Last updated 14th February 2019
This policy explains how we collect and protect any personal data you provide us with, what we do with it, and how you can control the personal data we collect from you. It sets out how we intend to use your data, who we might need to share it with and your data protection rights.The policy applies however you provide personal data to us, whether via our website, in a Wealthflow Money Coach group workshop, a one-to-one Wealthflow Money Coach session or if you telephone, email, write to or text us.
The Wealthflow Money Coach Programme is provided by Wealthflow LLP. Our main business address is: Regus Abbey House, 83 Princes Street, Edinburgh EH2 2ER. Wealthflow LLP is a Data Controller registered with the UK Information Commissioner’s Office with Reference number: Z9729925. Wealthflow’s Data Protection Officer is Duncan Glassey; firstname.lastname@example.org
Personal data means any information capable of identifying an individual. When you book onto the Wealthflow Money Coach Programme we may collect the following data:
- your first and last name
- your contact details: postal address, telephone number and email address
- purchases and orders made by you
- financial data including your payment preferences
- your online browsing activities on the Wealthflow Money Coach website including which items you store in your shopping cart or wish list
- information about the device you use to browse our websites including the IP address and device type
- your location
- your correspondence and communications with us
This list is not exhaustive and in specific instances we may need to collect additional data for the purposes set out in this policy. Some personal data is collected directly, for example when you set up an online account on the Wealthflow Money Coach website or send an email to our customer support team. Other personal data is collected indirectly, for example when you browse our websites or undertake online shopping activity.
We do not collect any sensitive data about you. Sensitive data refers to data relating to your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, etc.
We do not collect any information about criminal convictions and offences.
Detailed information is set out in our Cookies Policy and is provided to ensure you are fully aware of the cookies we use, allowing you to make an informed choice about your acceptance of cookies.
We use the personal data you provide primarily to verify your identity and manage your account. Your data might also be used:
- To provide goods and services to you.
- For crime and fraud prevention, detection and related purposes.
- With your agreement, to contact you about services which we think may interest you.
- For analysis, insight and research purposes to better understand your needs and ensure we deliver the services you need.
- Where we need to comply with a legal or regulatory obligation.
If you have purchased goods or services from us, you may receive marketing communications. You have the right to withdraw consent to marketing material at any time. You can opt out either via an unsubscribe link or by contacting us via email with your opt out request.
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.
We only use your personal data for the purposes for which we collected it, or a reason compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected it, we will notify you. We may process your personal data without your knowledge or consent where this is required by law.
We may occasionally have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
The legal basis for our processing of your personal data is as set out below:
1) As necessary to perform our contract with you:
- For the purposes of complying with our duties and exercising our rights under a contract for the sale of goods or services to a customer.
2) As necessary for the pursuit of our legitimate interests, including:
- Selling and supplying goods or services to our customers.
- Promoting, marketing and advertising our products and services.
- Sending promotional communications which are relevant and tailored to individual customers.
- Understanding our customers’ behaviour, activities, preferences, and needs.
- Improving existing products and services and developing new products and services.
- Good governance, accounting and managing and auditing our operations and complying with our legal and regulatory obligations.
- Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.
- Handling customer contacts, queries, complaints or disputes.
- Protecting our company, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us.
- Handling any legal claims or regulatory enforcement actions taken against us
- Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
3) As necessary for complying with our legal obligations including:
- Where you exercise your rights under data protection laws.
- For compliance with legal and regulatory requirements.
- To establish or defend legal rights.
4) Based on your consent:
- For example in relation to sending direct marketing communications via email or text message.
You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
We have appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Take care and be attentive when sharing personal data. No one from our company will ever ask you to confirm bank account or credit card details via email. If you receive an email claiming to be from Wealthflow Money Coach asking you to do so, please do not respond.
If you are using a mobile device in a public location, we recommend you always log out and close the website browser when you complete an online session.
In addition, we recommend you take the following measures to enhance your online safety:
- Keep your account passwords private.
- When creating a password, use a letter and number combination of at least 8 characters. Do not use a word that can be easily guessed such as your name, email address, or other personal data. It is also good practice to regularly change your password. You can do this in your account settings.
- Avoid using the same password for different online accounts.
We will not retain your data for longer than necessary for the purposes set out in this policy.
To determine the appropriate retention period for personal data, we consider:
- the amount, nature, and sensitivity of the personal data,
- the potential risk of harm from unauthorised use or disclosure of your personal data,
- the purposes for which we process your personal data and whether we can achieve those purposes through other means, and
- the applicable legal requirements.
For tax purposes we are legally obliged to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers. For users that register via our website, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit this information. All password detail is encrypted.
In some circumstances, for example for research or statistical purposes, we may anonymise personal data. Anonymised data cannot be associated with an identified individual. We may use anonymised data indefinitely without further notice to you.
To deliver products and services to you, it is sometimes necessary to share your personal data outside of the European Economic Area (the EEA). This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.
If we transfer personal data outside the EEA, we will ensure the transfer is compliant with data protection law and all personal data will be secure. Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are taken as regards the data in the overseas location; alternatively, we use standard data protection laws.
You have the following data protection rights:
- The right to be informed about our processing of your personal data.
- The right to request access to personal data we hold about you at any time.
- The right to ask us to update any out-of-date or incorrect personal data we hold.
- The right to object to processing of your personal data and/or to withdraw any consent you have given us and to opt out of marketing communications.
- The right to prevent processing that is likely to cause damage or distress.
- Certain rights in relation to automated decision making, including profiling.
- The right to request we erase your personal data, for example when the data is no longer necessary for the purpose for which it was collected.
If you wish to exercise any of the above rights, contact us either by post: Duncan Glassey, Data Protection Officer, Wealthflow LLP, Regus Abbey House, 83 Princes Street, Edinburgh EH2 2ER or by email: email@example.com
If you are not happy with any aspect of how we collect and use your data please contact us so we can try to resolve your complaint. You also have the right to complain to the Information Commissioner’s Office (www.ico.org.uk), the UK supervisory authority for data protection issues.
You will not have to pay a fee to access your personal data (or to exercise any of the other data protection rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
To ensure your right to access personal data, we may need to request specific information to confirm your identity. This is a security measure designed to ensure personal data is not disclosed to a person who has does not have the right to receive it.
This site may include embedded content. Embedded content from other websites behaves in the same way as if the visitor has visited the source website.
Clicking on links or enabling connections may allow third parties to collect or share data. We cannot control third party websites and are not responsible for their privacy policies. We encourage you to read the privacy notice of every website you visit.