Pension Justice Data Protection Policy

Data Protection Policy

 

Introduction  

Curzon Rose Limited t/a Pension Justice maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The new *General Data Protection Regulations (GDPR) (soon to be incorporated in the Data Protection Act 2018) provides Articles that should be complied with from 25th May 2018 for the processing of people’s personal information or data. Personal data is any information which identifies a living person.  Some information is defined as sensitive personal data, and special conditions for processing apply. Sensitive personal data include details of racial origin, health, criminal proceedings or convictions. Processing data covers just about everything that can be done with information held electronically or manually, including obtaining, retrieving, organising and sorting, disclosing or simply holding or storing. Curzon Rose Limited t/a Pension Justice recognises the importance of the​ ​correct​ ​and​ ​lawful​ ​treatment​ ​of​ ​personal​ ​data.  

Examples of personal data which Curzon Rose Limited t/a Pension Justice may require from clients include the following​ ​and​ ​for​ ​the​ ​reasons​ ​ascribed​ ​to​ ​each:

Name​ ​and​ ​address​ ​of​ ​client​ ​and​ ​date​ ​of birth ● To​ ​undertake​ ​legal​ ​services​ ​on​ ​the​ ​client’s​ ​

   behalf  

● To comply with regulatory and anti-money  

   laundering procedures  

● For​ ​marketing​ ​purposes  

Paper​ ​and​ ​computer​ ​records​ ​of​ ​legal services​ ​work​ ​undertaken​ ​by​ ​the​ ​firm​ ​on behalf​ ​of​ ​clients ● To​ ​enable​ ​us​ ​to​ ​undertake​ ​those​ ​legal​ ​

   services  

● To​ ​comply​ ​with​​ ​recommended​ ​

   practices​ ​as to​ ​the​ ​retention​ ​of​ ​files

● To​ ​enable​ ​us​ ​to​ ​respond​ ​to​ ​enquiries​ ​from​ ​     

   clients​ ​at​ ​a later​ ​date  

● To​ ​enable​ ​us​ ​to​ ​respond​ ​to​ ​complaints​ ​

   and​ ​claims  

Legal​ ​documents​ ​of​ ​record ● For​ ​safe​ ​keeping​ ​purposes​ ​and​ ​at​ ​the​ ​   

  strict​ ​instruction of​ ​the​ ​client  

Names​ ​and​ ​addresses​ ​of​ ​business​ ​contacts e.g.​ ​Barristers,​ ​Agents   ● To​ ​enable​ ​the​ ​firm​ ​to​ ​carry​ ​out​ ​

   instructions​ ​on​ ​behalf of​ ​the​ ​client  

● For​ ​marketing​ ​purposes

 

 

Curzon Rose Limited t/a Pension Justice fully endorses and adheres to the provision of GDPR. Employees and others who obtain, handle, process, transport and store personal data for the firm must comply with GDPR,​ ​and​ ​adhere​ ​to​ ​Article 5 ‘Principles relating to the processing of data’.

  1. Personal data shall be:
    1. Processed​ ​fairly​ ​and​ ​lawfully​ ​and​ ​in a transparent manner in relation to the data subject.
    2. Collected for a specific, explicit and legitimate purpose and not further processed in a manner that is incompatible with those purposes.
    3. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
    4. Accurate​ ​and,​ ​where​ ​necessary,​ ​kept​ ​up​ ​to​ ​date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without undue delay.
    5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
    6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

 

  1. The business shall be responsible for the above and able to demonstrate compliance with 1.a to 1.f above.

Satisfaction of Article 5 Principles Relating to the Processing of Data.

Curzon Rose Limited t/a Pension Justice shall:

  • Observe fully Articles 1.a to 1.f regarding the fair collection and use of personal​ ​data;  
  • Meet​ ​its​ ​obligation​ ​​by​ ​the​ ​purposes​ ​for​ ​which​ ​personal​ ​data​ ​is​ ​used;
  • Collect and process appropriate personal data only to the extent that it is needed to fulfil   

  operational and​ ​legal​ ​requirements;

  • Ensure​ ​the​ ​quality​ ​of​ ​personal​ ​data​ ​used;
  • Apply​ ​strict​ ​checks​ ​to​ ​determine​ ​the​ ​length​ ​of​ ​time​ ​personal​ ​data​ ​is​ ​retained;
  • Ensure that the rights of individuals about whom the personal data is held, can be fully

  exercised under​ ​GDPR;

  • Take​ ​the​ ​appropriate​ ​technical​ ​and​ ​organisational​ ​security​ ​measures​ ​to​ ​safeguard​ ​

  personal​ ​data;​ ​and

  • Ensure​ ​that​ ​personal​ ​data​ ​is​ ​not​ ​transferred​ ​abroad​ ​without​ ​suitable​ ​safeguards.  

  

We only collect data as necessary to carry out lawful processing as detailed in our table of legal basis for processing at the end of this Data Protection Policy.

 

Information​ ​Compliance​ ​Manager  

 

The Information Compliance Manager for Curzon Rose Limited t/a Pension Justice is responsible for              compliance with GDPR and implementation of this policy on behalf of the firm. The Information Compliance Manager is Paul Higgins. Any questions or concerns about the interpretation or operation​ ​of​ ​this​ ​policy​ ​should​ ​be​ ​taken​ ​up​ ​in​ ​the​ ​first​ ​instance​ ​with​ ​the​ ​Information​ ​Compliance​ ​Manager.  

