Lifetime Mortgages Client Privacy Notice

This privacy notice was drafted with brevity and clarity in mind, however further information can be obtained by contacting us using the details in the “How to contact us” section. More information about your data protection rights can be found via:

• UK Information Commissioner’s Office (ICO)

What Personal Information We Collect

We keep your personal information only as long as is necessary for the purpose for which it was collected, or for legal or regulatory reasons. Personal information will be securely disposed of when it is no longer required in accordance with our Personal Data Retention Standard.

Advice data is retained for 50 years to meet our regulatory requirements.

Special Category Data & Criminal Conviction Data

We may also gather more sensitive personal data, called special category data, for example, as part of recruitment. This type of data can include racial or ethnic origin, genetic or health information or sexual orientation. The processing of some of this data is necessary for us to fulfil the obligations on us. In such cases, we will always explain this during the process and explain what information we require and why it is needed. Where we do require it, we will always seek your consent. Special category data will always be processed and stored securely.

Where it is necessary, we may also collect information relating to an individual’s criminal convictions. If this is the case we will explain what information we require, why it is needed and where required, will ask you for consent.

Cookies

We also collect information about you from other sources. For example, our website automatically collects information from your computer using “cookies” which provides us with limited personal information. Cookies are small text files that are placed on your computer by websites that you visit. They’re widely used in order to make websites work, or work more efficiently, as well as to provide information to the website owners.

• You can choose not to accept any non-essential cookies for your interactions, however, in a few cases, some of our website features may not function as a result.

More information about the cookies we use on our website can be found here.

How we use your personal information

We process your information for the following purposes.

• To perform our contract with you and to support and maintain that relationship. This includes the following:
• assessing and processing an application for our services;
• providing our products and/or services to you, including the management of our relationship with you, your firm;
• carrying out transactions you have requested or on your behalf;
• monitoring or recording communications (such as telephone and video calls) with you to resolve any queries or issues and also for training and quality purposes and, in some cases to comply with regulatory requirements;
• assessing your application for products (using automated decision-making tools when necessary);
• ensuring that a firms operation meets our expectations, and those of our regulators (such as undertaking audits and investigations into network activity);
• record keeping in order to ensure our products and/or services operate within the law and relevant regulatory requirements;
• providing other services (e.g. enhanced due diligence, underwriting, reinsurance, data hosting, online services, and payments or reporting of any tax or levy).
• To comply with legal and regulatory requirements. These requirements include the following:
• confirming your identity for security and regulatory purposes;
• detecting and preventing fraud, money laundering, terrorist financing, bribery or other malpractice;
• to meet tax reporting obligations such as Common Reporting Standards (CRS) and the US Foreign Account Tax Compliance Act (FATCA); and
• to fulfil our data protection obligations.
• For specific business purposes to enable us to provide you with appropriate products and services and a secure experience. Our business purposes include the following:
• verifying your identity for security purposes;
• sending marketing communications to you which you have opted into receiving, or which are related to similar products or services, or which we think may interest you based on the relationship you have with Us or other companies in our group;
• enhancing, modifying and personalising our services for your benefit;
• to undertake Profiling activities;
• providing communications which we think will be of relevance or interest to you;
• audit and record keeping purposes;
• enhancing the security of our network and information systems;
• maintaining effective management systems including internal reporting to our parent company and other members of our corporate group;
• ensuring the integrity of our systems (for example, during final stages of testing where it is necessary to use real data to ensure that any system improvements do not interrupt business or corrupt the data);
• providing reports and other communications to you where we are required to do so; and
• customer satisfaction research, statistical analysis and wider market research to capture the views and opinions of our customers.

We may also process your personal data as part of an acquisition or sale. Should this happen, you’ll be notified about any change to processing or data controller arising as a result of this activity.

You have the right to object to us processing your personal information for some of the business purposes listed above but, if you do so, this may impact on our ability to provide some or all of our services to you.

We won’t process your employee’s data for the business purposes above. Our contractual relationship is with you and therefore any processing of data for business purposes will be undertaken with your data, not your employee’s.

Profiling

Profiling involves the use of basic identifiers about you such as your name and address and matching this with information from Experian Marketing Services to create demographics and infer customer ‘types’. This helps us define groups based on factors like interests, age, location and more so we can better understand our customers to adapt and improve our products and services. If you would like to know more about the information we get from Experian Marketing Services, you can visit their Consumer Information Portal which explains who Experian Marketing Services are, what they do and why.

