Introduction
On 25thMay 2018, the new regulations regarding the General Data Protection Regulations (GDPR) comes into place. In accordance with these regulations, Mackinnon wishes to highlight its conformity with these new rules as well as expressing to our clients the purpose of processing their personal data.
Mackinnon is a financial services provider located on the Isle of Wight, U.K. Our business needs to collect and process client information in order to benefit our clients in the most precise way and help them with their financial needs.
Mackinnon understand that the security of your personal data is of paramount importance. Mackinnon takes great care to ensure your data is secure and protected at all times, through both electronic and physical means.
If you wish to contact us for more information or issues regarding GDPR, our telephone number is +44 (0) 1983 282 925 or you can write to us at:
I F Mackinnon & Company LLP
Northwood House,
Ward Avenue,
Cowes,
Isle of Wight,
PO31 8AZ
Definitions
It is important to outline some of our key terminology that we use. When referring to Mackinnon, the following words can be substituted: “we”, “our”, “us”, “the Company”, “IFM” or “the business”. When we refer to “you” or “your”, we are referring to the person(s) reading the document; this can be either a client or an employee. A client can also be a “subscriber”.
Personal data or information refers to any information which can identify an individual, for example a name, address or email. The information we collect includes but is not necessarily limited to:
- name
- address(es)
- company
- financial information
- phone number
- skype/social media pages
We will only ever collect personal data such as name, address(es), telephone, emails, company etc., and never any sensitive personal data unless in exceptional circumstances. Sensitive personal data can include but is not limited to:
- religious beliefs
- sexual orientation
- political standing
General information
We understand the need for transparency when collecting and processing your data. The following questions aim to answer any queries you might have regarding our use of your personal information. If you feel your questions have not been sufficiently answered or you have any other questions, please email us at enquiries@ifmackinnon.co.uk or contact us at the above address or telephone number.
Who collects your data?
Any of our employees can collect your personal data. This can be done through a variety of methods, such as email, telephone, through our website, letter or in person. In addition, we may collect client information through the use of networking, business cards, personal acquaintances and associates.
Alternatively, clients can provide their own information by contacting us through our website, by phone, email, letter or by other means. We collect personal data when an individual contacts us with a question, complaint, comment or feedback (such as name, contact details and contents of the communication). In these cases, the individual is in control of the personal data shared with us and we will only use the data for responding to the communication.
How is it collected?
Our data can be collected by either electronic means such as email or telephone or manually for example postal requests or in person.
How is it stored?
We collect data electronically as this makes it easier to track, record, store and retrieve. However, we may also hold data on paper as well as through recorded phone conversations.
Why do we collect your data?
In order to fulfil our business purposes as financial advisors, personal information has to be collected by Mackinnon. This is so we can tailor the best financial solutions, plans and advice to our client but also so we can communicate efficiently and easily with our clients. We will only ever collect personal data such as name, address(es), telephone, emails, company etc., and never any sensitive personal data unless in exceptional circumstances. Sensitive personal data can include but is not limited to religious beliefs, sexual orientation and political standing.
How do we use your data?
Personal data collected by Mackinnon is be used to contact you for advice, future investment ideas, to update you on your current investments or contracts with us. We will not contact you with anything unrelated to Mackinnon or our business purposes, or any marketing information unrelated to you.
Who will it be shared with?
Personal data will only be shared with certified Mackinnon third-party contractors and never with unauthorised persons or companies. Client information is available to authorised Mackinnon employees. In addition, we have the strictest policies in place regarding confidentiality with staff and outside contractors.
Employee confidentiality
All of our employees recognise the importance of keeping your personal data safe and secure. Upon joining the IFM team, all employees must sign a confidentiality agreement explaining the need for client confidentiality and the consequences of unauthorised sharing. When they leave the must also sign a confidentiality agreement.
Third-party sharing
When we do share your data with third-parties, we ensure your data is secure with data protection, confidentiality, security guidelines and policies. Before sharing any of your data, the third party is required to sign a non-disclosure agreement. If this contract is broken in any way, we are liable to take legal action against the third-party.
If for any reason your data needs to be shared with a company outside of the EU, and therefore outside the restrictions of the GDPR, we will ensure that said company has the same standard of data protection as us.
