Website Privacy Policy

Personal information is collected by Woodruff Financial Planning Limited. Woodruff Financial Planning Limited is registered with the UK’s Information Commission as a Data Controller in accordance with the Data Protection Act 1998, registration number Z7729932, as well as the General Data Protection Regulation (GDPR). The registered office is Unit 5, Park Lane Business Centre, Langham, Colchester, Essex, CO4 5WR.

Woodruff Financial Planning takes the privacy of its website users seriously. We are committed to safeguarding the privacy of our users while providing a personalised and valuable service. This Website Privacy Policy statement explains the data processing practices of Woodruff Financial Planning relating to the data collected via this website, and email marketing.

If you have any requests concerning your personal information or any queries with regard to these practices please contact us.

By using this website you may exchange some limited personal information so we can deliver our services to you. For example, you may provide us with your name or contact details so that we may contact you, or provide marketing services. We call this “Your Personal Data”.

This document explains what we do with Your Personal Data, and the various rights you have in relation to this data.

This website is fully compliant with the EU e-privacy directive, as well as UK data law, such as the General Data Protection Regulation (GDPR).

Our website contains links to third party websites which are not subject to this privacy policy. We recommend that you read the privacy policy of any such websites that you visit.

What do we mean by “Your Personal Data”?

Your Personal Data is any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, via information such as your name, address, contact details, or social media profiles.

We collect personally identifiable information about you through:

  • the use of enquiry and registration forms
  • when you purchase any of our products or services
  • the provision of your details to us either online or offline

Your Personal Data collected by this website may include:

  • Names, contact details, and addresses

Any additional personal data is only likely to be provided to us if you if you become a client, or enquire about financial planning services, your data will be subject to our separate Client Privacy Policy.

We may collect information that is automatically sent to us by your computer’s internet browser when you visit our website, such as your computer’s technical address (or ‘IP address’) or information about which particular internet browser you are using. We may also collect non-personal information automatically about your visit to our sites. This information is less likely to be able to identify you directly, although is still likely to be personal data. However, this data is necessary to be able to provide a modern website for your use.

We use cookies to personalise your visit to this site.  We also use code to track visits to this site in a non-personal manner.

If you subscribe to our email newsletters, we may track your subsequent visits to this website for marketing purposes.

How our Firm will deal with Your Personal Data

If we provide marketing services to you

You may sign up to receive marketing communications from us. We use your Personal Data for purposes which may include:

  • providing our users with a personalised service
  • processing quotations, registrations and enquiries
  • running competitions
  • running a financial forum
  • providing you with a regular newsletter (provided you agree to receive this newsletter)
  • providing you with information about products and services we offer

We never share your personal data with any third party organisations for marketing purposes without your permission.

You may withdraw this marketing consent at any time, by emailing advice@woodruff-fp.co.uk. We will withdraw your name from our marketing lists. You can unsubscribe from email communication  from any message we send to you.

If you become a client

All clients of our firm sign a Service Agreement, which is a contract for us to supply services to you.

Your data will then be subject to our Client Privacy Policy.

General

We may also use information in aggregate form (so that no individual user is identified):

  • to build up marketing profiles
  • to aid strategic development
  • to manage our relationship with advertisers
  • to audit usage of the site
  • to track visits to our website

We have the right to use Your Personal Data even when there is no contract between us, provided it is in our legitimate business interest to do so, and this does not affect your rights. For example, we will use Your Personal data to comply with legal responsibilities we may owe our regulator The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject.

How do we collect Your Personal Data?

We will collect and record Your Personal Data from a variety of sources, but mainly directly from you when you sign up for services like our newsletter, or contact us verbally, and in writing, including by email.

We may also obtain some information from third parties, including information in the public domain such as social media profiles.

What happens to Your Personal Data when it is disclosed to us?

In the course of handling Your Personal Data, we may:

  • Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees within our Firm, and only when it is necessary to contact you in previously agreed ways.
  • Use Your Personal Data for the purposes of responding to any queries you may have in relation to any financial planning, or if agreed to marketing contact, to inform you of any developments in relation to those products of which we might become aware.

Sharing Your Personal Data

We do disclose your information to our employees, business partners and to third party suppliers we engage to provide services which involve processing data on our behalf, successors in title to our business, in accordance with a properly executed court order, or otherwise required to do so by law or our regulator the Financial Conduct Authority.

In particular, we share data with

  • Employees of suppliers who provide design and/or support services;
  • Our web hosting technology suppliers who provide the physical server infrastructures that our website operates on. Some of this data may reside outside of the EU.
  • Our cloud storage and technology supplier whose services we use for secure backup storage and email relay services.
  • Our email marketing software, used to provide you with email newsletters and delivery of free downloads.

We have obtained Data Privacy Agreements with all of the 3rd party technology suppliers above which detail our respective responsibilities for data security.

In each case, your Personal Data will only be shared for the purposes set out in this website privacy notice, to provide you with the website materials, and any additional marketing you have agreed to receive.