Lawful Basis

We operate under a number of legal bases as required under the regulations. These include:

• Consent;
• Legitimate Interests;
• Performance of a Contract; and
• Compliance with a Legal Obligation.

Who we share your information with and why

We share your information with trusted third parties and service providers who perform tasks for us and help us to provide our products and/or services to you, and with other agencies where required by law, court order or regulation. These may include:

Other companies within the Lifetime Group

• Companies within the Quilter Plc Group
• for administrative, analytical and statistical purposes;
• for testing the information systems operated by our companies
• for producing a consolidated view of our relationship with you in order to meet our regulatory obligations and to enhance the services we can offer you.
• for handling complaints and fulfilling data subjects’ rights (such as the Right of Access)
• Companies appointed by Us (these third parties may be based in countries outside the UK or EU)
• with third parties or service providers who perform tasks for us to help us provide our services to you or to allow us to meet legal and regulatory requirements, including any necessary tax reporting, verifying your identity, source of wealth financial crime prevention or other requirements (this may involve carrying out checks with credit reference databases);
• with third parties or service providers who provide additional data about you in order to enhance our ability to design and develop new products and services that can be marketed and sold which meet the needs of our identified consumer groups and are targeted accordingly;
• with credit reference agencies to check the financial suitability of the products and services;
• with debt collection agencies for tracing and recovery of debts;
• with payment service providers to allow payments to be completed;
• with our accountants to produce tax statements and in support of statutory reporting;
• with our appointed legal or regulatory advisers or auditors;
• with information technology and information security providers;
• with a prospective buyer (or its advisors), for due diligence purposes, if we are considering a sale of any of our business or assets;
• with third parties or service providers to conduct market research on our behalf, to help us improve and develop the products and services we provide to you and our other customers;
• with third parties or service providers to conduct quality checks on the interactions between us, Quilter and you; and
• with any successor to all or part of our business. For example, in the event of a merger, acquisition, divestiture, change of control or liquidation of Lifetime Wealth Management Limited or part of its business (or in anticipation of such an event), we may share your personal data as part of that transaction where required in order to fulfil our obligations in this Notice.
• Organisations and parties appointed by you or authorised by you
• with third parties where you have given your consent to receive marketing information;
• with your accountants to produce tax statements and in support of statutory reporting
• with an appointed discretionary asset manager or custodian to meet their legal or regulatory requirements; and
• with third parties or service providers who ask for that information in order to allow us to make investments on your behalf or to continue to provide our services to you.
• Statutory authorities
• with organisations, including the police authorities and fraud prevention agencies, to prevent and detect fraud;
• with regulatory or governmental agencies such as the UK Financial Conduct Authority, UK Information Commissioner’s Office and HM Revenue and Customs;
• with professional bodies; and
• with other agencies where required by law, court order or regulation.

If you would like further information regarding the specific named recipients that we share data with, please contact us using the information in the “How to contact us” section.

How we keep your information secure

We’re committed to ensuring the confidentiality of the personal information that we hold, and we continue to review our security controls and related policies and procedures to ensure that your personal information remains secure.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure and prevented from unauthorised or accidental access, processing, copying, modification, erasure, loss or use.

If we work with third parties in countries outside the United Kingdom, we ensure these are countries that the UK Government and the European Commission has confirmed have an adequate level of protection for personal information, or the organisation receiving the personal data has provided adequate safeguards and agrees to treat your information with the same level of protection as we would.

We also utilise UK International Data Transfer Agreements and EU Standard Contractual Clauses for transfers outside of the United Kingdom or European Economic Area.

In limited circumstances, data may be accessed outside of the UK i.e. by employees when they travel. In these circumstances, we ensure there are appropriate information security measures in place to safeguard your information.

How to manage your marketing consents

You may give and withdraw consent to the receipt of marketing information at any time. If you wish to change your preferences regarding the receipt of marketing or other communications from us, the simplest way is to use the ‘unsubscribe’ link at the bottom of any marketing communication.

Alternatively, you can contact us using any of the mechanisms included in the ‘How to contact us” section of this notice.

Lifetime Assure CUSTOMER PRIVACY NOTICE

Lifetime Assure are committed to protecting your privacy and ensuring that your personal information is collected and used appropriately, lawfully and transparently.

