PRIVACY & COOKIE POLICY

 

As operators of various products, services and websites (together the “BP Services”), including http://bestpractice.co.uk/ (“Website”) and the Best Practice compliance and regulatory support services (“Compliance Services”), Best Practice IFA Group Ltd ("We", “Us”) is committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) (together with any other documents referred to therein) sets out the basis on which the personal data collected from you, or that you provide to Us will be processed by Us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it.

For the purpose of the General Data Protection Regulation (“GDPR”, from the GDPR implementation date) or, until GDPR implementation date, the Data Protection Act 1998, (collectively the “Data Protection Laws”) Best Practice IFA Group Limited is a Data Controller of your personal data.

 

IMPORTANT NOTICE ABOUT OUR COMPLIANCE SERVICES: We provide Compliance Services to your independent financial advisers (“Advisers”). Advisers rely on Us to assist with various aspects of their compliance activity, including FCA compliance, AML checks and data protection. As part of the Compliance Services We provide to Advisers, Advisers will send across personal data they have collected, which We will use as part of the Compliance Services We provide to them. For more information on this, please refer to the service charter (“Service Charter”) you received from your Adviser.

Your Adviser will also be a Data Controller in respect of your personal data. You should contact your Adviser should you have any enquiries relating to their processing of your personal data in the course of providing their services to you.

 

YOUR PERSONAL INFORMATION

Information We collect from you

We collect and process some or all of the following types of information from you:

  • Specifically, personal details such as name, postal address, email address, date of birth, gender, health status, PEP status, salary and other information relating to your assets and liabilities telephone number or any other information supplied by you in the Service Charter provided to Us by your Adviser as part of the Compliance Services We provide to them.
  • Specifically, personal details such as name, email address, or any information input by you when using the Website.
  • If you contact Us, We may keep a record of that correspondence.
  • Details of your access to the Website, including your IP address, information viewed or searched for, page response times, lengths of visit, login information, browser type and version, traffic data, location data, weblogs and other communication data, and the resources that you access, so we may compile statistics relating to your use of the Website.

 

When submitting general enquiries through to Us (including through the Website), your name and e- mail address are required from you to enable Us to respond to your enquiry.

We will inform you at the point of collecting information from you, whether you are required to provide any other information to Us.

 

USES MADE OF YOUR INFORMATION

Lawful basis for processing

We rely on the fulfilment of Our contractual obligations pursuant to Our agreement with your Adviser and the adherence to Our own service charter as the lawful basis for processing your personal data.

Where you have contacted Us via the Website, by e-mail or telephone or participated in any surveys, we rely on “legitimate interest” and the legitimate interest is responding and contacting you regarding the enquiries you have made in relation to the services We offer.

 

Purposes of processing

We use information held about you in the following ways:

  • As part of the Compliance Services We provide to your Advisers.
  • As part of any reports and submissions We prepare and send to regulatory authorities such as the FCA.
  • To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you.
  • To operate, protect, improve and optimise the BP Services, Our business, and Our users' experience, such as to perform analytics, conduct research, personalise or otherwise customise your experience, and for advertising and marketing.
  • To ensure that content on the BP Services are presented in the most effective manner for you and for the device(s) you use to access and use the BP Services.
  • To respond to any enquiries you submit to Us;
  • As part of Our efforts to keep the BP Services safe and secure.
  • To carry out Our obligations under Our agreement with your Adviser.

 

DISCLOSURE OF YOUR INFORMATION

As part of your use of certain BP Services, We may share your personal data with third party regulatory authorities such as the FCA and the Financial Ombudsman Service.

We may pass your personal data to Our third party service providers, agents, subcontractors and other associated organisations for the purposes of: (i) completing tasks and providing services to you on our behalf (e.g. to host Our servers) and (ii) storing, protecting and securing your personal data.

We may disclose your personal data to any member of Our corporate group, which means Our subsidiaries, Our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).

We may also disclose your personal data to third parties:

  • in the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets; or
  • if We or substantially all of our assets are acquired by a third party, in which case personal data held by Us about our customers will be one of the transferred assets; or
  • if We are under a duty to disclose or share your personal data in order to comply with any legal or other regulatory obligation, including the orders of the FCA or any court of competent jurisdiction; or
  • to protect Our rights, property, or safety or that of our affiliated entities and any third party We interact with as part of the compliance and regulatory services We provide to your Adviser.

Other than as set out above, and save insofar as is necessary in order for Us to carry out our obligations arising from any contracts entered into between you and Us, We will not share your data with third parties unless We have procured your express consent to do so.

 

STORING YOUR PERSONAL DATA

Security

We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to Us; any transmission of your data to a BP Service is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.

 

Keeping your personal data up to date

If your personal details change you may update them by contacting your Adviser. With certain BP Services, you may update your personal data by contacting Us directly using the contact details below. If you are unsure as to who you should contact, We will endeavour to advise you accordingly. If you have any questions about how We use data collected which relates to you, please contact Us by sending a request by email to the contact details below.

