For the purposes of the General Data Protection Regulations (GDPR) the Data Controller in respect of any personal data controlled by the business is Dunn Financial Management Limited, Sunningdale, Chapel Green, Crowborough, East Sussex, TN6 2LB. Registered in England & Wales, No. 784364.
Dunn Financial Management Ltd is an Appointed Representative of Vision Independent Financial Planning Ltd which is Authorised and Regulated by the Financial Conduct Authority (FCA).
About this document
This privacy notice explains how Dunn Financial Management Ltd (“we“, “our“, “us“) collects, uses and shares your personal data, and your rights in relation to the personal data we hold. This privacy notice concerns our processing of personal data for past, prospective and present clients of Dunn Financial Management Ltd (“you“, “your“).
Dunn Financial Management Ltd (a UK registered company, registered in England with company number 10810767) is the data controller of your personal data and is subject to the Data Protection Act 1998 (“DPA“) and the General Data Protection Regulation (the “GDPR“).
DATA PRIVACY NOTICE
We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information about us, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event you have a complaint.
How do we gather and use your personal information?
We collect your personal information in a number of ways. This begins with any interactions we have with you for example:
- when you communicate with us over the phone or via email;
- from information you provide to us when you interact with us for example when you contact us about our services;
- when you ask us to provide services to you and subsequently provide us with the necessary information;
- from third parties, such as a Financial Services provider or Discretionary Fund Manager;
- where you provide us with personal data relating to others (e.g. your family members), we understand that you either have their consent or are entitled to provide this information to us for subsequent use;
- in the other ways you interact with us during your time with us, for some of the reasons set out below.
How do we share and store your personal data?
We collect the following types of personal data about you:
- your name, and contact information such as address, email address and telephone number;
- your date of birth, national insurance number (or other tax identification number) and due diligence information;
- financial information (to establish what type of service you require).
We may also collect special categories of personal data, including more sensitive personal data, such as information concerning your health and medical conditions (“sensitive personal data“).
Failure by you to provide the personal data requested by us may mean that we are unable to provide the services you have requested.
How we use your information and our basis for processing that information
We may process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. Under these circumstances, we use your personal data for the following:
- to interact with you for example when you express your interest in our services (for example, to answer enquiries about our services);
- to provide you with the services as set out in our Client Agreement or Terms of Business or any other contractual document (including, but not limited to, the provision of our services where applicable, the processing of your sensitive personal data, for example where your health and/or medical details are relevant to the calculation of annuities, pensions or other benefits);
- to deal with any concerns or feedback you may have;
- for any other purpose for which you provide us with your personal data.
We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:
- to confirm your identity and carry out background checks for anti-money laundering and ‘know your client’ purposes (including as part of our checks to prevent fraud and other crimes);
- to fulfil our obligations under any reporting agreement entered into with any tax authority or revenue service(s) from time to time, including but not limited to HMRC and the US Internal Revenue Service (IRS), as is necessary for compliance with our legal obligations;
- in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities; and
- to meet our other compliance and regulatory obligations, including in order to comply with any requirement of any applicable statute, regulation, regulatory rule and good practice, whether originating from the UK or elsewhere (including, but not limited to, the United States of America).
Transferring your information outside of Europe
We do not operate globally, and therefore your personal data will not be transmitted to and processed outside of the UK in countries that do not provide the same level of data protection as the UK.
We may also process your personal data where:
- it is necessary to protect your or another person’s vital interests;
- it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our clients, or of third parties, including where applicable relying on recordings or monitored observations from communications with you);
- we have your specific or, where necessary, explicit consent to do so.
Monitoring of communications
We, and persons acting on our behalf, may record and/or monitor communications (including telephone conversations over landlines and mobile phones, emails, instant messaging, chat rooms, fax and other electronic communications) between our staff and you. We only record communications between us in order to comply with our legal and regulatory requirements.
We may also record and/or monitor communications for training and quality assurance purposes but will always ask for your consent before recording communications for these purposes. If you choose not to provide your consent in these circumstances, we will still be entitled to record and/or monitor communications if we are under a legal obligation to do so (but will only be able to use the recordings for those purposes).
Disclosure of your information (when it may be shared with others)
In addition, we may also disclose your personal data:
- to any other organisations that we may engage to perform, or assist in the performance of, our services or to advise us, provided that they will only be given access to your personal data (including your sensitive personal data, where applicable) to perform such assistance, services or advice and not for other purposes. We shall endeavour to ensure that any such organisation undertakes to adopt appropriate security measures in respect of your personal data;
- to counterparties where disclosure is reasonably necessary for the purpose of effecting transactions in connection with our Client Agreement or Terms of Business or any other contractual document or of establishing a dealing relationship with a view to such transactions; where we have your permission to reveal the information;
- to any ‘connected person’ as set out in our Client Agreement or Terms of Business or any other contractual document, unless you expressly instruct us in writing to do otherwise;
- if you are a joint client, to the other client named in any relevant Client Agreement or Terms of Business or any other contractual document;
- as part of a reorganisation, sale or negotiations for sale of all or part of our business (subject to appropriate security and confidentiality measures);
- in circumstances in which we are required or authorised by law (including, but not limited to, data protection legislation), court order, regulatory or governmental authorities to disclose your personal data; and
- where you are a beneficiary or policyholder in respect of a portfolio, fund or account which is legally owned by a third-party provider, to such third-party provider.
How long your information is kept
We will retain your personal data for as long as we are providing you with the services referred to in any relevant Client Agreement, Terms of Business or any other contractual document, and for as long as permitted or required for legal, regulatory, fraud prevention and our legitimate business purposes after the closure of your account, if the relationship between you and us has terminated, or if your application for a particular service or services is declined or abandoned.
You have the following rights:
- to obtain access to, and copies of, the personal data that we hold about you;
- to require that we cease processing your personal data if the processing is causing you damage or distress;
- to require us not to send you marketing communications.
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data;
- to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- to require us to comply with your objection, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
If you have given your consent and you wish to withdraw it, please contact our Data Protection Officer using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
If you are not satisfied with how we are processing your personal data, you can raise a concern with the Information Commissioner. You can also find out more about your rights under data protection legislation from the Information Commissioner’s Office website available at: www.ico.org.uk.
How to contact us
If you would like to contact us in relation to this Notice or if you have any other questions in respect of our processing of your personal information, please contact Stephen Dunn by e-mail at or by telephone on 07843 584785.
Last updated 01/11/2018