Please note that if we share Your Personal Data, this does not entitle third parties to send you marketing or promotional messages: this data is shared so we can adequately fulfil our responsibilities to you, and as otherwise set out in this Website Privacy Notice.

The Internet is a global environment. Using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing our websites and communicating electronically with us you acknowledge and agree to our processing of personal data in this way. By agreeing to our transfer of your Personal Data to third party organisations for them to deliver our services, you are deemed to provide your consent to any transfer of your Data to organisations based outside the European Economic Area. We only pass personal data to third party organisations that comply with the GDPR regulations, or of an equivalent standard.

Security and retention of Your Personal Data

Your privacy is extremely important to us and we will secure Your Personal Data in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against unlawful or malicious access by a third party.

Your data is protected in a number of ways:

  • Access control: access to personal data is strictly limited in line with our policy. Access is controlled by individual user accounts, where a strong password policy is enforced
  • Dedicated security software: We operate dedicated security scanning and access control software on all of our websites. This software is responsible for limiting login attempts to our site, blocking potentially malicious attempts to access our services, and regularly performing full file system scans.
  • Data encryption: where data is stored in a cloud facility (such as the storage of website backup files), that data is encrypted both ‘in transit’ and ‘at rest’ – meaning that all data is securely obscured both during the process of transfer to the cloud provider, and then additionally when it is in storage at its final location.This website is also secured with SSL encryption, which means that all traffic to and from our servers is encrypted. This applies to our own administrative access to the website as well as that of users of our services.Additionally, we ensure that our own dedicated secure Virtual Private Network (VPN) is used when we access the site from anywhere on a public wifi network.
  • Selection of third party service providers: we use a very limited number of third party service providers, but some are essential for the provision of physical hosting environments and cloud services. One of the core factors in the selection of such providers is their ability to provide secure systems and processes. We have written Data Processing Agreements with each of our core service providers that sets out the requirements for data security.
  • ICO registration: We are registered with the Information Commissioner’s Office, the UK’s data regulator, ensuring that our data privacy record and reputation is available in the public domain.

Your Personal Data will be retained by us either electronically or in paper format for as long as you agree to receive marketing services from us. Other personal data will be deleted regularly according to our policies, and will be held for no longer than is necessary.

Your rights in relation to Your Personal Data

You can:

  • Request copies of Your Personal Data that is under our control
  • Ask us to further explain how we use Your Personal Data
  • Ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request)
  • Ask us to send an electronic copy of Your Personal Data to another organisation should you wish
  • Change the basis of any consent you may have provided to enable us to market to you in the future (including withdrawing any consent in its entirety)

Children

We do not intentionally collect any information on children, since our website is designed for UK resident adults. We will delete any details of such users where a parent or guardian has notified us that any such details have been obtained.

Changes to this Policy

From time to time, and without prior warning, we may make changes to this website privacy policy to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or website enhancements.

Terms and conditions

This privacy policy forms part of our site terms and conditions. By accessing any part of this site, you will be deemed to have accepted these terms in full.

How to make contact with our Firm regarding the use of Your Personal Data

If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact Magali Woodruff on 01206 919101 or at advice@woodruff-fp.co.uk.

We will inform you if we believe we have a legal right not to deal with your request, or to action it in different way to how you have requested.

If you become aware of any unauthorised disclosure of Your Personal Data, please notify us immediately, so that we may investigate, and fulfil our own regulatory obligations.

If you have any concerns or complaints regarding how we handle Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, which can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Document issued 10th May 2018, and updated 11th May 2018.

Client Privacy Notice

Personal information is collected by Woodruff Financial Planning Limited. Woodruff Financial Planning Limited is registered with the UK’s Information Commission as a Data Controller in accordance with the Data Protection Act 1998, registration number Z7729932, as well as the General Data Protection Regulation (GDPR). The registered office is Unit 5, Park Lane Business Centre, Langham, Colchester, Essex, CO4 5WR.

This Client Privacy Notice applies to you if you make an enquiry about our services, or become a client.

It is necessary for us to ask you for detailed personal information so we can deliver our services to you. Therefore, we will ask you to provide us with information relating to your existing circumstances, your financial situation, plus your health and family health history. We call this “Your Personal Data”.

This document explains what we do with Your Personal Data, and the various rights you have in relation to this data.

What do we mean by “Your Personal Data”?

Your Personal Data is any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, via information such as your name, address, date or birth, or National Insurance number. Your Personal Data may also identify you indirectly, such as your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.

Your Personal Data may include:

  • Names, date of birth, gender, nationality, marital status, contact details, addresses and documents that are necessary to verify your identity;
  • Employment history and income information, including salary, bonus schemes, and other benefits;
  • Bank account details, tax information, credit commitments and history, expenditure, family circumstances, and details of dependents;
  • Health status and history;
  • Any pre-existing financial products and the terms and conditions relating to these.

