General Data Protection Regulation
Your personal data is dealt with under the new General Data Protection Regulation (GDPR), Anti-Money Laundering Regulations 2007 and the Serious Crime Act 2015. Your personal data is collected in order for us to provide you with financial advice.
At the beginning of any meeting with you we will ask you for some personal identification in order to provide you with any financial advice. We need your consent to hold, process and store your personal data and when you become a client of ours we will ask you to sign a client agreement that authorises us to do so.
What type of personal data do we need?
Before we provide you with financial advice or any of our services, we are obliged to collect and retain both photographic and address identification. Documents holding this type of data will be copied and held on your personal file with us. Should this documentation become out of date, we will need to update your records and will request this from you again. This personal data may also include sensitive information such as your physical or mental health, criminal proceedings, ethnic group or sexuality. Without knowing your financial circumstances, state of health and other personal details, we will not be able to advise you as these details are essential in determining the advice we give you.
We may take copies of your documentation for our records via a mobile phone. Be assured that if taken in this way, once relayed to your personal file, these copies will be deleted from the mobile phone within 24 hours.
Any copies taken in our offices will be made and the original documents returned to you.
Processing your data will mean collecting, copying and storing. This will also include reviewing your data from time to time and updating it when necessary. We will also need to share your data with third parties such as a product providers, insurers, regulator or auditors. We will not release your personal data to any third party for marketing purposes unless you specifically agree to this in writing.
Retaining your data
We will retain your personal data according to the FCA requirements for the areas of advice given. Retention for a minimum of 6 years is usual but we may retain this information indefinitely, in case files are required for past reviews.
Our computers hold anti-virus protection and we have a separate GDPR Agreement with our software provider for the security of personal data.
Your right to a copy of your personal data
You are entitled to have access to your personal data held by us. Your first request for this is free, but we may charge for repeat requests. If you think that any information is incorrect or incomplete you should contact our Data Protection Officer; Charles Matthews.
Your right to erasure
Customers can ask a company to delete all stored personal data about them, which we will comply with unless we need to keep that information for legal reasons, or to comply with the Financial Conduct Authority regulations on record keeping.
Clients can request a digital copy of their personal data to use however they like, including transitioning to a new service provider.
We take data security very seriously and have taken a number of steps to increase your security. Your data is held on site at our office at 1 Riverview, Walnut Tree Close, Guildford, GU1 4UX and we have taken significant measures to ensure that our computers are not able to be accessed by anyone outside of Messer & Matthews Ltd:
- Your data is held in an encrypted file on one PC.
- Our computer network is isolated from the internet using a ProSAFE Quad WAN Gigabit SSL VPN Firewall- which is a physical firewall.
- We use up to date virus protection software
- Any computer that is disposed of, either has the hard drive removed and physically destroyed before disposal or is fully erased using secure drive, multiple overwriting software.
- Clients are able to communicate with us using a secure messaging service available via our web site and we encourage clients to use this wherever possible.
A fully encrypted copy of the data is kept offsite overnight to aid in disaster recovery.
We also have a back office software system called Intelligent Office which is provided by Intellifo Ltd who also stores your data. As part of the GDPR, data controllers are required to only use processors who can provide sufficient guarantees that ensure appropriate technical and organisational measures are taken to meet the requirements of the GDPR and ensure the protection of your rights. This is in accordance with Article 28 of the GDPR. We have conducted the due diligence required and are satisfied that Intellifo and their data storage facilities are sufficiently secure. If you would like to view Intelliflo’s Data Protection Review please contact us and we can provide a copy.
Linked to our back office system is an account with Amazon AWS S3 Cloud data storage where some of your data is also held as part of the back office system in a fully encrypted file accessible only by Messer & Matthews Ltd and our back office software and uses Encryption in transit with TLS across all services.
What happens in the event of a Data breach?
In the event of a data breach in systems or our containment, the Data Protection Officer will contact both the Information Commissioner’s Office (ICO) and you, our client/s to advise them of the breach. This will be done within 72 hours but every effort will be made to contact our clients earlier. Any breach will be dealt with quickly with appropriate action being taken as soon as possible to rectify the breech.
Messer & Matthews Ltd
1 Riverview Business Park,
Walnut Tree Close
T: 01483 579123
F: 01483 302329