Privacy Policy

Data protection and security policy

It is our policy to treat customers (and other stakeholders in the business) fairly when handling their data in line with regulatory requirements for proper systems and controls and taking due care.

Data protection

Our firm is registered for the purposes of the Data Protection Act 1998. Our registration number is Z847926X.  Our registration is renewable every year in April. In addition we are required to ensure that our registration details remain up to date and any change is notified to the Information Commissioner’s Office within 28 days of any change occurring. Our firm will provide the FCA with any personal data it may require for any permitted purpose and according to law.

Our firm undertakes to obtain all necessary consents from employees, appointed agents or customers prior to providing the FCA with personal data.

Our firm will treat all customer information as private and confidential, even when customer’s policies have lapsed or are cancelled; we will not release information to anyone else except where:

  • The customer gives us permission, for instance, by acceptance of our TOBA
  • Required under our authorisation by the FCA
  • We have to by law

Our firm maintains archive records for lapsed and cancelled policies, settled claims and accounts. Data is only retained where necessary, and data will not be kept longer than is strictly required.

Data security

We accept that it is senior management’s responsibility to assess the risks of financial crime associated with customer data.

It is our policy to take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.

Areas which we monitor and address are:

  • Physical security
  • Governance
  • Staff recruitment and vetting
  • Staff training and awareness
  • Systems and controls
  • Disposal of data
  • Third parties
  • Compliance and monitoring

Appropriate controls are in place should there be a need for files and records to be temporarily removed from the office.

All data is kept in a secure environment whether on computer or in manual records.

Managing Director, Gary Gorman is responsible for maintaining adequate controls in respect of passwords, log-in codes, tapes, discs, keys to cabinets and back-up tapes.

The approved person responsible for compliance is also responsible for monitoring the accuracy and security of data. All staff are advised of their data protection responsibilities.

This policy and the procedures arising from it are reviewed at least annually. Gary Gorman is responsible for this policy.