Privacy Policy

This privacy policy applies to the use of the Novia Service by existing and prospective Investors, Advisers and employees, agents and contractors of Firms, suppliers and other parties with which we have relationships.  Novia Financial Plc (“Novia”, "we", “us” or “our”) is committed to protecting and respecting your privacy. 

This policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you or your Adviser provide to us, will be processed by us or shared by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Novia Financial Plc of Cambridge House, Henry Street, Bath BA1 1JS is the data controller and responsible for your personal data covered by this privacy notice.

Our Compliance Manager is responsible for overseeing questions in relation to this privacy policy. Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:

Compliance Manager
Novia Financial plc
Cambridge House
Henry Street
Bath
Somerset
BA1 1JS

Telephone: 0345 680 8000

Email: compliance@novia-financial.co.uk

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Information we collect from you

Personal data means any information about a living individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes home address, email address and telephone numbers.
  • Financial Data includes bank account details.
  • Transaction Data includes details about investments and payments to and from you.
  • Profile Data includes your username and password, feedback and survey responses.
  • Sensitive Data comprises information about the health of Investors

We use different methods to collect data from and about you including:

  • Information you give us. This is information about you that you or your Adviser give us by applying for a Wrap Account, filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our website, and when you report a problem with our website. The information you give us includes your Identity Data, Contact Data and Financial Data. Please keep us informed if your personal data changes during your relationship with us.
  • Information we receive from other sources. This is information we receive about you from third parties, such as your Adviser.

We also collect information from your visits to our website which is anonymised and aggregated with information from other visitors and as such are not personal data.  We use this information to improve our website and user experience.   This information includes technical information such the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, browser plug-in types, operating system and platform and information on pages you viewed or searched for and your page interaction.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

Purposes for which we will use Your Personal Data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data on more than one basis depending on the specific purpose for which we are using your data. Please contact us should you need details about the lawful basis or legitimate interest we are relying on to process your personal data.

 

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new Investor
  •  Identity
  •  Contact
- Performance of a contract with you
To provide the Novia Service and administer your Wrap Account including on this website
  • Identity
  • Contact
  • Financial
  • Transaction

- Performance of a contract with you

To manage our relationship with you that will include:

- notifying you about changes to our terms or privacy policy

- if we ask you to leave a review or take a survey

- providing information on your Wrap Account as required by the regulations

  • Identity
  • Contact
  • Profile

- Performance of a contract with you

- Necessary to comply with a legal obligation

- Necessary for our legitimate interests (to keep our records updated and to study how Investors use the Novia Service) 
To enable us to contact and send information to employees, agents and contractors of suppliers and other parties with whom we have relationships in relation to use of the Novia Service 
  • Identity
  • Contact

- Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

- Necessary to comply with a legal obligation
To deliver relevant website content to Investors and  Advisers 
  • Identity
  • Contact
  • Profile

- Performance of a contract with you

To provide training on the Novia Service to Advisers,employees, agents and contractors of Firms
  • Identity
  • Contact
  • Profile
Necessary for our legitimate interests (to ensure that users understand the Novia Service and use its features effectively)
To enable us to contact and send information to Advisers, employees, agents and contractors of Firms in relation to use of the Novia Service and the products available through the Novia Service
  • Identity
  • Contact
  • Profile
Necessary for our legitimate interests (to ensure that users understand the Novia Service and use its features effectively)
To enable us to determine whether pension benefits may be taken earlier than the normal minimum pension age of 55 because of injury, sickness, disease, or disability or to comply with regulatory or legal obligations
  • Identity
  • Contact
  • Sensitive

- Performance of a contract with you

- Necessary to comply with a legal obligation

We will combine information you give to us and information we otherwise collect about you. We will use the different information we collect for the purposes set out above (depending on the types of information we receive).

We will not use your personal data to make any decisions about you on an automated basis.

How we share your information

We will only share your personal data with third parties as described in this privacy notice or where we are required to do so by law or regulation. For example we may be required to disclose personal data to reduce, prevent and detect fraud or to comply with a court order.

Organisations to which we may be required to provide your personal data include:

  • The Financial Conduct Authority
  • The Financial Ombudsman Service
  • HM Revenue & Customs
  • Crime Prevention agencies

We may disclose your personal information to members of our group and to various suppliers and sub-contractors who assist us with the provision of the Novia Service including:

  • Your Adviser
  • our hosted servers suppliers
  • software licensors
  • fund managers and discretionary fund managers
  • providers of transaction services
  • our printing and mailing supplier
  • our auditors, lawyers, bankers, and insurers who provide accounting consultancy, banking, legal and insurance services, government departments.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may choose to sell, transfer, or merge parts of our business or assets with a third party, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets but only as part of a confidential due diligence process.

Where we store your personal data

Information you provide to us is stored on secure servers located in the UK which are provided and managed by external suppliers appointed by us. The server suppliers are subject to strict contractual requirements on data security. We also have internal policies and controls in place to minimise the risk of your data being lost, misused, accidentally destroyed or disclosed.

Some of your personal data we collect may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by making certain one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

Where we use certain service providers, we will use specific contract terms approved by the European Commission which give personal data the same protection it has in EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.  We use strict procedures and security features to guard against unauthorised access of all personal data we hold.

Period for Retaining Personal Data

In general we will keep personal data for at least seven years longer than the period you hold your Wrap Account with us, but there are some exceptions. For example we will keep pension transfer records indefinitely to enable us to comply with regulatory requirements and we will retain other records where relevant to a legal claim.

Your rights

You have the following rights in relation to your personal data:

Request access to your personal data: You can ask for a copy of the personal data we hold about you free of charge. However, we may charge a reasonable fee if your request is repetitive or excessive or we may refuse to comply with your request. 

We may need to request specific information from you to help us confirm your identity to ensure that personal data is not disclosed to any person not entitled to receive it. We may also contact you to ask you for further information to speed up our response.

We try to respond to all legitimate requests within one month, but it may take longer than a month if your request is particularly complex. In this case, we will notify you and keep you updated.

Request correction of your personal data: You have the right ask for any incomplete or inaccurate data we hold about you to be corrected, though we may need to verify the accuracy of the new data provided to us.

Request the deletion of your personal data: you may ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note, however, we may not always be able to comply with your request (for example where data is retained to fulfil our regulatory obligations).

Object to processing of your personal data: where we are relying on a legitimate interest and you want to object to processing on this ground as you feel it impacts on your rights and freedoms you may object to our processing of data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data: you may ask us to restrict the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal data: where information has been provided to us either so that we can perform a contract with you or by your consent you can request the transfer of your data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a commonly used format.

Withdraw consent: You can withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you request to withdraw your consent.

If you wish to exercise any of the rights set out above, please contact our Compliance Manager.

Our website contains links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.      

Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or post. Please check back frequently to see any updates or changes to our privacy policy.