Novia Financial Plc of Cambridge House, Henry Street, Bath BA1 1JS is the data controller and responsible for your personal data covered by this privacy notice.
Novia Financial plc
Telephone: 0345 680 8000
Email: [email protected]
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information we collect from you
Personal data means any information about a living individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We use different methods to collect data from and about you including:
We also collect information from your visits to our website which is anonymised and aggregated with information from other visitors and as such are not personal data. We use this information to improve our website and user experience. This information includes technical information such the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, browser plug-in types, operating system and platform and information on pages you viewed or searched for and your page interaction.
Purposes for which we will use Your Personal Data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on more than one basis depending on the specific purpose for which we are using your data. Please contact us should you need details about the lawful basis or legitimate interest we are relying on to process your personal data.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new Investor||
||- Performance of a contract with you|
|To provide the Novia Service and administer your Wrap Account including on this website||
- Performance of a contract with you
To manage our relationship with you that will include:
- if we ask you to leave a review or take a survey
- providing information on your Wrap Account as required by the regulations
- Performance of a contract with you
- Necessary to comply with a legal obligation- Necessary for our legitimate interests (to keep our records updated and to study how Investors use the Novia Service)
|To enable us to contact and send information to employees, agents and contractors of suppliers and other parties with whom we have relationships in relation to use of the Novia Service||
- Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)- Necessary to comply with a legal obligation
|To deliver relevant website content to Investors and Advisers||
- Performance of a contract with you
|To provide training on the Novia Service to Advisers,employees, agents and contractors of Firms||
||Necessary for our legitimate interests (to ensure that users understand the Novia Service and use its features effectively)|
|To enable us to contact and send information to Advisers, employees, agents and contractors of Firms in relation to use of the Novia Service, the products available through the Novia Service and the Copia Service.||
||Necessary for our legitimate interests (to ensure that users understand the Novia Service and the Copia Service and use their features effectively)|
|To enable us to determine whether pension benefits may be taken earlier than the normal minimum pension age of 55 because of injury, sickness, disease, or disability or to comply with regulatory or legal obligations||
- Performance of a contract with you- Necessary to comply with a legal obligation
We will combine information you give to us and information we otherwise collect about you. We will use the different information we collect for the purposes set out above (depending on the types of information we receive).
We will not use your personal data to make any decisions about you on an automated basis.
How we share your information
We will only share your personal data with third parties as described in this privacy notice or where we are required to do so by law or regulation. For example we may be required to disclose personal data to reduce, prevent and detect fraud or to comply with a court order.
Organisations to which we may be required to provide your personal data include:
We may disclose your personal information to members of our group and to various suppliers and sub-contractors who assist us with the provision of the Novia Service including:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may choose to sell, transfer, or merge parts of our business or assets with a third party, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets but only as part of a confidential due diligence process.
Where we store your personal data
Information you provide to us is stored on secure servers located in the UK which are provided and managed by external suppliers appointed by us. The server suppliers are subject to strict contractual requirements on data security. We also have internal policies and controls in place to minimise the risk of your data being lost, misused, accidentally destroyed or disclosed.
Some of your personal data we collect may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by making certain one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use certain service providers, we will use specific contract terms approved by the European Commission which give personal data the same protection it has in EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We use strict procedures and security features to guard against unauthorised access of all personal data we hold.
Period for Retaining Personal Data
In general we will keep personal data for at least ten years longer than the period you hold your Wrap Account with us, but there are some exceptions. For example we will keep pension transfer records indefinitely to enable us to comply with regulatory requirements and we will retain other records where relevant to a legal claim.
You have the following rights in relation to your personal data:
Request access to your personal data: You can ask for a copy of the personal data we hold about you free of charge. However, we may charge a reasonable fee if your request is repetitive or excessive or we may refuse to comply with your request.
We may need to request specific information from you to help us confirm your identity to ensure that personal data is not disclosed to any person not entitled to receive it. We may also contact you to ask you for further information to speed up our response.
We try to respond to all legitimate requests within one month, but it may take longer than a month if your request is particularly complex. In this case, we will notify you and keep you updated.
Request correction of your personal data: You have the right ask for any incomplete or inaccurate data we hold about you to be corrected, though we may need to verify the accuracy of the new data provided to us.
Request the deletion of your personal data: you may ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note, however, we may not always be able to comply with your request (for example where data is retained to fulfil our regulatory obligations).
Object to processing of your personal data: where we are relying on a legitimate interest and you want to object to processing on this ground as you feel it impacts on your rights and freedoms you may object to our processing of data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data: you may ask us to restrict the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request transfer of your personal data: where information has been provided to us either so that we can perform a contract with you or by your consent you can request the transfer of your data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a commonly used format.
Withdraw consent: You can withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you request to withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our Compliance Manager.
Our website contains links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.