Privacy Policy

Introduction

Your privacy and trust are important to us and this Privacy Policy (“Policy”) provides important information about how [Attivo Group Limited, CRN: 05547209/ Attivo Financial Planning Limited, CRN: 05747914/ Attivo Financial Services Limited, CRN: 05927588] (“Attivo Group” “we” or “us”) handle personal information. This Policy applies to personal information which we process in the course of doing business including information processed through Attivo Group’s website and the services we provide (collectively, our “Services”).

Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices.

It is important that you check back often for updates to this Policy. If we make changes we consider to be important, we will let you know by placing a notice on our website and/or contacting you using other methods such as email.

This Policy is effective from 25 May 2018.

 

Purpose of the processing

We may process personal information about you in different ways depending on our relationship with you. Please click on the link below which most closely identifies your relationship with us:

  1. You are a client or former client of our financial services, to include where you are a client or former client of an Appointed Representative of Attivo Financial Services Limited, who act as the Principal.
  2. You are a supplier or an employee of a supplier to us.
  3. You are a third party with whom we are in contact during the delivery of services to our clients or the possible delivery of services to prospective clients.
  4. You are a prospective client or a prospective supplier.
  5. You were a client from an IFA business with whom we entered into a commercial arrangement and you ceased to be a client either before or after the transaction date.
  6. You were a client of a company or business which we have sold.
  7. You are or have been a member of a property syndicate where we are the syndicate coordinator.
  8. You are an employee, a former employee or a relative of either.
  9. You are a prospective employee.
  10. We have received your information from a third party.
  11. Your relationship with us is not covered by any of the above.

1. You are a client or former client of our financial services, to include where you are a client or former client of an Appointed Representative of Attivo Financial Services Limited, who act as the Principal

We will collect and store personal information including contact details of our clients, or the clients of Appointed Representatives of Attivo Financial Services Limited, so that we can provide our Services in accordance with our contract with you, held either directly or indirectly through one of our Appointed Representatives. Where we collect and store personal information as Principal to an Appointed Representative, this Privacy Policy should be read in conjunction with the Privacy Policy of the Appointed Representative. We will also retain that information and any information relating to the contract between us in accordance with our retention policy following completion of the contract(s) between us and after you cease to be our client so that we can review our performance if any complaints or issues arise after completion of the contract and reconcile any ongoing commission where this continues to be paid.The length of time that we keep client files will depend on the nature of the Services provided. Where we are advising our clients on a financial product or transaction, then we would usually retain a file for 80 years after conclusion of the matter. However, if relating to a pension transfer, pension conversion, pension opt-out or FSAVC, the file will be retained indefinitely, in line with regulatory requirements.

We will not send you general marketing information as part of a group emailing campaign unless you have consented to being contacted in this way.


2. You are a supplier or an employee of a supplier to us.

We will collect and store personal information including contact details of our suppliers and those employees of the supplier who are involved in the delivery of the contract so that we can receive your goods or services in accordance with our contract with you. We will also retain that information and any information relating to the contract between us for a period of 6 years following completion of the contract(s) between us so that we can review your performance if any complaints or issues arise after completion of the contract.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We are processing your personal information in this way because it is in our legitimate interests to grow our business and explore new business opportunities with you.We will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to being contacted in this way.


3. You are a third party with whom we are in contact during the delivery of services to our clients or the possible delivery of services to prospective clients.

We will collect and store personal information including contact details of third parties with whom we are in contact during the delivery of Services to our clients or discussions relating to Services to prospective clients. We may receive that information from you, a client, a supplier, an introducer or otherwise as a result of an interaction between you and our suppliers or clients.  We process that information because it is in our legitimate interests to do so in order for us to be able to perform our contracts for our clients or engage with prospective clients with a view to establishing a contract for services. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

Where your personal information is kept as part of a file relating to the performance of a contract with one of our clients, we will also retain that information and any information relating to that contract in accordance with our file retention policy following completion of that contract(s). This is so we can comply with the Financial Conduct Authority Regulations and so that we can review the file if any complaints or issues arise after completion of the contract. The length of time that we keep client files will depend on the nature of the Services provided. Where we are advising our clients on a financial product or transaction, then we would usually retain a file for 80 years after conclusion of the matter.

Where your information is stored in our contacts database but is not kept in a client or supplier file, we carry out a review of our contacts database every 2 years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it safely.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We are processing your personal information in this way because it is in our legitimate interests to grow our business and explore new business opportunities with you. We will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

We will not send you general marketing information as part of a group mailing, e-mailing or telephone campaign unless you have consented to be contacted in this way.


4. You are a prospective client or a prospective supplier.

We will collect, store and use personal information including contact details of people who we might do business with as a supplier or a client for the purpose of growing our business and exploring new business opportunities. We may collect this information from you, when you contact us (including through this website) or from a mutual contact. We will only collect contact information from your website or another third party website if we have identified you specifically as someone who may be interested in receiving a Service from us or delivering goods or services to us. We may contact you about new business opportunities for us to work together with you and to keep you informed of our activities.  

