This Privacy Statement contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.

What do we do regarding your personal data?

Heritage Pensions Limited (“Heritage”) will collect personal information from you such as your name and address (“Personal Data”). Heritage will be the Data Controller as defined under UK Data Protection Legislation and Regulations.

We will only process your personal data where we have a legal basis for doing so. This includes:

• Where you have provided positive consent
• Processing is necessary for the performance of a contract between you and Heritage or to take steps to enter into a contract
• Processing is necessary for compliance with a legal or regulatory obligation
• Heritage has a legitimate interest upon which the data may be processed. Any decision to process data on the basis of legitimate interest will be made on a case by case basis and in line with the guidance set out in UK Data Protection legislation

Who will we share your personal information with?

We may disclose your Personal Data to contracted third parties (including those outside the European Economic Area), and other third parties such as your Financial Adviser, third party investment managers and product providers, providing one of the legal basis described above can be relied upon. The most common reason for disclosing your Personal Data to any of these parties will be because the sharing and processing is necessary for the performance of our contractual obligations to you in our administration of your pension.

We may also disclose your Personal Information to an identity verification agency in order to verify your details both during the application process and the ongoing administration of your pension. This information will be used to prevent fraud and money laundering and to check your identity.

We will disclose your personal information to any governmental, legal or regulatory body if required to so by applicable law and regulation.

We may need to disclose sensitive Personal Data about you to third parties, where required to do so to give effect to an instruction from you or your financial adviser in respect of your pension.

We may need to transfer your Personal Data to another country outside of the European Economic Area, in which case we will ensure that your Personal Data is afforded the same level of protection as is required under UK Data Protection legislation prior to sending your Personal Data.

We will otherwise keep your personal information confidential and never pass your details to any third parties without your prior written consent.

We will retain your Personal Data for no longer than is necessary to meet any legal or regulatory obligations that may apply.

For further details of your rights under the UK’s data protection legislation please contact the Information Commissioner’s Office at https://ico.org.uk/for-the-public

You have a right to obtain a copy of the Personal Information that we hold in relation to you and to have any inaccuracies corrected.

You become subject to the terms on which we process your Personal Data, together with our Privacy Statement, on becoming a customer of Heritage Pensions. This happens when you sign the application form. You have the right to withdraw consent at any time.

Telephone calls

To help us improve our service, we may record or monitor incoming or outgoing telephone calls. Calls will be charged at normal rates. Please see the contact us page for further details.

E-mail

You may contact us by e-mail at info@heritagepensions.co.uk . Such e-mails are not a 100% secure method of communication and there is no guarantee that they will be received. Heritage Pensions accepts no responsibility for any loss you may suffer as a result of interception of your e-mail, or delivery failure. We advise that you do not transmit any of your account information or account details by e-mail unless it is sent securely. Any Personal Information we send to you by e-mail, if you have requested e-mail communication, will be sent securely.

We may monitor the use and content of e-mails, which are sent from, or received by us. This is to ensure compliance with our own e-mail policy. We reserve the right to identify and take action against unlawful or improper use of e-mail, including attacks on our systems.

Online enquiry facility

If you make any enquiry via the online enquiry facility on our website, the information we collect, such as you name, e-mail address and your status, will be used to answer your enquiry. We may cross reference the information you provide with information held on our systems, to ascertain the most appropriate person to handle your enquiry and may hold this data for future analysis, or reference purposes.

Site tracking information

There are a number of ways in which we may capture information about your actions, either directly or indirectly, while you are browsing our website. We may collect server log data and we may use third party tracking. We may use the data collected, which may include your IP address, the browser and operating system you have used, the time of day you visited, pages you viewed and search requests made.

This generic information may be collected using cookies. We do not and will not link any information we may collect on our website with any of your personal information.

How to make a complaint?

We hope that you are happy with our service and that we can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below).

The General Data Protection Regulations also give you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office which can be contacted at https://ico.org.uk/concerns/

Future Processing

We do not intend to process your personal information for any reason other than stated within this Privacy Statement. If this changes, we will inform you.

Changes to this Privacy Statement

This Privacy Statement was published on 21st May 2018.

We constantly review our internal privacy practices and may change this statement from time to time.

Get in touch

If you have any questions about this Privacy Statement or the information we hold about you, please contact us.

The best way to reach us is to email us or speak with Richard Petts (our Compliance Director) or Colin Worbey our Managing Director.