SFB Group takes the protection of your privacy very seriously. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Data controllers determine the purposes for which, and the way in which, personal data is processed. The companies within SFB Group, who are all data controllers, are SFB Group Limited and SFB Consultants Ltd. All of these entities have a registered office address of Manor Court Chambers, Townsend Drive, Nuneaton, CV11 6RU. You can find us on the Register of data controllers held by the Information Commissioner’s Office (ICO): https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
HOW DO WE COLLECT INFORMATION FROM YOU?
We obtain information about you when you engage us to deliver our services and / or when you use our website, for example, when you contact us about our services or events.
WHAT DATA DO WE COLLECT?
We need to know basic personal data in order to provide you with our services. If you do not provide this information then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need in order to provide and oversee the services we have agreed to provide you with. We may collect the following personal data from you:
- Contact information including address, telephone number and email address
- Demographic information, such as postcode, preferences and interest
- Other information relevant to the provision of our services – including your Unique Tax Reference (UTR) number, your National Insurance number and bank account details
- Your IP address, which pages you may have visited on our website and when you accessed them
We do not seek any ‘special categories of personal data’ from you, unless otherwise agreed with you. Special category data includes data relating to race or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, or criminal record.
HOW WE USE THE DATA COLLECTED
We collect this data to enable us to better understand your needs and to undertake the services you engage us to deliver. SFB Group’s legal bases for processing your data are:
- For our own internal records where there is a legitimate interest or where we are required to maintain records in accordance with applicable legal and regulatory obligations
- For the performance of a contract with you, for example where SFB processes your data in connection with providing you with a service – this could include
- the processing of financial transactions
- verifying your identity where this is required
- contacting you with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs, and where applicable, how we may assist you further
- For meeting our legal obligations with respect to the prevention and detection of crime, fraud or corruption
- To distribute marketing communications in instances where we have a legitimate interest to send such communications or where you have explicitly given us consent to receive such communications
- To contact you in response to a specific enquiry by post, email or telephone
Where your information is used other than in accordance with one of the above uses, we will obtain your consent prior to processing. We take all reasonable steps to ensure that your personal data is processed securely.
HOW LONG DO WE KEEP DATA?
We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you. The period of retention varies with the applicable legislation but is typically five or six years. To ensure compliance with all such requirements, it is the policy of SFB Group to retain all data for a period of seven years from the end of the period concerned. If you consent to marketing communications, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information.
WHO HAS ACCESS TO YOUR PERSONAL DATA?
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
SHARING YOUR PERSONAL DATA
We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, for example to process payroll or basic bookkeeping. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. Please be assured that we will not release your information to third parties unless you have requested that we do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption. It is likely that we will need to share your data with:
- SFB Group companies
- Credit Reference Agencies – To comply with anti money laundering regulations we may verify your identity electronically by matching your information against information held by Credit Reference and Fraud Prevention agencies. Details of credit histories are not made available to us and, although the data provider will add a note to your reference file to show that an identity check has been made, it cannot be used for future credit assessment purposes and does not affect your credit rating. We will not share the results of any electronic verification checks with any third parties. A copy of the results will be held on our systems to evidence that your identity has been verified. Electronic identification is a safe and accurate way of confirming your identity and usually avoids the need for you to supply us with any paper documents. However, where we cannot obtain an electronic match we may ask you to provide physical forms of identification.Further information on the Bureau that SFB Group uses for its anti money laundering and fraud prevention compliance, can be found at https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
- Our suppliers. For example, we may ask a supplier to maintain our database software, or to assist us with events, or to provide us with administration, IT and other related services.
HOW YOU CAN ACCESS AND UPDATE YOUR PERSONAL DATA
Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. If any of your information changes, please email or write to us, or call us using the ‘Contact Information’ noted below. You have the right to ask for a copy of the information SFB Group holds about you. See ‘Your Rights’ section.
SECURITY OF YOUR PERSONAL DATA
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Your data will usually be processed in our offices in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK, but within the European Economic Area (EEA). We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.
Access to your information: You have the right to request a copy of the personal information about you that we hold. Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards. Deletion of your information: You have the right to ask us to delete personal information about you where:
- you consider that we no longer require the information for the purposes for which it was obtained
- you have validly objected to our use of your personal information – see ‘Objecting to how we may use your information’ below
- our use of your personal information is contrary to law or our other legal obligations
- we are using your information with your consent and you have withdrawn your consent – see ‘withdrawing consent to use your information’ below
Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so. Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue. Withdrawing consent to use your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the ‘Contact Information’ section below if you wish to exercise any of these rights.
We seek to resolve all complaints about how we handle your personal information, but you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone – 0303 123 1113 (local rate) or 01625 545 745 Website: https://ico.org.uk/concerns