During the course of dealing with us, we will ask you to provide us with detailed personal information relating to your existing circumstances, your financial situation and, in some cases, your health and family health history (Your Personal Data). This document is important as it allows us to explain to you what we will need to do with Your Personal Data, and the various rights you have in relation to
Your Personal Data.
What do we mean by “Your Personal Data”?
Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date or birth, National Insurance number. Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.
In the context of providing you with assistance in relation to your Investment/ Finance and/or Insurance requirements Your Personal Data may include:
Title, names, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity
Employment and remuneration information, (including salary/bonus schemes/overtime/sick pay/other benefits), employment history
Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependents
Health status and history, details of treatment and prognosis, medical reports (further details are provided below specifically with regard to the processing we may undertake in relation to this type of information)
Any pre-existing investment/ finance and/or insurance products and the terms and conditions relating to these
The basis upon which our Firm will deal with Your Personal Data
When we speak with you about your investment /finance and/or insurance requirements we do so on the basis that both parties are entering a contract for the supply of services.
In order to perform that contract, and to arrange the products you require, we have the right to use Your Personal Data for the purposes detailed below.
Alternatively, either in the course of initial discussions with you or when the contract between us has come to an end for whatever reason, we have the right to use Your Personal Data provided it is in our legitimate business interest to do so and your rights are not affected. For example, we may need to respond to requests from mortgage lenders, insurance providers and our Compliance Service Provider relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.
On occasion, we will use Your Personal data for contractual responsibilities we may owe our regulator The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing Your Personal Data in order to meet a legal, compliance or other regulatory obligation to which we are subject.
The basis upon which we will process certain parts of Your Personal Data
Where you ask us to assist you with for example your insurance and/or ethical investments, in particular life insurance and insurance that may assist you in the event of an accident or illness, we will ask you information about your ethnic origin, your health and medical history (Your Special Data). We will record and use Your Special Data in order to make enquiries of insurance and/or investment providers in relation to insurance products that may meet your needs and to provide you with advice and/or guidance regarding the suitability of any product that may be available to you.
If you have parental responsibility for children under the age of 13, it is also very likely that we will record information on our systems that relates to those children and potentially, to their Special Data.
The arrangement of certain types of insurance may involve disclosure by you to us of information relating to historic or current criminal convictions or offences (together “Criminal Disclosures”). This is relevant to insurance related activities such as underwriting, claims and fraud management.
We will use special Data and any Criminal Disclosures in the same way as Your Personal Data generally, as set out in this Privacy Notice.
Information on Special Category Data and Criminal Disclosures must be capable of being exchanged freely between insurance intermediaries such as our Firm, and insurance providers, to enable customers to secure the important insurance protection that their needs require.
How do we collect Your Personal Data?
We will collect and record Your Personal Data from a variety of sources, but mainly directly from you. You will usually provide information during the course of our initial meetings or conversations with you to establish your circumstances and needs and preferences in relation to investment/ finance and insurance. You will provide information to us verbally and in writing, including email.
We may also obtain some information from third parties, for example, credit checks, information from your employer, and searches of information in the public domain such as the voters roll. If we use technology solutions to assist in the collection of Your Personal Data for example software that is able to verify your credit status. We will only do this if we have consent from you for us or our nominated processor to access your information in this manner. With regards to electronic ID checks we would not require your consent but will inform you of how such software operates and the purpose for which it is used.
What happens to Your Personal Data when it is disclosed to us?
In the course of handling Your Personal Data, we will:
Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees and consultants within our Firm and only when it is necessary to provide our service to you and to perform any administration tasks associated with or incidental to that service
Submit Your Personal Data to Product Providers and/or Insurance Product providers, both in paper form and on-line via a secure portal. The provision of this information to a third party is essential in allowing us to progress any enquiry or application made on your behalf and to deal with any additional questions or administrative issues that lenders and providers may raise.