Lifetime Assure is a trading name of Lifetime Financial Management Ltd which is registered in England and Wales. Registered Number 3652194. Directors: P Merrigan, U Ozturk, Registered Office: 12-14 Upper Marlborough Road, St Albans, Herts, AL1 3UR.

Lifetime Financial Management Ltd is authorised and regulated by the Financial Conduct Authority. Registered number 448415.

This Privacy Notice explains:

• Who we are
• What personal information we collect
• How we use your personal information
• Who we share your information with and why
• How we keep your information secure
• Your rights
• How to contact us

Who we are

Lifetime Assure provide life assurance and protection advice.

Currently Lifetime Assure determine the purposes and means of processing personal client data relating to giving advice.  This means Lifetime are data controllers for these core advice giving activities and therefore responsible for managing this client data and ensuring compliance.

However, Lifetime Assure is solely responsible for some activities, for example any direct marketing that we undertake.

What personal information we collect

Personal information includes your name, address, or phone number and other information that is not otherwise publicly available. We collect personal information about you when you contact us about products and services, visit a financial advisor, visit a website we may have or register to receive one of our newsletters (if applicable).

The type of personal information we collect will depend on the purpose for which it is collected and includes:

• Contact details
• Information to verify your identity
• Family, lifestyle, health and financial information
• Payment details.

We collect personal information directly from you.  For example, we ask for personal information at the start of our relationship and in subsequent communications in order to check your identity, and protect you from fraud. This is a legal requirement and is important to help safeguard you against potential crime.

Special category information

In some instances, it is necessary to collect more sensitive information (such as health or lifestyle information) which is called special category data.  This is to allow us to provide our financial advice service to you.  We will always obtain your consent during the advice process to gather this data and explain what information we require and why it is needed. Sensitive personal information will always be processed and stored securely.  You can withdraw your consent at any time to us processing this data, however, this may mean that you can no longer access the service or product the information was gathered for.

Cookies

We also collect information about you from other sources. For example, our website automatically collects information from your computer using “cookies” which provides us with limited personal information.  Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the website owners. For further information visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Data retention

We keep your personal information only as long as is necessary for the purpose for which it was collected and to meet regulatory or legislative requirements.  Personal information will be securely disposed of when it is no longer required, in accordance with our Data Retention and Disposal Schedule.  A copy of this is available using the contact details below.

On what basis do we collect data

The processing of your personal data is allowed under a number of lawful basis.  The data required for the provision of products and services is processed on the basis there is a contract with you to do so.  Any relevant marketing activity we undertake is done because as a firm we have a legitimate interest to do so however you have rights, as listed below, which impact how we can use and process your data.

How we use your personal information

We process your information in order to support and maintain our contractual relationship with you and to comply with legal and regulatory requirements.  This includes the following:

• Providing our advice, products or services to you
• Carrying out transactions you have requested
• Confirming and verifying your identity for security purposes
• Credit scoring and assessment, and credit management (where applicable)
• Detecting and preventing fraud, crime, money laundering or other malpractice.

We also process your data for specific business purposes to enable us to give you the best products and services and the best and most secure experience. For example, we process your information to send you marketing that is tailored to your interests.

Our business purposes include the following:

• Enhancing, modifying, and personalizing our services for the benefit of our customers
• Providing communications which we think will be of interest to you
• Market or customer satisfaction research or statistical analysis
• Audit and record keeping purposes
• Enhancing the security of our network and information systems.

You have the right to object to this processing if you wish, please see “YOUR RIGHTS” section below. Please bear in mind that if you object this may affect our ability to carry out the tasks above for your benefit.

We may also process your personal data as part of an acquisition or sale.  Should this happen, you will notified about any change to processing or data controller arising as a result of this activity.

Who we share your information with and why

We share your information with trusted third parties who perform tasks for us and help us to provide the services you require these include:

• Other companies within the Lifetime Group
• Third parties to verify your identity, in line with money laundering or other requirements (this may involve carrying out checks with credit reference databases);
• Third parties who perform tasks for us to help us set up or service your plan (these third parties may be based in countries outside the European Economic Area (EEA) but where they are, we will undertake an assessment of safeguards in place);
• Other organizations, including regulatory bodies, the police and fraud prevention agencies, to prevent and detect fraud;
• Third parties where required by law, court order or regulation; and
• Third parties as part of an acquisition or sale.

