We are committed to protecting and respecting your privacy and this policy (Policy) (together with our Terms and Conditions and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us in connection with the products or services we offer, including by or through this website (Services). Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
This website is not intended for children and we do not knowingly collect personal data relating to children via this website.
This Policy applies to the following three companies, which are collectively referred to as “InvestAcc”, “we” or “us”:
We will let you know which entity will be the controller for your personal data when you purchase a Service. InvestAcc Pension Administration Limited is the controller and responsible for this website.
Your personal data are held and processed by InvestAcc in accordance with applicable data protection laws, including the Data Protection Act 2018 (DPA 2018) and the UK GDPR.
THE TYPES OF PERSONAL DATA WE MAY COLLECT FROM YOU
Personal data means any information about an individual from which that person can be identified. We may collect and process the following personal data about you:
We may also collect and use the following sensitive or special categories of personal information about you:
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.
We record all inbound and outbound telephone conversations for training purposes, to comply with legal obligations applicable to us (e.g. rules laid down by the Financial Conduct Authority) and to enable conversations to be retrieved and considered in support of any investigation we may undertake in answer to a claim or complaint against InvestAcc. We will not share recorded telephone conversations with other parties unless in the defence of a claim or complaint.
We may collect information you provide us with regarding beneficiaries for pension products you have with us. We may also collect information on children where a parent or guardian acts on their behalf in relation to a Service with us, or where they have been named as a beneficiary. Except in relation to children (as explained in the previous sentence), if you provide us with personal data about another person, you must ensure that before you provide us with their personal data, you have their agreement to do so and that they are aware of the ways in which we use personal data as set out in this Policy.
The information we collect about you is not publicly accessible data. If we did not have this information, you (or your family) may not receive the benefits to which you are entitled under the provided by InvestAcc.
HOW AND WHEN WE COLLECT YOUR PERSONAL DATA
We collect the majority of the personal data that we process about you directly from you, including when you provide this to us by:
We may receive personal data about you from various third parties that we engage with in order to assist us with providing Services to you, including:
HOW WE USE YOUR PERSONAL DATA
Whenever we process your personal data, we are required by law to have a ‘legal basis’ for doing so. The legal bases we use to process your personal data will generally be one or more of the following:
There are many ways we will need to use your personal data in the context of your relationship with us. We have set out the main purposes in the table below and we have indicated the main applicable legal bases of processing. In some cases, more than one legal basis may apply to our use of your personal data and there may be other specific uses which are linked to or covered by the purposes set out below.
If you would like further information on the specific legal bases which we rely on in relation to any of the processing purposes we have set out below, please contact us using the details set out in the ‘Contact’ section below.
Purpose for Processing | Types of personal data | Legal Basis |
To carry out our obligations arising from any contracts entered into between you and us, and to provide you with our Services | · Identity Data · Contact Data · Financial Data · Transaction Data · Profile Data · Usage Data | · Contractual Necessity |
· Health Data | · Consent | |
To send you service messages about our Services | · Identity Data · Contact Data · Transaction Data · Technical Data · Profile Data · Usage Data | · Legitimate Interests: to contact you whenever we need to and provide you with relevant Service information |
For the effective running of pension schemes provided by InvestAcc | · Identity Data · Contact Data · Financial Data · Transaction Data · Profile Data · Usage Data · Image Data · Marketing and Communications Data | · Legitimate Interests: to ensure our Services are run and provided effectively; and/or · Legal Compliance: where we have a legal obligation in connection with the way we run and provide our Services |
To improve the Services we offer | · Identity Data · Contact Data · Transaction Data · Technical Data · Profile Data · Usage Data | · Consent: where personal data are captured by way of cookies or you have positively opted in to sharing personal data for marketing purposes; and/or · Legitimate Interests: in relation to personal data we otherwise capture across our business and use to ensure our Services are of the highest quality for our customers |
To personalise your customer experience on our website. For this purpose, we use Cookies and similar technologies. For more information about how we use Cookies, please see our Cookie Policy. | · Identity Data · Contact Data · Technical Data · Profile Data · Usage Data · Marketing and Communications Data | · Consent: where personal data are captured by way of cookies which require you to positively opted in; and/or · Legitimate Interests: in relation to personal data we otherwise capture across our business and use to tailor your customer experience |