Use Your Personal Data for the purposes of responding to any queries you may have in relation to any investment/ finance product or insurance policy you may take out, or to inform you of any developments in relation to those products and/or polices of which we might become aware
Sharing Your Personal Data
From time to time Your Personal Data will be shared with:
Investment Providers and insurance providers
Third parties who we believe will be able to assist us with your enquiry or application, or who are able to support your needs as identified. These third parties will include but may not be limited to, our Compliance Advisers, Product specialists, estate agents, providers of legal services such as estate planners, conveyancing, surveyors and valuers (in each case where we believe this to be required due to your particular circumstances).
In each case, your Personal Data will only be shared for the purposes set out in this customer privacy notice, i.e. to progress your investment/ finance and/or insurance enquiry and to provide you with our professional services.
Please note that this sharing of Your Personal Data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this Customer Privacy Notice.
Security and retention of Your Personal Data
Your privacy is important to us and we will keep Your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or in instances whereby we have legal right to such information we will retain records indefinitely.
Your rights in relation to Your Personal Data
request copies of Your Personal Data that is under our control
ask us to further explain how we use Your Personal Data
ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request)
ask us to send an electronic copy of Your Personal Data to another organisation should you wish
change the basis of any consent you may have provided to enable us to market to you in the future (including withdrawing any consent in its entirety)
How to make contact with our Firm in relation to the use of Your Personal Data
If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact:
The compliance manager, Prism Xpat, Berkeley Square House – Level 2, Berkeley Square, London W1J 6BD.
If we feel we have a legal right not to deal with your request, or to action, it in different way to how you have requested, we will inform you of this at the time.
You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own regulatory obligations.
If you have any concerns or complaints as to how we have handled Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Data Protection Policy
As part of our arrangement with you, Xpat Ltd (“we”, or “us”, or “our”) has certain obligations under privacy laws, including the UK Data Protection Act (the “Act”) to notify individuals how it will process any personal information it collects about them. This Notice will inform you of what personal information we collect, how that information is used, where it is transferred, and how you may view and amend such information. You may be assured that we will treat all personal information as confidential and will not process it other than for a legitimate purpose. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the information.
What type of personal information will be processed?
We collect and process various personal data about you for the purposes of providing advice, administration and management services which are explained in more detail below. “Processing” is defined in the Act but could include obtaining, recording or holding information or data. “Personal data” is information which can identify you as a living individual, including where used in conjunction with other information. Common examples of personal data which may be collected and used by us in our day to day business activities include: name; date of birth; gender; ethnicity; marital status; address; telephone number and other contact details (including email addresses); job title; and bank account and other
Depending upon the types of products and services you require, the information collected and processed may also contain “sensitive personal data” for the purposes of the Act, which includes information held by us as to: your physical or mental health or condition; the commission or alleged commission of any offence by you; any proceedings for an offence committed or alleged to have been committed by you, including the outcome or sentence in such proceedings; sexual life; in limited circumstances, your membership of a Trade Union; your political opinions, religious or similar beliefs.
Any information which we receive fairly and lawfully relating to one of the above categories constitutes sensitive personal data. Examples of likely items which may contain sensitive personal data (although this is not an exhaustive list) are life insurance questionnaires, medical reports and SSP self-certification forms. Please note that as with personal data, you have freedom of choice when it comes to your decision as to whether you provide us sensitive personal data. In addition to your right to request that we stop processing your personal data and sensitive personal data at any time, you have an opportunity at the end of this Notice to choose not to provide sensitive personal data to us at all. You should however note that if you exercise this right or subsequently request that we stop processing all or part of your personal data and/or sensitive personal data, this could impact upon our ability to provide you with certain types of product and services and may ultimately result in us being unable to provide them to you at all.
How will my personal data be collected and used?