How we keep your information secure

We are committed to ensuring the confidentiality of the personal information that we hold, and we continue to review our security controls and related policies and procedures to ensure that your personal information remains secure.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure.

If we work with third parties in countries outside the EU we ensure these are countries that the European Commission has confirmed have an adequate level of protection for personal information, or the organization receiving the personal data has provided adequate safeguards.

In limited circumstances data may be accessed outside of the EEA ie by employees when they travel.  In these circumstances we ensure there are appropriate information security measures in place to safeguard your information.

Your rights

Lifetime Assure tries to be as open as it can be in terms of giving people access to their personal information and therefore have outlined your rights below.  This privacy notice was drafted with brevity and clarity in mind, therefore further information can be gathered by contacting us using the details below, or more information about your data protection rights can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Marketing

You have the right to opt out of marketing information and tell us what your communication preferences are by contacting Lifetime Financial Management using the details provided at the end of this notice or by using the opt out option below or on any email marketing. You may opt out at any time if you don’t want to receive any further communications of this nature.

Individual data rights and requests

• The purposes of the processing;
• The right to be informed – You can request that we provide ‘fair processing information’, typically through this privacy notice;
• The right of access – You may request a copy of the personal information we hold about you using the contact details found on the end of this policy;
• The right to rectification – The accuracy of your personal information is important to us. You have the right to ask us to update or correct your personal information;
• The right to erasure – You may request the deletion or removal of personal data where there is no compelling reason for its continued processing;
• The right to object – You may object to the processing of your data based on legitimate interests;
• The right to restrict processing – You have a right to request we ‘block’ or suppress processing of your personal data;
• The right to data portability – You may request to obtain and reuse your data; and
• The right not to be subject to automated decision-making including profiling.

If you wish to correct, restrict, delete or make changes to your personal information, or any of the data subject rights listed above, please contact us at the number/address listed below.

How to contact us

If you have questions about this notice, need further information about our privacy practices, or wish to give or withdraw consent, exercise preferences or correct your personal information, please contact us using the following details. Lifetime Assure will liaise with Lifetime Financial Management on your behalf to affect your requests.

The Data Protection Officer

Lifetime Financial Management

12-14 Upper Marlborough Road

St Albans

AL1 3UR

How to complain

If you wish to raise a complaint about how we have handled your personal data, you can contact The Office of Data Protection who will investigate the matter.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to our regulator:

Information Governance department
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

0303 123 1113

www.ico.org.uk/concerns

Lifetime Wealth Client Privacy Notice

This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This privacy notice explains:

• Who we are;
• Your rights;
• What personal information we collect;
• How we use your personal information;
• Who we share your information with and why;
• How we keep your information secure;
• How to manage your marketing consents; and
• How to contact us.

In this document, “We”, “Us” and refers to Lifetime Wealth, Quilter Financial Planning and its subsidiary companies.

Who we are

At Lifetime Wealth we respect your privacy and the confidentiality of your personal information.

Lifetime Wealth is a trading style of Lifetime Wealth Management Limited which is

• an appointed representative of Quilter Financial Services Limited {and Quilter Mortgage Planning Limited}

Lifetime Wealth provide financial planning solutions and advice through experienced and qualified advisers based in the UK.

Currently, Lifetime Wealth and Quilter Financial Planning (Quilter) jointly determine the purposes and means of processing personal client data relating to giving advice. This means we’re joint data controllers for these core advice giving activities and therefore responsible for managing this client data and ensuring compliance.

However, Lifetime Wealth is solely responsible for some activities, for example any direct marketing that we undertake.

We will comply with relevant data protection law. Such laws require that the personal information we hold about you must be:

• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that we have clearly explained to you;
• Relevant to the purposes we have told you about and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about; and
• Kept securely.

Your rights

We try to be as open as it can be in terms of giving people access to their personal information and therefore have outlined your rights below

You have the right to ask us:

• whether we are processing your personal information and the purposes (the right to be informed) – this is delivered through ‘fair processing information’ such as this Privacy Notice;
• for a copy of the personal information that we hold about you (the right of access);
• to update or correct your personal information (the right to rectification);
• to delete your information (the right to erasure); and
• to restrict processing of your personal information where appropriate (the right to restrict processing).

