PRIVACY
Orwell Securities (Ipswich) Limited understands that the information you trust us with is important to you, and we are committed to protecting and respecting your privacy.

This Policy explains how, when and why we collect your personal information during the course of providing services to you, under what circumstances we may disclose your personal information to others, and how we keep it secure in line with the General Data Protection Regulation (GDPR).

GDPR can be complex so we have given examples of some of the terms used with a description to help you understand what they mean.
Data controller ("us"): Orwell Securities (Ipswich) Limited.
Data Subject ("you / your"): You and, where applicable, your employees, co- trustees, colleagues, clients, advisers, agents or family members whose Personal Data we hold.
Data Processor (the Processor(s)"): Business or individual processers we may pass your personal data to, in order to fulfil our contract or proposed contract with you.
Introducer ("the Introducer(s)"): Businesses or individuals we may receive your personal data from in order to advise you.
Data Protection Officer: Stephen Henry
Introduction
We only collect personal information about you or your family where it is completely necessary or you have consented, and we ensure that we only collect information that we need which can be held in either paper or electronic format.

Personal data is defined as any information about an individual from which that person can be directly or indirectly identified. There are also "special categories" of personal data requiring a higher level of protection because the data is of a more sensitive nature. The special categories of personal data comprise information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.

We may collect, use and process or pass to Data Processors a range of personal data about you. This may include personal data related to:
  • your contact details, including your name, address, telephone number and personal e-mail address, banking, credit/debit card details, your emergency contact details/next of kin, your date of birth and your gender.
  • information about your use of our IT systems, our websites, telephone numbers and e-mail.
  • your preferences in receiving marketing data from us and your communication preferences.


In certain circumstances we may also collect, use and process, or pass to Data Processors, the following special categories of your personal data (as applicable):
  • information about your health and biometrics.
  • information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation.


We may collect personal data about you in a variety of ways. This may include data collected during our work, or proposed work, for you either directly from you or sometimes from an Introducer or other Data Subject such as an Accountant, business partner or previous Employer. We may also collect personal data from other external third parties, such as references from former advisers, information from background checks and identity check providers, information from credit reference agencies and information from Companies House.

Your personal data may be stored in different places, including within our IT systems and our Data Processor's systems, on our premises and within our storage facilities.
Why and how do we use your personal data?
We will use your personal data in one or more of the following circumstances:
  • where we need to do so to perform the contract for services we have entered into with you, or where we are preparing for such a contract or have fulfilled a contract.
  • where we need to comply with a legal, regulatory requirement or professional governing body obligation.
  • where, in respect of marketing, you have opted-in to our marketing preferences.
  • where it is necessary for our legitimate interests (or those of a Processer, Introducer or third party), and your interests or your fundamental rights and freedoms do not override these interests.
Why and how do we use special category personal data?
We will only collect and use Special Categories of personal data, when the law, regulatory requirements, professional governing bodies require us to do so or it is required to enable us to fulfil our contract with you. We may process special categories of personal data, and information about under 16s or criminal convictions and offences only where we have your consent, and in the case of under 16s, where we have a Guardian or Parent's consent to do so. It is entirely your choice whether to consent, and you can withdraw your consent at any time. This consent may be given through our systems, email, correspondence or other means. Verbal agreement, confirmed by a file note by us, will be accepted where this is the best reasonable option.

Where we or the Data Processors process other special categories of personal data, this is done only for the purpose of equal opportunities monitoring and in line with our data protection policy. Personal data that we use for these purposes is either anonymised or is collected with your consent, which can be withdrawn at any time. It is entirely your choice whether or not to provide this personal data.

