Last updated 24th October 2019
Wealthflow LLP has it’s main business address at:
Regus Abbey House, 83 Princes Street, Edinburgh EH2 2ER.
Wealthflow LLP is a Data Controller registered with the UK Information Commissioner’s Office with Reference number: Z9729925.
Wealthflow’s Data Protection Officer is Duncan Glassey; firstname.lastname@example.org
Personal data means any information capable of identifying an individual. The only aspect of this website that captures personal data is our mailing list subscription form.
Our Mailing List
We use our mailing list primarily to keep you and others informed about updates to the Wealthflow blog, and from time to time, general news from us. The list is operated on a strictly ‘opt-in’ basis – your information will only be included on the list if you have specifically requested it be included by filling in the relevant form on our website. Only the information explicitly requested from you (ie: your Name and Email Address) will be held, and no other information will be added without your knowledge. You can unsubscribe at any time and your details will be removed from the active mailing list to stop you receiving further newsletters from us, however your details may remain on file in archive form only.
All email messages sent to you in connection with our mailing list will originate directly from Wealthflow. No information gathered from you in connection with this mailing list will be passed to any other organisation or individual, and under no circumstances will the list or any information from it be sold or given to any third party. Disclosure will only take place in the highly unlikely event of us being required by statute to make the disclosure, for example if compulsory disclosure is demanded by an appropriate authority for criminal investigation purposes.
If you have any question or concerns, please contact us at email@example.com
We do not collect any sensitive data about you. Sensitive data refers to data relating to your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, etc.
We do not collect any information about criminal convictions and offences.
We only use your personal data for the purposes for which we collected it, or a reason compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected it, we will notify you. We may process your personal data without your knowledge or consent where this is required by law.
We may occasionally have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
The legal basis for our processing of your personal data is as set out below:
1) As necessary for the pursuit of our legitimate interests, including:
- Promoting, marketing and advertising our products and services.
- Sending promotional communications which are relevant and tailored to individual customers.
- Understanding our customers’ behaviour, activities, preferences, and needs.
- Improving existing products and services and developing new products and services.
- Good governance, accounting and managing and auditing our operations and complying with our legal and regulatory obligations.
- Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.
- Handling customer contacts, queries, complaints or disputes.
- Protecting our company, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us.
- Handling any legal claims or regulatory enforcement actions taken against us
- Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
2) As necessary for complying with our legal obligations including:
- Where you exercise your rights under data protection laws.
- For compliance with legal and regulatory requirements.
- To establish or defend legal rights.
3) Based on your consent:
- For example in relation to sending direct marketing communications via email or text message.
You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
We have appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not retain your data for longer than necessary for the purposes set out in this policy.
To determine the appropriate retention period for personal data, we consider:
- the amount, nature, and sensitivity of the personal data,
- the potential risk of harm from unauthorised use or disclosure of your personal data,
- the purposes for which we process your personal data and whether we can achieve those purposes through other means, and
the applicable legal requirements.
In some circumstances, for example for research or statistical purposes, we may anonymise personal data. Anonymised data cannot be associated with an identified individual. We may use anonymised data indefinitely without further notice to you.
To deliver products and services to you, it is sometimes necessary to share your personal data outside of the European Economic Area (the EEA). This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.
If we transfer personal data outside the EEA, we will ensure the transfer is compliant with data protection law and all personal data will be secure. Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are taken as regards the data in the overseas location; alternatively, we use standard data protection laws.
You have the following data protection rights:
- The right to be informed about our processing of your personal data.
- The right to request access to personal data we hold about you at any time.
- The right to ask us to update any out-of-date or incorrect personal data we hold.
- The right to object to processing of your personal data and/or to withdraw any consent you have given us and to opt out of marketing communications.
- The right to prevent processing that is likely to cause damage or distress.
- Certain rights in relation to automated decision making, including profiling.
- The right to request we erase your personal data, for example when the data is no longer necessary for the purpose for which it was collected.
If you wish to exercise any of the above rights, contact us either by post: Duncan Glassey, Data Protection Officer, Wealthflow LLP, Regus Abbey House, 83 Princes Street, Edinburgh EH2 2ER or by email: firstname.lastname@example.org
If you are not happy with any aspect of how we collect and use your data please contact us so we can try to resolve your complaint. You also have the right to complain to the Information Commissioner’s Office (www.ico.org.uk), the UK supervisory authority for data protection issues.
You will not have to pay a fee to access your personal data (or to exercise any of the other data protection rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
To ensure your right to access personal data, we may need to request specific information to confirm your identity. This is a security measure designed to ensure personal data is not disclosed to a person who has does not have the right to receive it.
This site may include embedded content. Embedded content from other websites behaves in the same way as if the visitor has visited the source website.
Clicking on links or enabling connections may allow third parties to collect or share data. We cannot control third party websites and are not responsible for their privacy policies. We encourage you to read the privacy notice of every website you visit.
A cookie is a small text file that is downloaded onto ‘terminal equipment’ (eg a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.
Detailed information is set out in our Cookies Policy and is provided to ensure you are fully aware of the cookies we use, allowing you to make an informed choice about your acceptance of cookies.