its pages, but we will not be able to continue a relationship without personal data.
You can block cookies on our website by activating a setting on our cookie banner, allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the PSG SIPP website and browse its pages. For more information about how we use Cookies please see our Cookie Policy You can opt-out of marketing by clicking the unsubscribe option in any marketing communications.
Data Retention and transfers to a third country
We securely store your data in the United Kingdom (UK) and retain it for as long as it is required for the purpose we collect and process it for or if the law or regulatory bodies require. At the end of that retention period, your data will either be deleted completely or anonymised.
Sometimes we will need to send your personal data outside the UK to fulfil our legal obligations under the contract between you and us, for example if you or your financial intermediary are based outside the UK. By submitting your personal data, you agree to this transfer when required.
No processing by a Data Controller or Data Processor takes place outside of the UK. The place of residence of data is the UK.
How long we will store your personal data for
Your personal data will be stored for the duration of your relationship with us. After that, we will store your personal data for as long as it is legal, appropriate and necessary to do so.
We review data once per year to ensure we only keep the data that is necessary to perform our tasks on your behalf.
What are your rights
You have specific rights in the following areas:
- breach notification;
- to be informed;
- to access;
- to rectification;
- to be forgotten;
- to restrict processing;
- to data portability;
- to object;
- against automated decision making and profiling that is not carried out by us.
If you would like to exercise any of your above rights, please contact our Complaints Team:
Post: The Complaints Team, PSG SIPP Limited, Unit F1, Avonside Enterprise Park, New Broughton Road, Melksham, Wiltshire, SN12 8BT.
Email: complaints@psgsipp.co.uk
Tel: +44 3330 918 618
If you do wish to exercise any of your rights, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. This is to protect the confidentiality of your information.
If you have authorised a third party to submit a request on your behalf, we will ask them to provide evidence that they have your permission to act for you. Please note that you may continue to receive communications for a short period after changing any preferences while our systems are updated.
Breach notification
In the unlikely event of a data breach, we have a legal responsibility to notify the lead UK data protection authority being the Information Commissioner’s Office within 72 hours of first having become aware of the breach.
We will notify you without undue delay with any relevant advice about protective measures you should take.
Right to be informed
We must provide information relating to how we process personal data in a concise, clear and intelligible manner. We do so by the provision of this Privacy Notice.
Right to access
You have the right to obtain from us (known as a Subject Access Request) confirmation as to whether personal data concerning you is being processed, where and for what purpose. You have the right to be provided with a copy of that personal data, free of charge, in an electronic format if you so wish within one month of making your request.
Our response will include:
- sources from which we acquired the information;
- the purposes for processing the information; and
- persons or entities with whom we are sharing the information.
Right to rectification
You have the right for inaccurate information to be corrected by us within one month of notifying us. If we have disclosed that data to third parties, we will immediately instruct that third party to correct their records.
Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay in specific circumstances:
- where data is no longer necessary in relation to the purpose for which it was originally required;
- where consent is withdrawn;
- where any objection is raised and there is no legitimate interest to continue;
- unlawful processing, i.e. breach;
- to comply with a legal obligation.
This is often referred to as the “right to be forgotten” and means we must erase your personal data, cease further dissemination of that data, and have third parties halt any processing of it.
We must pay notice to data retention guidelines from regulatory bodies such as H M Revenue & Customs and the Financial Conduct Authority. This means that in normal circumstances we will retain data for five years after its need has ended.
Right to restriction of processing
You have the right to obtain from us restriction of processing in the following circumstances:
- you contest the accuracy of the data and it is therefore restricted until its accuracy has been verified;
- processing is unlawful, and you oppose the erasure of the data and instead request the restriction in its use;
- we no longer need the data, but it is required by you for the establishment, exercise or defence of legal claims;
- you have objected to processing of your data pending the verification of whether there are legitimate grounds for us to override these objections.
If processing is restricted, we can store data but not process it until its accuracy has been verified. If we have disclosed that data in question to a third party, we must inform that third party of the restriction on the data unless this proves impossible or involves disproportionate effort. We shall provide you with information about those third parties if you request it.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us. We must complete the transfer of data under the right to portability within one month of its request.
Right to object
You have an absolute right to object to data processing for direct marketing purposes. We must cease where you object to processing on certain grounds such as personal profiling, public or legitimate interest or where data is collected for research or statistical purposes.
Your objection must be based on grounds relating to your situation. We must stop all processing on receipt of an objection unless:
- Compelling legal grounds can be demonstrated for processing that override your interests, rights and freedoms of the individual; or
- Processing is for the establishment, exercise or defence of legal claims.
- Whenever you may have given us your consent to use your personal data, you have the absolute right to change your mind at any time and withdraw that consent.
Right to not be subject to decisions based solely on automated processing.
All our processes require human intervention, so we do not carry out any automated processing that may lead to an automated decision based on your personal data.
Direct Marketing
We will only ever provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased where you have clearly expressed a preference for us to do so. You can change your mind and stop receiving such correspondence at any time by simply letting us know. You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Marketing and administration emails you receive from us contain a tracking pixel. This pixel lets us know things such as our email campaigns’ open rates and click rates.
The pixel also lets us know if an email has not been delivered to update our records and keep them current.
When we analyse the data, we do so from an aggregated perspective, meaning that we report upon an overall number of open rates and click rates.
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you;
- Email us at info@psgsipp.co.uk;
- Write to PSG SIPP Limited, Unit F1, Avonside Enterprise Park, New Broughton Road, Melksham, Wiltshire, SN12 8BT.
Changes to our privacy notice
We reserve the right to review this Privacy Notice from time to time. You are welcome to periodically review this Privacy Notice and you can determine when it was last revised by checking the date in its heading.
We regularly review this notice to ensure we always protect your privacy and to ensure it meets the highest possible standards. We will not significantly change how we use information you have already given to us without your prior agreement. Changes will be made available on our website.
Additional information
PSG SIPP has appointed a statutory Data Protection Officer. The details are as follows:
Privacy People Limited: Registration number 14344377, ICO number ZB412807 DPO@privacypeople.co.uk
A Record of Processing Activities (ROPA), in which the lawful basis for processing all of our data is maintained. Wherever Legitimate Interests is relied upon, an impact assessment has been created, available upon demand to those whose data is included.
As of January 1st, 2021, the UK left the European Economic Area (EEA). As PSG SIPP process the data of EU Residents/Citizens we are required to appoint a European representative to comply with Article 27 of the GDPR.
The company name is PSGi Limited and they can be contacted at info@tpsg.co.uk.
Right of Complaint
If you have a complaint regarding the use of your personal data or sensitive information, then please contact us by contacting our Complaints Team:
Post: The Complaints Team, PSG SIPP Limited, Unit F1, Avonside Enterprise Park, New Broughton Road, Melksham, Wiltshire, SN12 8BT.
Email: complaints@psgsipp.co.uk
Tel: +44 3330 918 618
If you feel that your data has not been handled correctly, or you are unhappy with our response to your complaint or to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office:
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF
Email: casework@ico.org.uk
Tel: +44 303 123 1113
Website: www.ico.org.uk/concerns