In certain circumstances you also have the right to:

• object to the processing of your personal information (the right to object);
• object to automated decision making and profiling (the right not to be subject to automated decision-making including profiling); and
• request that information about you is provided to a third party in a commonly used, machine readable form (the right to data portability).

Exercising your rights

For information about your individual rights, including how to correct, restrict, delete, make changes to your personal information or if you wish to request a copy of the personal information we hold about you, please contact us by emailing us at QFPDataGuardian@quilter.com.

More information about your data protection rights can be found on the Information Commissioner’s Office (ICO) website.as well as on other regulators’ websites.

If you would like to write to us, our postal address for data protection matters is:

The Office of Data Protection
Quilter Financial Planning
Senator House
85 Queen Victoria Street
London
EC4V 4AB

However, we have adopted a flexible model for working so please note that written communications will take longer to respond to.

Further information

This privacy notice was drafted with brevity and clarity in mind, however further information can be obtained by contacting us using the details in the “How to contact us” section. More information about your data protection rights can be found via:

• UK Information Commissioner’s Office (ICO)

What personal information we collect

Personal data means information by which you may be personally identified directly or indirectly.

We collect certain personal information about you, this includes your name, address, or phone number and other information. We collect this information about you when you:

• Use our website and secure online services;
• Complete a fund application;
• Apply for and receive our services;
• complete our application form;
• Visit a financial adviser; and
• Register to receive one of our newsletters, communications or attend an event organised by Us.

The type of personal information we collect will depend on the purpose for which it is collected and may include:

• Information about you to help identify you and manage your relationship with Quilter and, in some circumstances, as required by our regulators (e.g. Account number, Customer ID or Number, Name, Address, Age / Date(s) Of Birth, Dependents’ Details, Tax ID, National Insurance Number, Identity Check Information (e.g. Mother’s Maiden Name, Name of First Pet), Email Address(es), Marital Status, Name(s), Postcode, Telephone Number(s), Title, Gender);
• Information about your account with us (e.g. Past engagements with Quilter, Personal Preferences, Marketing Preferences, Policy and investment information, etc);
• Copies of documentation (e.g. statements, letters, copies of official documents (e.g. passports, driving licences, etc));
• Economic and financial information (e.g. credit card numbers, bank details, Past investment performance, etc and information pertaining to County Court Judgements (CCJs) and any debt history);
• Investment preferences (e.g. your views and preferences around portfolios in which to invest, or not to invest in which may indirectly reveal some religious, political or philosophical views that you hold);
• Audio and visual information when we are recording interactions with you, or when you visit one of our premises (e.g. call recordings or Closed Circuit Television);
• Employment and educational information (e.g. employer details, relevant professional qualifications, etc);
• Marketing / Communications Data (e.g. Information relating to Marketing and External Communications (e.g. Marketing Campaigns, Opt In Information, etc));
• Lifestyle, Health and Medical information for you, your family and other parties with a material interest in the product(s) (e.g. specific illness, smoker, disability, gender reassignment);
• Relationship Information (e.g. information relating to other parties directly associated with your policy (e.g. dependents, beneficiaries, trustees, etc); and
• Complaint Information (e.g. Complaint Details, Complaint Description, Complaint Details, complaint Type, Reason/Details of the complaint),

We collect personal information directly from you. For example, we ask for personal information at the start of our relationship (e.g. when you apply for a policy or service) and in subsequent communications in order to manage our relationship.

If we provide a service to your employees or a scheme, then personal data in relation to those employees or members of the scheme isn’t processed by Us as part of the standard corporate advice process. This information is normally provided directly to the product provider.

In limited circumstances, we may need to collect employee personal data, and where we do, we act as data processer and it’s therefore provided to Us by yourself, with the knowledge and consent of your employees. 

Where we provide our services to trusts, we collect the personal information listed for the settler, beneficiaries and trustees of that trust. Where we provide our services to companies we may collect personal information for Directors, Shareholders and Beneficial Owners of the company. Where we provide our services to charities, we may collect personal information about the trustees or directors of that charity.

We may also collect information about you from other sources such as:

• another agent (if you have one);
• external third parties (e.g. credit reference agencies to verify your identity and to check financial soundness); and
• from Cookies. (Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the website owners). To learn more about information collected through cookies, please click here.