 

Status​ ​of​ ​the​ ​Policy  

Any breach of this policy will be taken seriously and may result in disciplinary action. Any employee who considers that the policy has not been followed in respect of personal data about themselves should raise the matter​ ​with​ ​their​ ​manager​ ​or​ ​the​ ​firm’s​ ​Information​ ​Compliance​ ​Manager.  

Employee​ ​Responsibilities

If as part of their responsibilities, employees collect personal data (e.g. about clients or about employees), they must​ ​comply​ ​with​ ​this​ ​policy. All​ ​employees​ ​are​ ​responsible​ ​for;  

  • Checking that any personal data which they provide to Curzon Rose Limited t/a Pension

  Justice is accurate​ ​and​ ​up​ ​to​ ​date;  

  • Informing Curzon Rose Limited t/a Pension Justice of any changes to information which

   they have provided​ ​e.g.​ ​changes​ ​of​ ​address;

  • Checking any information that Curzon Rose Limited t/a Pension Justice may send out from

    time to time,​ ​giving​ ​details​ ​of​ ​information​ ​that​ ​is​ ​being​ ​kept​ ​and​ ​processed.  

 

Data​ ​Security  

The need to ensure that personal data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restrictive. All staff are responsible in ensuring that:

  • Any personal data which they hold is kept securely;
  • Personal data should not be disclosed either orally or in writing or otherwise to any

  unauthorised third​ ​party.  

 

Rights​ ​to​ ​access​ ​information

 

Employees and other subjects of personal data held by Curzon Rose Limited t/a Pension Justice have the right to access any personal data that is being kept about them on computer and also have access to paper-based data held in certain manual filing systems. Any person who wishes to exercise this right should make the request in writing to the firm’s​ ​Information​ ​Compliance​ ​Manager.

 

Curzon Rose Limited t/a Pension Justice reserves the right to charge the maximum fee payable for each subject access request up to 25th May 2018; thereafter all requests will be provided without charge unless a request is determined to be either unreasonable or excessive.

 

If personal details are inaccurate they can be amended upon request.

Curzon Rose Limited t/a Pension Justice aims to comply with requests for access to personal information as quickly as possible and within 40 days of receipt of a completed request up to 25th May 2018; thereafter within 30 days unless there is good reason for delay. In such cases, the reason​ ​for​ ​delay​ ​will​ ​be​ ​explained​ ​in​ ​writing​ ​to​ ​the​ ​individual​ ​making​ ​the​ ​request.  

Subject​ ​Access  

All individuals who are the subject of personal data held by Curzon Rose Limited t/a Pension Justice are entitled​ ​to:  

  • Obtain a copy of ​ ​information​ ​held​ ​about​ ​them​ ​and​ ​why;  
  • Ask​ ​how​ ​to​ ​gain​ ​access​ ​to​ ​it;  
  • Be​ ​informed​ ​how​ ​to​ ​keep​ ​it​ ​up​ ​to​ ​date; ​and  
  • Be informed about how we comply with our obligations to GDPR

 

Subject​ ​Consent  

The need to process data for specified purposes should be communicated to all data subjects and is further available in the table provided below. If we intend to market data subjects in the future we will only do so where we have ‘provable consent’ acquired by way of either a verbal recorded agreement or a preference opt-in from our website form. Consent will be specific to marketing individuals about mis-sold pensions, investments, SIPPs and other similar investment products.

If an individual could not reasonably foresee how their data will be used it is important that further information be supplied to the individual concerned. Care should be taken not to collect personal data of which the individual is unaware.

Consent must be obtained if the purpose changes. In some cases, if the data is sensitive, for example information about health, race or gender, express consent to process the data must be obtained. Processing may be necessary by way of legitimate interest for example; to operate​ ​Curzon​ ​Rose​ ​Limited​ ​t/a​ ​Pension​ ​Justice​ ​policies​ ​such​ ​as​ ​health​ ​and​ ​safety​ ​and​ ​equal​ ​opportunities.

Retention​ ​of​ ​Data

Curzon Rose Limited t/a Pension Justice will keep some forms of information for longer than others. All staff are​ ​responsible​ ​for​ ​ensuring​ ​that​ ​information​ ​is​ ​not​ ​kept​ ​for​ ​longer​ ​than​ ​necessary.  

Quality​ ​of​ ​Data

Personal data should be adequate, relevant and not excessive in relation to the purpose or purposes for which the data is processed. Data should be kept to the minimum necessary to meet the stated purpose. Personal data​ ​should​ ​also​ ​be​ ​adequate​ ​and​ ​up​ ​to​ ​date.

LEGAL BASIS FOR PROCESSING TABLE – Curzon Rose Limited t/as Pension Justice

Our use of your data Legal basis for processing
To carry out our contract with you to provide you with our service/s including claims management services, processing payment and where required provide advice Necessary for the performance of our contract with you
To assist you in deciding whether you wish to contract with us to provide you with service/s detailed above Necessary for consideration prior to entering into contract
To advise you of any changes to our service Necessary for the performance of our contract with you or to take steps to enter into a contract with you
To send you marketing information about our services that may be of interest to you You have given your consent for us to contact you
To manage the effectiveness of any online service and deliver the website service to you You have given your consent for us to track cookies
To make recommendations about our products and services You have given your consent for us to contact you
To make sure that the content of our website is presented as effectively as possible. Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively
To create statistical information which will help us manage the service we provide and make improvements to the service Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively
To monitor our website to make sure it is functioning correctly and to its optimum and to be able to correct any issues to improve the customer journey Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively
To allow our customers to access any interactive features of our website that facilitate account login to access claim information (where applicable). Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively
To protect your personal information when you use our website and when you make a purchase To protect your data and your identity