Privacy Notice
We are committed to protecting and respecting privacy.
As part of this commitment, we aim to share our principles and practices for collecting, using, storing, and disclosing personal information.
Please read this notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information generally, individual rights in relation to personal information and how to contact us and supervisory authorities in the event of a complaint.
Who we are
Succession Employee Benefit Solutions Limited is part of the Aviva group of companies and is authorised and regulated by the Financial Conduct Authority.
Succession Employee Benefit Solutions Ltd is the company responsible as “controller” of personal information, registered in England (company number 08146349). Registered office address: The Apex, Brest Road Derriford Business Park, Derriford, Plymouth, United Kingdom, PL6 5FL. Authorised and regulated by the Financial Conduct Authority. Firm Reference Number: 767956.
Scope
This notice relates to all data subjects whose personal information is processed by Succession Employee Benefit Solutions Limited and describes how we collect and use personal information about prospective or current clients and their employees.
Our collection and use of your personal information
When we mention “we,” “our” or “us,” we mean the relevant company in the Succession group that processes personal information.
We collect personal information when enquiries are made regarding our services and when our services are utilised. This information may be provided directly by individuals about themselves, or obtained indirectly, in the following scenarios:
Our corporate client may supply employee personal information for the provision of employee benefit schemes and related services;
We may gather information about dependants from employees of our corporate clients to facilitate the implementation of necessary schemes;
Organisations providing employee benefit services, such as insurers;
Verification agencies for the purposes of identity checks;
Other third parties, such as business partners, sub-contractors in technical, payment and delivery services.
We are committed to ensuring that the personal information we collect, and use is appropriate and does not constitute an invasion of privacy.
We may process both manually and by electronic means, the following categories of personal information:
Information about identity (e.g. name, gender, date of birth);
Contact details (e.g. address, telephone number, email address);
Employment details (e.g. job role or department);
Transactional details (e.g. details of services supplied);
Financial information (e.g. salary and bank account details);
Verification information (e.g. National Insurance Number, identification documents);
Interaction history (e.g. meetings, telephone calls, emails, and letters);
Information provided about others including dependants (e.g. joint applicants or beneficiaries for products we advise on).
We may process your personal information by using a third-party solution which incorporates artificial intelligence technology ("Solution"). The Solution has a recording and transcribing function as well as an automated function which identifies relevant information from the meeting and inputs that information into the relevant associated documentation in our records. The Solution may be used during meetings with you and to assist with the delivery of our products and services to you. Use of the Solution will enable us to have an accurate note of the meeting and capture relevant information you provide to us during meetings The personal information captured will be subject to Planner oversight and decision-making throughout to ensure the quality and accuracy of the output from the Solution.
We only use artificial intelligence tools and systems subject to an agreed set of terms and conditions, as well as applicable law and we hold all third-party suppliers with whom we work, accountable to these requirements.
We will use this information:
to carry out our obligations arising from any contracts entered and to provide the services requested;
for the purposes of providing advice, administration, transacting and management or any other purpose necessary for the services; and
to meet any necessary legal and regulatory obligations.
We may, with explicit consent, contact individuals or pass details to other companies associated with us to contact individuals (including by telephone) with details of any other similar products, promotions, or for related marketing purposes which we think may be of interest.
We will only process special category personal information with consent. Special category personal information means information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation.
If you provide personal information to us about other individuals, you should show them this notice.
If you provide special category personal information to us about other individuals, please ensure that you have their explicit consent. Alternatively, please ensure that you are satisfied that by providing such special category personal information you are complying with data protection requirements that mandate sharing such information.
Our use of children’s personal information
Generally, we would only process a child’s name and date of birth, unless further details were required to fulfil a specific service request, such as to establish health or life insurance. We consider that children are people under 18 years of age. Whenever we collate information for children, we would always explain why the information is needed. Where a child is party to the contract, we would always consider the child’s capacity to understand the contract they are entering into.
We will never use the child’s personal information for marketing purposes.