Data Retention

We keep your personal information only as long as is necessary for the purpose for which it was collected, or for legal or regulatory reasons. Personal information will be securely disposed of when it is no longer required in accordance with our Personal Data Retention Standard.

Advice data is retained for 50 years to meet our regulatory requirements.

Special category data and criminal conviction data

We may also gather more sensitive personal data, called special category data, for example, as part of recruitment. This type of data can include racial or ethnic origin, genetic or health information or sexual orientation. The processing of some of this data is necessary for us to fulfil the obligations on us. In such cases, we will always explain this during the process and explain what information we require and why it is needed. Where we do require it, we will always seek your consent. Special category data will always be processed and stored securely.

Where it is necessary, we may also collect information relating to an individual’s criminal convictions. If this is the case we will explain what information we require, why it is needed and where required, will ask you for consent.

Cookies 

We also collect information about you from other sources. For example, our website automatically collects information from your computer using “cookies” which provides us with limited personal information. Cookies are small text files that are placed on your computer by websites that you visit. They’re widely used in order to make websites work, or work more efficiently, as well as to provide information to the website owners.

• You can choose not to accept any non-essential cookies for your interactions, however, in a few cases, some of our website features may not function as a result.

More information about the cookies we use on our website can be found here.

How we use your personal information

We process your information for the following purposes.

• To perform our contract with you and to support and maintain that relationship. This includes the following:
• assessing and processing an application for our services;
• providing our products and/or services to you, including the management of our relationship with you, your firm;
• carrying out transactions you have requested or on your behalf;
• monitoring or recording communications (such as telephone and video calls) with you to resolve any queries or issues and also for training and quality purposes and, in some cases to comply with regulatory requirements;
• assessing your application for products (using automated decision-making tools when necessary);
• ensuring that a firms operation meets our expectations, and those of our regulators (such as undertaking audits and investigations into network activity);
• record keeping in order to ensure our products and/or services operate within the law and relevant regulatory requirements;
• providing other services (e.g. enhanced due diligence, underwriting, reinsurance, data hosting, online services, and payments or reporting of any tax or levy).
• To comply with legal and regulatory requirements. These requirements include the following:
• confirming your identity for security and regulatory purposes;
• detecting and preventing fraud, money laundering, terrorist financing, bribery or other malpractice;
• to meet tax reporting obligations such as Common Reporting Standards (CRS) and the US Foreign Account Tax Compliance Act (FATCA); and
• to fulfil our data protection obligations.
• For specific business purposes to enable us to provide you with appropriate products and services and a secure experience. Our business purposes include the following:
• verifying your identity for security purposes;
• sending marketing communications to you which you have opted into receiving, or which are related to similar products or services, or which we think may interest you based on the relationship you have with Us or other companies in our group;
• enhancing, modifying and personalising our services for your benefit;
• to undertake Profiling activities;
• providing communications which we think will be of relevance or interest to you;
• audit and record keeping purposes;
• enhancing the security of our network and information systems;
• maintaining effective management systems including internal reporting to our parent company and other members of our corporate group;
• ensuring the integrity of our systems (for example, during final stages of testing where it is necessary to use real data to ensure that any system improvements do not interrupt business or corrupt the data);
• providing reports and other communications to you where we are required to do so; and
• customer satisfaction research, statistical analysis and wider market research to capture the views and opinions of our customers.

We may also process your personal data as part of an acquisition or sale. Should this happen, you’ll be notified about any change to processing or data controller arising as a result of this activity.

You have the right to object to us processing your personal information for some of the business purposes listed above but, if you do so, this may impact on our ability to provide some or all of our services to you.

We won’t process your employee’s data for the business purposes above. Our contractual relationship is with you and therefore any processing of data for business purposes will be undertaken with your data, not your employee’s.

Profiling

Profiling involves the use of basic identifiers about you such as your name and address and matching this with information from Experian Marketing Services to create demographics and infer customer ‘types’. This helps us define groups based on factors like interests, age, location and more so we can better understand our customers to adapt and improve our products and services. If you would like to know more about the information we get from Experian Marketing Services, you can visit their Consumer Information Portal which explains who Experian Marketing Services are, what they do and why.

Lawful basis

We operate under a number of legal bases as required under the regulations. These include:

• Consent;
• Legitimate Interests;
• Performance of a Contract; and
• Compliance with a Legal Obligation.