What will be the effect of this on the individuals concerned?
If your data needs to be shared outside of the registered employees of Mackinnon, i.e. to a third-party or other Mackinnon registered company, you will be informed and asked for consent before the information is shared.
Is my data being processed legally?
All our current and prospective clients are made fully aware of our business purposes and processes. This information is made clear to our clients when they first meet or contact one of our employees, if they have not already found the information on our website or one of our social media platforms. We have listed our lawful bases for controlling data below, in our ‘Individual Rights’ section.
You can email us at enquiries@ifmackinnon.co.uk with a complaints form. If you wish to further your complaint about our data processing purposes or procedures, you can contact the Information Commissioner’s Office directly via their website (ico.org.uk) or telephone.
Reviews
Our privacy notice and policies will always be reviewed, and updated if necessary, every six months. However, we reserve the right to alter our Policy at any time if we chose to do so. We can email you if we make any serious amendments to our Privacy Policy.
Individual rights
With the implementation of GDPR, the rights of individuals concerning their data have changed. We have highlighted the primary changes to individual data rights below and what this will mean for you. For more information about your personal data rights, go to the ICO’s website.
The right to be informed
Individuals have the right to be informed about the collection and use of their personal data. We collect your personal information from you yourself or a confidential third party.
Lawful bases for processing
Mackinnon collects client data for financial contract and investment purposes. This type of information includes but is not limited to, name, company, address, contact numbers and emails, job description, net wealth and in the case of investments, bank details. These details are needed in order to fulfil our business purposes as financial advisors and equity holders. Below we have listed what we consider to be our lawful basis for processing:
a) consent – the individual has given clear consent to process their personal data for a specific purpose.
b) legitimate interests – if the individual data subject can reasonably expect at the time and in the context of the collection of the data that processing for that purpose may take place and the interests and rights of the individual do not override the interests of the data controller.
Access to personal data
You have the right to access your personal information through us at any time. This can either be done via email, telephone, in person or through our website. We will not charge you for this service and we will provide it via you preferred method of contact. We will attempt to do this without undue delay and as promptly as possible, within one month.
Amendment of personal data
If you wish to amend your information, either because it is inaccurate, false or for another reason, you can contact us to amend your data. However, it is your responsibility to provide accurate data at the point of contact; failure to do so can result in legal action by the ICO.
Withdrawal of consent and erasure
Clients have the right to withdraw their consent at any time. We will not charge for these services. This means that your personal data will be removed entirely from our systems and we will not be able to contact you again. If you decide you would like to subscribe with us again, you can do so through our website or contact details.
However, we are required by the Financial Conduct Authority (FCA) to keep all contractual evidence and details for a minimum of seven years.
Restricted processing
Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing. We have one month to respond to a request.
Data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services, allowing you to move, copy or transfer personal data easily. If you request your data from us, we will supply it in an easy, machine-readable format and within the period of one month. We will not charge you for this service. However, if the personal data concerns more than one individual, you must consider whether providing the information would prejudice the rights of any other individual and consent from the other must also be obtained before disclosure.
We can extend this time by two months if the request is complex or we receive multiple requests at once. The individual must be informed within one month upon receiving the request and explain why the extension is necessary.
If we decide not to act in response to your request, we must explain why to you and inform you of your right to complain to the supervisory authority (ICO) and to a judicial remedy without undue delay and within one month at the latest.
Objection
We do not process data for marketing, scientific, historical or public practices.
Individuals have the right to object to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
Rights in relation to automated decision making and profiling
Automated decision making is defined as the profiling of an individual’s data without any human involvement and only through automated means. At Mackinnon, we do not use automated decision making and profiling.
Staff and recruitment
We hold personal data of our employees as well as our clients, for the purposes of administration and management. For more information for staff, please see the Employee Handbook (IFM62020).
Visitors and guests
On the occasion that we have visitors or guests to IFM, we take care to ensure no information is available to those outside our workforce. We have security measures in place at our office such as building access codes and CCTV. All guests and visitors are escorted to our offices by a member of our staff.
As we are such a small company, we very rarely have unauthorised or unknown visitors. Any person visiting our office must make an appointment with our staff prior to their admittance.
For further information please see our policy Physical Security(IFM82245).