We collect personal data from you to the extent necessary to provide advice, administrative and management services and (subject to the provisions below), related marketing activities. We may process your personal data and sensitive personal data for the following reasons:
The administration, management and provision of advice in relation to financial services products;
Our legitimate business processes and activities including internal audit, accounting, business planning and proposed and actual transactions (including joint ventures and disposals of business); and
Compliance with legal (including dealing with claims), regulatory and other good governance obligations;
This list is not exhaustive and may be updated from time to time as business needs and legal requirements dictate. Some of the personal data that we maintain will be kept in paper files, while other personal data will be included in computerized files and electronic databases.
Who might my personal data be shared with?
Your personal data will be made available for the purposes mentioned above and only to responsible management, human resources, accounting, audit, compliance, information technology and other corporate staff. It may also be made available to third parties providing relevant services to us. Certain personal data will also be reported to government authorities where required by law and for tax or other purposes. Personal data may also be released to external parties as required by legislation, or by legal process, as well as to companies you authorise us to release your personal data to. We will not sell your personal data to any third party.
We may wish to provide you with information about new products, services, promotions, and other information in which we think you may be interested. We may also pass your information onto third parties to enable them to provide you with such information. We, together with third parties may send you information by postal mail, fax, telephone, social media, SMS text, picture messaging, or by any other personal means of conduct; unless you have registered with the appropriate Preference Service (we would be grateful if you could let us know if this is the case). If you purchase a product from us we may retain your address for future mailings. If you do not want your information used for direct marketing purposes at any time, please contact our customer services department by e-mail at email@example.com to let us know and we will not send you any direct marketing.
We would also like to provide you with the above information by e-mail. However, we appreciate that email “spam” has become a problem in recent years. If you are a customer or you have previously asked us for information on our products: We may contact you regarding your purchase or other matters regarding transactions between us, or your customer relationship with us, or send you information on our products by e-mail, unless you have asked us not to do so; and we may also use your e-mail address to send you information about our services that we think may be of interest to you by way of informational e-mails, unless you have asked us not to do so.
Your right to review and amend personal data
You have the right to review your personal data and sensitive personal data held by us and have any inaccurate information about you corrected. If you wish to do so, or to notify a change in your details, please contact The Data Protection Officer on firstname.lastname@example.org or in writing to Xpat Limited, 1 Olympic Way, London HA9 0NP, United Kingdom. You may be charged a fee (subject to the statutory maximum) for supplying you with such data.
How to request that we cease processing your personal data
If at any time you wish us to cease processing your personal data or sensitive personal data, or contacting you for marketing purposes, please contact The Data Protection Officer by email to email@example.com or in writing to Xpat Limited, 1 Olympic Way, London HA9 0NP, U.K
First and third-party cookies: whether a cookie is ‘first’ or ‘third’ party refers to the domain placing the cookie. First-party cookies are those set by a Website that is being visited by the user at the time (e.g. cookies placed by www.prismxpat.com).
Third-party cookies are cookies that are set by a domain other than that of the Website being visited by the user. If a user visits a Website and another entity sets a cookie through that Website, this would be a third-party cookie.
Persistent cookies: these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the Web site that created that particular cookie.
Session cookies: these cookies allow Website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
How to delete and block our cookies
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
If you do not wish to accept cookies in connection with your use of this Web site, you must stop using our site.
What cookies do we use and why?
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
We also allow some of these companies to use tracking pixels. Tracking pixels may be used to collect and store information about visits to our website, such as which pages you viewed and how long you spent on the website, as well as the specific advertisement that you clicked to visit our site. No personally identifiable information is stored on these cookies or web pixels. The information reported to us is aggregated and anonymous. We use this information to understand, for example, the effectiveness of our advertising and marketing.
What specific cookies do we use on www.prismxpat.com?
List of cookies used on this website:
Cookie Name: _ga
Purpose: Google Analytics – Used to distinguish users.
Cookie Name: _gat
Purpose: Google Analytics – Used to throttle request rate.