How our Firm will deal with Your Personal Data

All clients of our firm sign a Service Agreement, which is a contract for us to supply services to you.

We have the right to use Your Personal Data for the purposes detailed below so that we can perform that contract, deliver the service selected, and to arrange any financial products you require.

We have the right to use Your Personal Data even when the contract between us has come to an end, provided it is in our legitimate business interest to do so, and this does not affect your rights. For example, we may need to respond to requests from product providers relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.

We will use Your Personal data to comply with legal responsibilities we may owe our regulator The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject.

If you do not become a client we will delete your data after a reasonable period.

Special Data

We may need to ask you for information about your ethnic origin, your health and medical history (this may include genetic or biometric data); this is categorised as “Your Special Data” and relates particularly to insurance, and some pension plans.

We will record and use Your Special Data to find suitable insurance and pension providers that meet your needs, particularly where you have pre-existing health conditions. We may also use this information to help you to make insurance claims.

You may disclose sensitive data such as your sexuality, religious beliefs, political opinions, and trade union membership. We will only record this data if is particularly relevant to your financial plans, so that we can provide the selected service to you.

If you have parental responsibility for children under the age of 16, it is also very likely that we will record information that relates to those children, and potentially to their own Special Data.

If we arrange certain types of insurance, you may disclose information relating to criminal convictions or offences (“Criminal Disclosures”). This is relevant to underwriting, claims and fraud management for insurance.

We will use Special Data and any Criminal Disclosures in the same way as Your Personal Data generally, as set out in this Privacy Notice.

We process your Special Data and any Criminal Disclosures as is in the substantial public interest to be able to provide vital insurance products, and this activity is permitted by UK data protection laws and regulations. Information on Special Category Data and Criminal Disclosures must be capable of being exchanged freely between insurance intermediaries such as our Firm, and insurance providers, to enable customers to secure important insurance protection.

How do we collect Your Personal Data?

We will collect and record Your Personal Data from a variety of sources, but mainly directly from you. You will provide information during the course of our meetings or conversations so we can establish your circumstances, needs and preferences in relation to your financial planning. You will provide information to us verbally and in writing, including by email.

We may also obtain some information from third parties, such as product providers, credit checks, information from your employer, and searches of information in the public domain such as the voters roll. We use technology to assist in the collection of Your Personal Data such as software that is able to verify your identity online, or to access your credit status.

What happens to Your Personal Data when it is disclosed to us?

In the course of handling Your Personal Data, we will:

  • Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees within our Firm, and only when it is necessary to provide our service to you to perform any administration tasks associated with that service.
  • Submit Your Personal Data to Product Providers in paper form, and online via a secure portal. The provision of this information to a third party is essential to allow us to provide you with the services in your Service Agreement, and to deal with any additional questions or administrative issues that you or product providers may raise.
  • Use Your Personal Data for the purposes of responding to any queries you may have in relation to any financial products you may take out, or to inform you of any developments in relation to those products of which we might become aware.

Sharing Your Personal Data

Your Personal Data may be shared with:

  • Financial product providers;
  • Third parties which we believe will be able to assist us with your financial planning needs, or to run our firm efficiently. These third parties will include, but may not be limited to: the Financial Conduct Authority, HMRC, our compliance advisers, product specialists, research providers, our insurers, and your professional advisers.

In each case, your Personal Data will only be shared for the purposes set out in this customer privacy notice, to provide you with the financial planning services in your Service Agreement, and to provide you with our professional services.

Please note that if we share Your Personal Data, this does not entitle third parties to send you marketing or promotional messages: this data is shared so we can adequately fulfil our responsibilities to you, and as otherwise set out in this Customer Privacy Notice.

We do not expect to transfer Your Personal Data outside of the European Economic Area as a result of the performance of the services contained in this Agreement.

Security and retention of Your Personal Data

Your privacy is extremely important to us and we will secure Your Personal Data in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against unlawful or malicious access by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us. This means not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted, and only using secure methods of postage when original documentation is being sent to us. We will make available a secure means of data transfer for all clients.

Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, and potentially indefinitely, especially if our relationship lasts longer than 6 years.

Your rights in relation to Your Personal Data

You can:

  • Request copies of Your Personal Data that is under our control;
  • Ask us to further explain how we use Your Personal Data;
  • Ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request);
  • Ask us to send an electronic copy of Your Personal Data to another organisation should you wish;
  • Change the basis of any consent you may have provided to enable us to market to you in the future (including withdrawing any consent in its entirety).

How to make contact with our Firm regarding the use of Your Personal Data

If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact Magali Woodruff on 01206 919101 or at advice@woodruff-fp.co.uk.

We will inform you if we believe we have a legal right not to deal with your request, or to action it in different way to how you have requested.

If you become aware of any unauthorised disclosure of Your Personal Data, please notify us immediately, so that we may investigate, and fulfil our own regulatory obligations.

If you have any concerns or complaints regarding how we handle Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, which can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Document issued 10th May 2018.