To send you marketing emails about our Services, events or features that we think may be of interest to you | · Identity Data · Contact Data · Transaction Data · Technical Data · Profile Data · Usage Data · Marketing and Communications Data | · Consent: where personal data are captured by way of cookies or you have positively opted in to sharing personal data for marketing purposes; and/or · Legitimate Interests: where you are an existing customer, we also rely on our legitimate interests to increase our customer engagement |
To send you any postal marketing materials about our Services, events or features that we think may be of interest to you | · Identity Data · Contact Data · Marketing and Communications Data | · Legitimate Interests: to increase our customer engagement and boost our target audiences |
To improve our marketing communications. For this purpose, we use Cookies and similar technologies for data analytics purposes. For more information about how we use Cookies, please see our Cookie Policy. | · Identity Data · Contact Data · Technical Data · Profile Data · Usage Data · Marketing and Communications Data | · Consent: where we collect Technical Data via cookies, we do this on the basis of your consent, or in the case of essential cookies, on the basis of our legitimate interests in order to operate this website and ensure its security · Legitimate Interests: to offer you the most tailored and bespoke customer experience |
To allow you to update and manage your contact and marketing preferences | · Identity Data · Contact Data · Technical Data · Profile Data · Usage Data · Marketing and Communications Data | · Consent: where personal data are captured by way of cookies or you have positively opted in to sharing personal data for marketing purposes; and/or · Legitimate Interests: otherwise where we process your personal data to ensure that you have control over your own contact and marketing preferences |
To respond to any enquiries and/or complaints | · Identity Data · Contact Data · Financial Data · Transaction Data · Technical Data · Profile Data · Usage Data · Image Data · Marketing and Communications Data | · Legitimate Interests: to manage our relationship with you and ensure that we are able to support you with any queries or complaints |
To update our records | · Identity Data · Contact Data · Financial Data · Transaction Data · Technical Data · Profile Data · Usage Data · Image Data · Marketing and Communications Data | · Legitimate Interests: to ensure that we have accurate and up to date information. |
To administer and protect our business and this website, including to prevent or detect fraud or abuses of our website and safeguarding your personal and financial data | · Identity Data · Contact Data · Financial Data · Transaction Data · Technical Data · Profile Data · Usage Data | · Legal Compliance: where the activity is to ensure we meet our legal obligations and prevent or detect fraud; · Contractual Necessity: where we process personal data to ensure appropriate steps are taken to meet the terms in our contract with you, including payment of taxes or otherwise; and/or · Legitimate Interests: otherwise to protect our business and customers |
To comply with our financial record keeping obligations | · Identity Data · Contact Data · Financial Data · Transaction Data | · Legal Compliance as applicable where we have a legal duty to meet; or · Legitimate Interests: where we otherwise process data to ensure that we are compliant with our legal obligations |
To protect our customers, offices, assets and partners from crime. For this purpose, we use CCTV. Wherever we use CCTV for this purpose, we will provide appropriate signage to inform you that this is the case. | · Image Data | · Legal Compliance: as applicable where we have a legal duty to meet; or · Legitimate Interests: where we otherwise process personal data to ensure the security of our premises, our staff and our customers |
To develop, test, maintain and improve our systems and website | · Technical Data · Profile Data · Usage Data | · Legitimate Interests: to ensure that our systems and website are secure and reliable |
To comply with our legal obligations (where applicable) to share personal data with law enforcement and/or government bodies | · Identity Data · Contact Data · Financial Data · Transaction Data · Technical Data · Profile Data · Usage Data · Image Data | · Legal Compliance: as applicable where we have a legal duty to meet |
To enable our third-party service providers to carry out technical or other functions on our behalf | · Identity Data · Contact Data · Financial Data · Transaction Data · Technical Data · Profile Data · Usage Data · Image Data · Marketing and Communications Data | · Legitimate Interests: to ensure that our Services are appropriate and (where applicable) delivered in a timely fashion |
To anonymise and aggregate your personal data for our own data analytics purposes | · Technical Data | · Legitimate Interests: to allow us to make improvements to our Services |
Consent
Where consent is our legal basis for processing your personal data, you can withdraw your consent at any time, and we will then stop any future processing for that purpose. If you wish to withdraw your consent, then please contact us using the details set out in the ‘Contact’ section at the end of this Policy.
If you choose not to share your personal data with us, or refuse certain contact permissions, we may be unable to provide some of the Services you’ve asked for.
Legitimate Interests
Where required under applicable data protection laws, we have determined, acting reasonably and considering the circumstances, that we are able to rely on legitimate interests as the lawful basis on which to process your personal data in certain circumstances (as set out in the table above).