Who we share your information with and why

We share your information with trusted third parties and service providers who perform tasks for us and help us to provide our products and/or services to you, and with other agencies where required by law, court order or regulation. These may include:

• Other companies within the Lifetime Group
• Companies within the Quilter Plc Group
• for administrative, analytical and statistical purposes;
• for testing the information systems operated by our companies
• for producing a consolidated view of our relationship with you in order to meet our regulatory obligations and to enhance the services we can offer you.
• for handling complaints and fulfilling data subjects’ rights (such as the Right of Access)
• Companies appointed by Us (these third parties may be based in countries outside the UK or EU)
• with third parties or service providers who perform tasks for us to help us provide our services to you or to allow us to meet legal and regulatory requirements, including any necessary tax reporting, verifying your identity, source of wealth financial crime prevention or other requirements (this may involve carrying out checks with credit reference databases);
• with third parties or service providers who provide additional data about you in order to enhance our ability to design and develop new products and services that can be marketed and sold which meet the needs of our identified consumer groups and are targeted accordingly;
• with credit reference agencies to check the financial suitability of the products and services;
• with debt collection agencies for tracing and recovery of debts;
• with payment service providers to allow payments to be completed;
• with our accountants to produce tax statements and in support of statutory reporting;
• with our appointed legal or regulatory advisers or auditors;
• with information technology and information security providers;
• with a prospective buyer (or its advisors), for due diligence purposes, if we are considering a sale of any of our business or assets;
• with third parties or service providers to conduct market research on our behalf, to help us improve and develop the products and services we provide to you and our other customers;
• with third parties or service providers to conduct quality checks on the interactions between us, Quilter and you; and
• with any successor to all or part of our business. For example, in the event of a merger, acquisition, divestiture, change of control or liquidation of Lifetime Wealth Management Limited or part of its business (or in anticipation of such an event), we may share your personal data as part of that transaction where required in order to fulfil our obligations in this Notice.
• Organisations and parties appointed by you or authorised by you
• with third parties where you have given your consent to receive marketing information;
• with your accountants to produce tax statements and in support of statutory reporting
• with an appointed discretionary asset manager or custodian to meet their legal or regulatory requirements; and
• with third parties or service providers who ask for that information in order to allow us to make investments on your behalf or to continue to provide our services to you.
• Statutory authorities
• with organisations, including the police authorities and fraud prevention agencies, to prevent and detect fraud;
• with regulatory or governmental agencies such as the UK Financial Conduct Authority, UK Information Commissioner’s Office and HM Revenue and Customs;
• with professional bodies; and
• with other agencies where required by law, court order or regulation.

If you would like further information regarding the specific named recipients that we share data with, please contact us using the information in the “How to contact us” section.

How we keep your information secure

We’re committed to ensuring the confidentiality of the personal information that we hold, and we continue to review our security controls and related policies and procedures to ensure that your personal information remains secure.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure and prevented from unauthorised or accidental access, processing, copying, modification, erasure, loss or use.

If we work with third parties in countries outside the United Kingdom, we ensure these are countries that the UK Government and the European Commission has confirmed have an adequate level of protection for personal information, or the organisation receiving the personal data has provided adequate safeguards and agrees to treat your information with the same level of protection as we would.

We also utilise UK International Data Transfer Agreements and EU Standard Contractual Clauses for transfers outside of the United Kingdom or European Economic Area.

In limited circumstances, data may be accessed outside of the UK i.e. by employees when they travel. In these circumstances, we ensure there are appropriate information security measures in place to safeguard your information.

How to manage your marketing consents

You may give and withdraw consent to the receipt of marketing information at any time. If you wish to change your preferences regarding the receipt of marketing or other communications from us, the simplest way is to use the ‘unsubscribe’ link at the bottom of any marketing communication.

Alternatively, you can contact us using any of the mechanisms included in the ‘How to contact us” section of this notice.

How to contact us

If you have questions about this notice, or need further information about our privacy practices, or wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection team who will investigate the matter.

The Office of Data Protection

Quilter Financial Planning Limited

Senator House

85 Queen Victoria Street

London

EC4V 4AB

QFPDataGuardian@quilter.com

How to complain

If you are not satisfied with our response you can complain to our regulator:

Information Governance department
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

www.ico.org.uk/concerns