We may also occasionally use your special categories of personal data, where it is needed for the establishment, exercise or defence of legal or regulatory claims or in association with insurance or anti-Money Laundering processes.
Change of purpose
We will only use your personal data for the purposes for which we collect and retain it. If we need to use your personal data for a purpose other than that for which it was collected, we will provide you with information about the new purpose prior to that further processing. You may request the legal basis which allows us to process your personal data for the new purpose at any time.
Who has access to your personal data?
Your personal data is shared internally in our office. We may share your personal data with third parties and Data Processors where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party). Third parties may include IT and cloud service providers, other professional advisory firms, insurance and investment companies and HMRC.
Information Security
We have put measures in place to protect the security of your personal data. These are internal policies, procedures and controls which are there to minimise the risk of your personal data from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those who have a clear business need. You can obtain further information about these measures from the Data Protection Officer.

Where your personal data is shared with third-parties and Data Processors, we require all such third parties and Data Processors to take appropriate technical and organisational security measures to protect your personal data, and to treat it subject to a duty of confidentiality and in accordance with data protection law. We allow them to process your personal data only for specified purposes and in accordance with our written instructions. We do not allow them to use your personal data for their own marketing purposes.

We have procedures in place to deal with a suspected data security breach and we will notify the Information Commissioner's Office (and/or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
How long do we need to keep your personal data?
The information we collect about you is subject to various regulatory and legislative requirements. In addition, we will endeavour not to keep your personal information for longer than we have to for us to fulfil our obligations to you. Where it is not possible for us to delete your data, we will ensure the appropriate security and organisational measures are put in place to protect the use of your information.

In the limited circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. If you believe that we have not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner's Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues. The ICO website is www.ico.org.uk.

Where your personal data is held in an archive containing data that cannot easily be separated and may contain other data requiring to be held for a longer period, we may, at our discretion, retain the full filing for longer than six years in reflection of this. For clarity, it should be noted that such personal data may be held by us or Data Processors, in electronic or paper format, on our premises or at any storage premises used by us. In the event that we collect your personal data but you do not become a client or you are no longer a client, we will retain your personal data for one year, or longer, where required to do so by law or regulatory needs. Personal data which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems as far as practicable.
Your rights in connection with your personal data
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes e.g. you have a new home or email address.

We cannot be held responsible for any errors in your personal data in this regard unless you have notified us of the relevant change.

As a Data Subject, you have a number of statutory rights. Subject to specific conditions, and in certain circumstances, you have the:

  • Right of Access – you can request a copy of the information we hold about you. We will provide this information within one month of receiving your request and verifying your identity. If the request is complex, we may extend the response time.
  • Right of Rectification – we want to make sure your information is accurate and up to date. You may ask us to correct, update or remove information you think is inaccurate or incomplete, and we ask that you inform us promptly of any changes in your circumstances.
  • Right to Erasure – you may ask us to erase your personal information from our systems, in certain circumstances. There are some specific circumstances where the right to erasure does not apply and we are permitted to hold your data indefinitely. We will explain the reason for this at the time, should this occur.
  • Right to Restricting Processing – you have the right to request that we restrict processing of your data in certain circumstances. We will inform our third parties to whom we have disclosed your personal data that they must also restrict processing. We will inform you when the restriction on processing your personal data ends.
  • Right to Data Portability - you can ask us to move or 'port' your personal information to another organisation electronically. We will only port personal information you have provided to us, that we have processed based on your consent or performance of a contract, or that has been processed automatically. We will port your personal information without charge and within one month, where technically feasible.

Should you wish to exercise any of these rights, please write to our Data Protection Officer.
Transferring your information outside of the European Economic Area (EEA)
We may transfer your personal data to countries outside the European Economic Area (EEA), where there is an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your personal data are deemed to provide an adequate level of protection for your personal data.
Changes to our Privacy Policy
Orwell Securities (Ipswich) Ltd reserves the right to update or amend this Privacy Notice at any time. We will publish a new Privacy Notice when we make significant updates or amendments.
Contact
If you have any questions about this Privacy Notice or how we handle your personal data, please contact us: By email: osl@oslifa.co.uk By letter: Stephen Henry, Orwell Securities (Ipswich) Ltd, Cleveland House, 5 Sorrel Horse Mews, Ipswich, IP4 1LN.