Where you have contacted Us regarding an update to your personal data and We agree that this should be dealt with by Us as opposed to your Adviser, We will endeavour to update your personal data within 14 working days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is as accurate and up to date as possible.

 

How long We keep your personal data

  • We will hold your personal data relating to occupational pension transfers indefinitely in order to comply with the requirements of Our regulators from time to time.
  • We are required to hold your personal data relating to your investments for a minimum period of 5 years and will continue to do so for so long as Our regulators require.
  • If you contact Us as a prospective customer using Our e-mail address or via Our Website contact form, requesting general information about our services, We will hold that personal data you choose to provide such as your name, address, e-mail address, for 12 months from Our last point of contact.
  • If you contact Us as a prospective customer using Our e-mail address or via Our Website contact form, requesting quotes and information about Our services in respect of specific projects, We will hold that personal data you choose to provide such as your name, address, e-mail address, for 12 months from Our last point of contact.
  • Data such as IP addresses, traffic data, location data, weblogs and other communication data will be retained for 12 months.

 

Where we store your personal data

All information We hold about you is stored on our secure servers within the EEA.

The data that We collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is held securely and in accordance with this Policy. Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA and We have therefore ensured that any of our suppliers who may transfer your personal data outside the EEA has put in place appropriate measures to protect your data, either by being a member of the US-EU Privacy Shield, or by entering into a European Commission approved contract (as permitted under Article 46(5) of the General Data Protection Regulation).

If you would like further information please contact your Adviser. You may also contact Us using the contact details below. We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

 

YOUR RIGHTS

 

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • access to your personal data and to certain other supplementary information that this Policy is already designed to address
  • require Us to correct any mistakes in your information which We hold
  • require the erasure of personal data concerning you in certain situations
  • receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal data concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal data
  • otherwise restrict our processing of your personal data in certain circumstances
  • claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

 

If you would like to exercise any of those rights, please:

  • email, call or write to Us using the “Contact” details below;
  • let Us have enough information to identify you,
  • let Us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let Us know the information to which your request relates.

 

HOW TO COMPLAIN

We hope that We can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory

authority    in    the    UK    is    the    Information    Commissioner    who    may    be    contacted    at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

 

CHANGES TO OUR PRIVACY POLICY

We reserve the right to modify this Policy at any time. Any changes We may make to our Policy in the future will be notified and made available to you through the applicable BP Service. Your continued use of the BP Service shall be deemed your acceptance of the varied Policy.

 

INFORMATION ABOUT OUR USE OF COOKIES AND IP ADDRESSES

Where relevant, We may collect information about your mobile phone, computer or other device from which you access the Website including where available your IP address, operating system and browser type, for systems administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data We have about you in order to track your usage of our services.

Our Website uses cookies to distinguish you from other users of Our Website. This helps Us to provide you with a good experience when you browse Our Website and also allows Us to improve the Website. By using Our Website you agree to our use of cookies as more specifically set out below.

A cookie is a small file of letters and numbers that We store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

For the Website, We use the following cookies:

Cookie

Name

Purpose

Expiry of Cookie and Further Information

ctsuite

CTSuite

Single Sign-on

Session

ASP.NET_S

essionId

ASP.NET Session cookie

Manage the user’s session

Session

sess_LastRe newTimeSt amp

Session Renew

Manage the minutes remaining in the session to give the user a warning when the session will expire

1 week

sess_Remai ningMinute s

Session Renew

Manage the minutes remaining in the session to give the user a warning when the session will expire

1 week

    utma

Google Analytics

Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existingutma cookies exists. The cookie is updated every time data is sent to Google Analytics.

2 years from set/update

    utmt

Google Analytics

Used to throttle request rate.

10 minutes

    utmb

Google Analytics

Used to determine new

sessions/visits. The cookie is created when the javascript

30 mins from set/update

 

 

library executes and no existingutmb cookies exists. The cookie is updated every time data is sent to Google Analytics.

 

    utmc

Google Analytics

Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with theutmb cookie to determine whether the user was in a new session/visit.

End of browser session

    utmz

Google Analytics

Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

6 months from set/update

    utmv

Google Analytics

Used to store visitor-level custom variable data. This cookie is created when a developer uses

the _setCustomVarmethod with a visitor level custom variable. This cookie was also used for the

deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.

2 years from set/update

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our Website.

 

CONTACT

 

All questions, comments and requests regarding this Privacy Policy should be addressed to info@bestpractice.co.uk or write to Us at Sussex House, North Street, Horsham, West Sussex, RH12 1RQ.

Best Practice IFA Group

Sussex House
North Street
Horsham
RH12 1RQ

Email: info@bestpractice.co.uk

Tel: 01403 334455