Privacy Policy for CairnStone Pensions
At CairnStone Pensions, we are committed to protecting the privacy and security of the personal data we collect from our clients and website visitors. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you interact with our site, utilise our services such as pension advisory, retirement planning, wealth management, inheritance tax planning, ethical investment advice, and annuity selection. We adhere to the principles of the General Data Protection Regulation (GDPR) and other relevant data protection laws in the United Kingdom.
1. Information We Collect
We collect various types of information in connection with the services we provide and your use of our online platform.
- Personal Identification Information: This includes your name, date of birth, postal address, email address, telephone number, and national insurance number. This data is essential for client onboarding and regulatory compliance.
- Financial Information: Details regarding your income, assets, liabilities, existing pensions, investments, bank account details, and tax information. This is necessary for providing accurate and tailored financial advice.
- Sensitive Personal Data: In specific circumstances, and with your explicit consent, we may collect information pertaining to your health (e.g., for annuity selection or insurance purposes) or other sensitive data as required for our services.
- Technical Data and Usage Data: Information about how you access and use our site, including your IP address, browser type, operating system, referral sources, pages viewed, and the times and dates of your visits. This data is collected through cookies and similar technologies.
- Communication Data: Records of your communications with us, including emails, phone calls, and any correspondence through our site's contact forms.
2. How We Collect Your Information
We obtain information in a few different ways:
- Directly From You: When you complete forms on our site, communicate with us via phone or email, engage in financial planning meetings, or subscribe to our newsletter.
- From Third Parties: We may receive information from third-party partners, such as credit reference agencies, regulatory bodies, or financial product providers, where necessary for the provision of our services and with your consent or legitimate basis.
- Through Automated Technologies: As you interact with our site, we may automatically collect Technical Data about your equipment, browsing actions and patterns using cookies and other similar technologies.
3. How We Use Your Information
We use your personal data for the following purposes and under the following legal bases:
- To Provide Our Services: To deliver pension advisory, retirement planning, wealth management, inheritance tax planning, ethical investment advice, and annuity selection services. This is necessary for the performance of a contract with you.
- For Client Management: To manage our relationship with you, including sending service updates, processing payments, and responding to your enquiries. This is for the performance of a contract and our legitimate interests.
- To Improve Our Site and Services: To analyse how our site is used, troubleshoot problems, and improve user experience. This is based on our legitimate interests to grow our business.
- Marketing and Communications: To send you relevant information about our services, updates, or promotions, where you have opted in to receive such communications. You can opt out at any time. This is based on your consent or our legitimate interests.
- Compliance and Regulatory Obligations: To comply with legal and regulatory obligations, such as anti-money laundering (AML) regulations, financial reporting, and consumer protection laws. This is necessary for compliance with a legal obligation.
- Security and Fraud Prevention: For the prevention and detection of fraud, money laundering, and other criminal activities, and to maintain the security of our services. This is based on our legitimate interests and legal obligations.
4. Disclosure of Your Information
We may share your personal data with third parties in the following circumstances:
- Service Providers: We work with third-party service providers who assist us in operating our business, such as IT support, cloud hosting providers, compliance consultants, and payment processors. These providers are contractually obligated to protect your data.
- Financial Institutions and Product Providers: To facilitate the services you have requested, we may share your information with pension providers, investment companies, banks, and insurance companies. This is done with your consent or as necessary for the performance of our contract.
- Legal and Regulatory Authorities: We may disclose information when legally required to do so, for example, in response to a court order, subpoena, or government request, or to comply with regulatory obligations.
- Professional Advisors: Such as lawyers, accountants, and auditors, as necessary for the provision of their services to us, subject to strict confidentiality agreements.
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.
5. International Transfers
As a company operating in the United Kingdom, we primarily process data within the UK and European Economic Area (EEA). If we ever need to transfer your personal data outside the UK or EEA, we will ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Where the country has been deemed to provide an adequate level of protection for personal data by the UK Government or European Commission.
- Where specific contracts approved by the UK Information Commissioner's Office (ICO) or European Commission are used, which give personal data the same protection it has in the UK/EEA.
6. Data Security
CairnStone Pensions implements robust technical and organisational measures to protect your personal data from accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption: Use of encryption for data in transit and at rest where appropriate.
- Access Controls: Strict access controls to personal data, limiting access only to employees, agents, contractors, and other third parties who have a legitimate business need to know.
- Regular Audits: Regular security audits and assessments of our systems and practices.
- Employee Training: Ongoing training for our staff on data protection best practices and confidentiality obligations.
While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Client records and financial transaction data are typically kept for a minimum of five to seven years after the termination of the client relationship, in accordance with financial services regulations.
- Marketing preferences are retained until you opt out.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
8. Your Legal Rights
Under data protection law, you have specific rights in relation to your personal data. These include:
- The Right to Be Informed: About how we use your personal data.
- The Right of Access: To your personal data.
- The Right to Rectification: To have inaccurate personal data corrected.
- The Right to Erasure (the 'Right to be Forgotten'): To have your personal data deleted in certain circumstances.
- The Right to Restrict Processing: To limit the way we use your personal data.
- The Right to Data Portability: To obtain your personal data in a structured, commonly used and machine-readable format.
- The Right to Object: To the processing of your personal data in certain situations.
- Rights in Relation to Automated Decision Making and Profiling: Where applicable.
To exercise any of these rights, please contact us using the details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
9. Complaints
If you have any concerns about how we handle your personal data, please contact us directly so we can resolve your issue. You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Their website is: www.ico.org.uk.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be posted on our site with a new effective date. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or our data processing practices, please contact us:
CairnStone Pensions
2847 Threadneedle Street, Floor 12
London, Greater London, EC2R 8LA
United Kingdom