Our legal basis for processing your personal information
We are required by law to have a specific reason for collecting and using personal information. We will only process personal information where we have a valid reason to do so under data protection legislation as follows:
Contract - we will process personal information for the purpose of fulfilling contractual obligations or to meet a pre-contractual request.
Consent – we will request explicit consent for the following purposes; - processing and sharing special category personal information in connection with product applications - provision of marketing information to raise awareness of our products and services that may be of interest
Legal obligation - in some circumstances we are permitted by law to process personal information.
Legitimate interests - we may use personal information for our, or a third party’s legitimate business interest. When processing personal information to meet our legitimate business interests, we put in place robust safeguards to protect privacy and to ensure that our legitimate interests are not overridden by fundamental rights and freedoms.
Some of the above reasons may overlap and there may be several legal bases for processing which justify our use of personal information.
Who we share your personal information with
We use more than one company in our group to deliver our services. We may share personal information with other Succession group companies as part of our commitment to offer services.
We may share personal information with employers, scheme providers, our compliance consultants, the FCA or any other regulatory, statutory, governmental, industry bodies including, where relevant, solicitors and/or other debt collection agencies for debt collection purposes and carrying out operations on the information or data.
We use third party companies to provide services so we can deliver our services. For example, IT systems and software and associated support services to ensure they continue to operate effectively and compliance consultants. We may disclose personal information to anyone in the future who may buy or merge with our business. If we merge with another company or if we are sold, then we will need to share information with the other party. In the event of a sale of any part of our business we may have to pass personal information to another party in a transaction where it is not possible to separate it from the information we need to pass to them. We will only do this where there is not a viable alternative.
Where we store your personal information
We take the security of data very seriously and follow best practice on data security.
If personal information is processed outside of the UK, we will ensure that we put in place appropriate safeguards to protect personal information, such as, appropriate contractual arrangements and assurances including (but not limited to) recognised certification schemes.
Steps are taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Measures are also taken to safeguard against unauthorised or unlawful processing, accidental loss, destruction, or damage to the data.
Product Providers may administer policies, including any existing ones and provide other services, from centres in countries outside of the UK that do not always have the same standard of data protection laws as the UK. However, they are required to put a contract in place to ensure adequate protection of information, and they will remain bound by their obligations under the General Data Protection Regulation.
How long will you keep my personal information?
We will keep personal information securely for as long as is necessary for the purpose it was collected
Generally, we will retain most personal information for the duration of the relationship and time limits are applied thereafter, based on type of data. Some records need to be retained indefinitely to meet FCA regulation.
Our Data Retention Policy is available upon request. Actual retention periods may vary depending on each individual’s circumstances, but we would always inform as part of our privacy information obligations.
Your rights
Under the General Data Protection Regulation, individuals have a number of important rights. In summary, those include rights to:
access to personal information and supplementary information covered by this notice
require us to correct any mistakes in information which we hold
require the erasure of personal information in certain situations
receive personal information, in a structured, commonly used, and machine-readable format and have the right to transmit this data to a third party in certain situations
object at any time to processing of personal information for direct marketing,
object to decisions being taken by automated means which produce legal effects or similarly significantly affect them
object in certain other situations to our continued processing of personal information
otherwise restrict our processing of personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
We may ask for proof of identity when an individual makes a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.
Where explicit consent has been provided for the processing of personal information, the right to withdraw consent exists at any time by contacting dataprotection@successionwealth.co.uk. Please note however that withdrawal of consent, or failure to provide it, could mean that we have insufficient information to provide our services. Where that is the case, notification will be provided before taking any action.
Contact Us
We would be happy to answer any questions, comments, requests or concerns you may have about the way we use your personal information.
If you wish to contact our Data Protection Officer, please send an email to dataprotection@successionwealth.co.uk or write to Succession Wealth, 60 Church Street (7th Floor), Birmingham B3 2DJ or call 0121 212 9212.
You also have the right to lodge a complaint to the Information Commissioner’s Office at www.ico.org.uk or by calling 0303 123 1113.