We are processing your personal information in this way because it is in our legitimate interests to grow our business and explore new business opportunities with you.  We believe that you would reasonably expect us to process your personal information in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

Where your information is stored in our contacts database but is not kept in a client or supplier file, we carry out a review of our contacts database every 2 years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it safely.

We will not send you general marketing information as part of a group mailing, e-mailing or telephone campaign unless you have consented to be contacted in this way.


5. You were an client from an IFA business with whom we entered into a commercial arrangement and you ceased to be a client either before or after the transaction date.

When we entered into a commercial contract with the IFA business that originally provided you with financial products and/or services (“Business”) your personal data was transferred to us as a result of that transaction. You are no longer receiving those services, however, we may retain some personal information that was transferred to us, including your contact details. We may also retain any information relating to the original contract between you and the Business in accordance with our retention policy following termination of the contract(s). This is because it is in our legitimate interests to retain the information so that we can review matters if any complaints or issues arise after termination of the contract and reconcile any ongoing commission where this continues to be paid. The length of time that we keep client files and the extent of the information that we keep will depend on the nature of the Services provided and our retention policy at the time of the acquisition. Where you were advised on a financial product or transaction, then we would usually retain a file for 80 years after conclusion of the matter.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to be contacted in this way.


6. You were a client of a company or business which we have sold.

When we sell a company or business that originally provided you with financial products and/or services (“Previous Business”) your personal data was transferred with the company or business to the new owner as a result of that transaction. We will retain some personal information, including your contact details. We will also retain any information relating to the original contract between you and the Previous Business or in accordance with our retention policy following termination of the contract(s). This is because it is in our legitimate interests to retain the information so that we can review matters if any complaints or issues arise in respect of the acts or omissions of any continuing Attivo Group company. The length of time that we keep client files will depend on the nature of the Services provided. Where you were advised on a financial product or transaction, then we would usually retain a file for 80 years after conclusion of the matter.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to be contacted in this way.


7. You are or have been a member of a property syndicate where we are the syndicate coordinator.

If You are a client and have agreed to become a member of a property syndicate administered by us, then we will collect and store your personal information including contact details for the purpose of administering the property syndicate in performance of our contract with you and the property syndicate. We will also retain that information and any information relating to the syndicate for a period of 6 years in accordance with our retention policy following the sale of the property and winding up of the syndicate so that we can review our performance if any complaints or issues arise after winding up of the syndicate.


8. You are an employee, former employee or a relative of either

We will collect and store personal information including contact details of our employees so that we can deliver a number of employee related services, in accordance with our employment contract with you. We will also retain that information and any information relating to the contract between us in accordance with our retention policy after you cease to be an employee so that we can review our performance if any complaints or issues arise after the termination of employment. We retain employee information for the purpose of referencing for 6 years after end of employment.

Where an employee has provided us with personal information about a spouse, civil partner or other family member/friend (where we have a legitimate interest to hold that information for example in relation to sharing an Attivo Group car, private medical insurance or other benefits or as an emergency contact), it is the employee’s responsibility to inform that person that the employee has provided us with their details and that we will be processing it in connection with the relevant benefit and/or policy in accordance with this privacy policy.

Click here to view our full privacy policy for employees, former employees or relatives of either.


9. You are a prospective employee or a referee of a prospective employee

If we have received your details in response to a recruitment initiative, we will store the personal information that either you, your recruitment agent or another third party has provided us with. We process that information because it is in our legitimate interests to do so in order for us to be able to make an informed decision about whether to interview you and, ultimately, recruit you. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not have an impact on you in a way that would make this processing unfair. Where your personal information is kept as part of a file relating to prospective employees of Attivo Group, we will retain that information and any information relating to that matter. This is so that we can review the file if any complaints or issues arise after the recruitment process. The length of time that we keep prospective employee files is usually 3 months after conclusion of the relevant recruitment process.

Unless you request us not to do so, we may also contact those individuals who are referred to in any information you provide us with, for example referees, this contact may be made by telephone, e-mail or post. We will only do this if we have your express permission to contact them in this way.

Where you have provided us with personal information about a referee or a previous employer, it is your responsibility to inform that person that you have provided us with their details and that we will be processing it in connection with your employment application. You should also give them our contact details (below) should they wish to discuss this with us.

Click here to view our full privacy policy for prospective employees.


10. We have received your information from a third party

If we have received your personal information from a third party, for example an introducer, that third party will normally be the controller in relation to that personal information and we will be processing it on their behalf. You should therefore contact that third party to review their privacy policy.

If you become a client or a prospective client as a result of an introduction, Attivo Group will become a controller in relation to your personal information and the relevant sections of this policy will apply.


11. Your relationship with us is not covered by any of the above

We may hold your contact details and personal information as a result of an interaction between you and one of our employees or prospective employees. This interaction could be as a result of a potential business acquisition or disposal and/or the introduction of new business to Attivo Group. We are processing your personal information in this way because it is in our legitimate interests to retain a record of our employee’s engagement with third parties.  We believe that you would reasonably expect us to process your personal information in this way and that such processing does not have an impact on you in a way that would make this processing unfair.  We carry out a review of our contacts database every 2 years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it safely.