We have reached this decision by carrying out a balancing exercise to make sure our legitimate interest is not overridden by your privacy rights as an individual, and we consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests as:
MARKETING AND YOUR RIGHTS
If you are an existing customer or you have consented to receiving marketing communications by phone, email or direct message, or otherwise in connection with postal marketing, we may send you information on any events or news about our Services that we believe may be of interest to you. You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by refusing your consent at the time of collection, at any time by using the ‘unsubscribe’ link in any marketing email we send you, or at any time by contacting us using the details set out in the ‘Contact’ section at the end of this Policy.
Our website may, from time to time, contain links to and from the websites of our members, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
DISCLOSURE OF YOUR INFORMATION
We sometimes share your personal data with third parties so that they can assist us in providing Services to you. These third parties will only process your personal data on our specific instructions, and we remain responsible for ensuring that your personal data are protected and processed lawfully by anyone that we share it with. Some examples of these third parties are set out as follows:
In some specific circumstances, we may also share your personal data with third parties who process it for their own purposes. Those third parties will have their own legal obligations to protect your personal data, and you will have legal rights that you can enforce directly against them. Some examples of these third parties are set out as follows:
If we sell, transfer or merge parts of our business or our assets, or if we buy or acquire any business or assets, we may share the personal data held by us with the prospective buyer or seller of such business or assets. If substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal data held by us will be one of the transferred assets.
Social Media Platforms
We use a number of social media platforms to communicate with you and to promote our Services. We do this in a number of ways:
Where we share personal data with social media platforms as described above, we are joint controllers with these platforms for certain processing activities. Each of the platforms and us have:
For further information about how these third-party social media platforms process and use the personal data we share with them, please read their privacy policies which can be found on each platform’s own website, as follows:
We use Google Analytics on our website (Google Privacy Policy). This means that we may use cookies to collect online identifiers about your use of our website, including Technical Data, which we may use for the purpose of better understanding our customers and your use of our website. Google may transfer the personal data collected by it on our behalf outside of the United Kingdom. See here for further information on Google Analytics.
If you would like further information about any of the third parties with whom we share your personal data, please contact us using the details set out in the ‘Contact’ section below.
COOKIES
Cookie is a general term often use to describe a number of technologies. Cookies are small text files that are stored on your computer or other device by any websites that you visit. Web beacons and pixels are tiny invisible images placed within email messages which tell us if you have opened an email and how you interreacted with it. For the purpose of this Policy and our Cookie Policy, we refer to all of these technologies as “cookies”.
We may collect information about your computer or other device, including where available your IP address, operating system and browser type, for system administration, to improve the structure and content of our website, to make our website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how our website is used so that we can make sure it is as up to date, relevant and error free as we can and to report aggregate information to regulators and our members as requested and appropriate (this is statistical data about our users’ browsing actions and patterns, it does not identify any individual).
We also use cookies to try to ensure that our emails and electronic marketing messages which we send to you reflect the interests of our customers and website users.
Further information about how our website use cookies can be found in our Cookie Policy.
HOW AND WHERE WE STORE YOUR PERSONAL DATA
The personal data that we collect from you will not be transferred to, and stored at, a destination outside the UK.
All information (including personal data) you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet (including email) is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
PERSONAL DATA RETENTION
We have a retention policy which means we do not keep information we hold about you for longer than necessary unless we there is a legal obligation to do so.
YOUR LEGAL RIGHTS
You have the following rights in relation to the personal data that we hold about you:
How to exercise any of your rights
Further information about your rights in the UK can be found on the Information Commissioner’s Office (ICO) website here: https://ico.org.uk/
For more information on your legal rights, or if you would like to exercise any of them, please contact us using the details set out in the ‘Contact’ section at the end of this Policy.
To protect the confidentiality of your personal data, we will ask you questions in order to verify your identity before proceeding with any requests to exercise your rights.
MAKING A COMPLAINT
If for any reason you are not satisfied with our response, you can make a complaint to the ICO at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
CHANGES TO THIS POLICY
We may update this Policy from time to time at our sole discretion. Any changes we may make to this Policy in the future will be posted on our website and we encourage you to review this Policy periodically. If you continue to use the Services after we change this Policy, then you accept all such changes.
TERMS AND CONDITIONS
For our Terms and Conditions please click here.
CONTACT
If you have any questions, comments or requests regarding this Policy, or if you or if you would like to exercise any of your legal rights, please contact us by email at: [email protected]
Last updated: 08 October 2024
InvestAcc, Solway House Business Park, Kingstown, Carlisle, CA6 4BY.
InvestAcc Pension Administration Limited and InvestAcc Limited are both Regulated and authorised by the Financial Conduct Authority.