Where you provide us with personal information about another person
If you give us personal information about another person, you must ensure that:
(a) You are legally entitled to give us that information;
(b) the disclosure is in accordance with any applicable data protection or privacy laws; and
(c) such other person has also read this policy.

Personal information we hold
We will store contact information and the contents of any correspondence between us. We may also record or take notes during telephone calls and meetings which we will store on any applicable file.

We may also process sensitive information, for example, relating to your health. Such sensitive information will only be processed where that information is relevant to the goods or services we are providing or receiving from you. We will ask for your consent to the processing of sensitive information as part of your initial engagement with us. We may also process sensitive information in relation to your family members without their consent where that relates only to insurance business.

Some of our services provide data and document storage as an integral part of the product or solution offering. Documents and data stored by our clients may contain personal information in financial product application forms, power of attorney documents, business and personal tax forms, payroll and financial data, and other financially-related documents, for example. Any information stored by or on behalf of our clients is controlled and managed by and only made accessible to those clients, Attivo Group staff or others our clients may authorise from time to time.

We may be required to use and retain personal information for other legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud.

When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed by us in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Attivo Group and our third-party providers set and use cookies and similar technologies to store and manage user preferences, enable content and gather analytic and usage data. For further information on our use of cookies, please see our Cookie Policy.

When we share personal information
Attivo Group shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We do not sell any personal information to third parties. We may occasionally share non-personal, anonymised, and statistical data with third parties. Below are the parties with whom we may share personal information and why.

1. Within Attivo Group: Our business is supported by a variety of people who are part of Attivo Group’s teams and functions, including those who are part of other companies that comprise Attivo Group. Personal information will be made available to them if necessary for the provision of Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees within Attivo Group and any contractors are required to follow our data privacy and security policies when handling personal information. 

2. Our business partners: We occasionally partner with other organisations to deliver Services, provide content, or to host events, conferences, and seminars. As part of these arrangements, you may be a client of both Attivo Group and our partners, and we and our partners may collect and share information about you. Attivo Group will handle personal information in accordance with this Policy, and we encourage you to review the privacy policies of our partners to learn more about how they collect, use, and share personal information.

3. Our third-party service providers: We partner with and are supported by service providers around the UK. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, including (without limitation) software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; property management; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.

4. Other third parties: We may share personal information with other third parties when we believe it is required or in our legitimate interests, such as:

• to comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities;
•  in preparation for and/or in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
• to protect our rights, users, systems, and Services.

Where we store and process personal information
We take steps to ensure that the information we collect is processed according to this Policy and the requirements of applicable law wherever the data is located.

We store information in hard copy files, which are stored in our offices and/or in archived storage space in the UK. We also store information in electronic files using cloud hosting servers on servers in the UK. We collaborate with third parties such as cloud hosting services, suppliers, and technology support to serve the needs of our business, workforce, and clients. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Attivo Group or to third parties in areas outside of your home country, but we will not transfer your data outside of the European Economic Area.

How we secure personal information
Attivo Group takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

How long we keep personal information
We retain personal information for as long as we reasonably require it for business or regulatory purposes. In determining data retention periods, Attivo Group takes into consideration local laws, contractual obligations, and the expectations and requirements of our clients and suppliers. When we no longer need personal information or when you request us to delete your information, where this is legal, we will securely delete or destroy it. The length of time that we keep client and supplier files will depend on the nature of the goods and services received or provided. Where we are advising our clients on a financial product or transaction, then we would usually retain a file for 80 years after conclusion of the matter.

Your right to access and correct your personal information
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or safely delete your personal information.

1. Access to personal information: If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.

2. Correction, deletion, restriction or transfer: You have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion or transfer of your personal information or to restrict or object to the processing. Please note that it is not always possible to comply with such requests due to legal requirements and other obligations and factors. Remember that you can contact us about our use of your personal information by using the “Contact Us” option on our website or let us know in writing, by email or by telephone.

3. Withdrawal of consent: If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by using the “Contact Us” option on our website or let us know in writing, by email or by telephone.

4. Marketing preferences: To opt out of email marketing, you can use the unsubscribe link found in the email communication you receive from us or you can use the “Contact Us” option on our website or let us know in writing, by email or by telephone.

5. Filing a complaint: If you are not satisfied with how Attivo Group manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office (https://ico.org.uk).  However, firstly, we would want the opportunity to put right any concerns, therefore we ask that you raise your concerns with us initially using the “Contact Us” option on our website or let us know in writing, by email or by telephone.


Children’s privacy
We do sometimes provide services to children under 13 and will only use their personal data to enable us to provide our services to them. We will work with any such children and their parents or guardians at our first meetings to explain how we will work with them. We will not knowingly send any marketing information to children under 13.

How to contact us
Please contact us with any requests related to your personal information.

We understand that you may have questions or concerns about this Policy or our privacy practices or may wish to file a complaint. Please feel free to contact us in one of the following ways:

Email:
clientservices@attivogroup.co.uk

Address:
Attn: The Privacy Officer
Attivo Group
Jessop House
Jessop Avenue
Cheltenham
GL50 3SH

Telephone:
01242 585444