1. GENERAL
1.1 Henry Dannell Private Clients (“we” “us” “our”) is committed to protecting and respecting your privacy. We are the data controller and will process your personal data in accordance with the Data Protection Act 2018, Regulation (EU) 2016/679 (the “GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended from time to time as well as any national laws which relate to the processing of personal data (“data protection legislation”).
1.2 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
1.3 This Privacy Policy aims to give you information on how Henry Dannell Private Clients Limited collects and processes your personal data through your use of this website, including any data you may provide through this website.
1.4 Please read the following carefully to understand our views and practices regarding Your Data and how we will treat it.
1.5 This website is not intended for children, and we do not knowingly collect data relating to children.
1.6 It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.
This policy applies to information we collect about:
- Visitors to our website(s)
- Customers
- Introducers
- Suppliers
2. VISITORS TO OUR WEBSITE(S)
2.1 We may collect and process personal data about you in the following circumstances:
2.1.1 when you complete the online contact forms on our websites (“Sites”) providing us with your name, address, email address and contact number;
2.1.2 whenever you provide information to us when reporting a problem with our Sites, making a complaint, making an enquiry, or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
2.1.3 when you visit our Sites, we will retain details such as traffic data, location data, weblogs and other communication data, and the resources that you access (see section 2.2.2 on Cookies below); and
2.1.4 whenever you disclose your information to us, or we collect information from you in any other way, through our Sites.
2.2 We may also collect data in the following ways:
IP Address
2.2.1 We may collect information about your device, including, where available, your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is a form of Aggregated Data called statistical data that can be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, we may combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, and we treat this combined data as personal data will be used in accordance with this Privacy Policy.
Cookies and Tracking
2.2.2. A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. We use strictly necessary cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. In addition, we also use cookies on this website to:
a) recognise you whenever you visit this website; this speeds up your access to the website as you do not have to log in each time;
b) obtain information about your preferences, online movements and use of the internet; this enables us to personalise our content for you and remember your preferences, for example, your choice of language or region, to make your online experience more efficient and enjoyable;
c) carry out research and statistical analysis to help improve our content, products and services and to help us better understand our customer requirements and interests; this allows us to recognise and count the number of visitors and to see how visitors move around our website when they are using it; this helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily;
d) target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; we may also share this information with third parties for this purpose.
2.2.3 Description of Cookies
We may use the following categories of cookies on our website:
Strictly necessary | These are cookies which are essential for certain features of our website to work. These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies we will be unable to provide all or part of our services to you.
Performance monitoring | We use these cookies to collect details on an anonymous basis about how you use our websites. This information may be used to help us improve our websites and understand how effective our adverts are. In some cases, we use trusted third parties to collect this information for us, but they only use the information for the purposes explained.
Functionality | These cookies are used to provide services or remember your settings. These cookies are aimed at enhancing your user experience by remembering your preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
| Cookie Name | Expiration Date | Description |
|---|---|---|
| _cfduid | Used by the content network Cloudflare to identify trusted web traffic | 1 year |
| PHPSESSID | Used to preserve a user session across page requests | Session |
| _ga | 2 years | Used to distinguish users |
| _gid | 24 hours | Used to distinguish users |
| _gat | 1 minute | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named: _dc_gtm_(property-id) |
| AMP_TOKEN | 30 seconds to 1 year | Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service |
| _gac_(property-id) | 90 days | Contains campaign-related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out |
2.2.4 Consent
In most cases we will ask for your consent in order to use cookies on this website. Please note that we do not require your consent where the cookie is essential in order for us to provide you with a product or service you have requested.
2.2.5 How to Turn off Cookies
If you do not want to accept cookies, you can change your browser settings accordingly. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.
2.3 We may use your personal data for our legitimate interests in order to:
2.3.1 provide you with information or services that you requested from us;
2.3.2 respond to an enquiry submitted via our online contact forms;
2.3.3 allow you to participate in interactive features of our Sites, when you choose to do so;
2.3.4 ensure that content from our Sites is presented in the most effective manner for you and for your device;
2.3.5 improve our Sites and services;
2.3.6 process and deal with any complaints or enquiries made by you; and
2.3.7 contact you for marketing purposes where you have signed up for these (see Section 6 on Marketing for further details).
Website Links
2.4 Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data, and we do not accept any responsibility or liability for these policies. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2.5 Unless provided with your consent, we do not collect any Special Categories of Personal Data about you (this includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, information about your health). Nor do we collect any information about criminal convictions and offences without consent. This provision applies to all categories of persons described in this Privacy Policy.
3. CUSTOMERS
3.1 We will collect details such as name, address, email address, contact number, date of birth, national insurance number and financial information in order to provide services to customers. We may also receive details of credit checks undertaken where you have supplied these to us.
3.2 We will share customer personal information with our employees to manage our relationship with you and we will retain customer personal data for a maximum of 80 years.
3.3 We will use your personal data provided to comply with our contractual obligations arising from the agreements we enter into with our customers and share the data with financial institutions who can assist in the provision of financial services to customers including product providers, lenders, banks, insurers, fund managers, platform providers and third party paraplanners.
3.4 We will use customer personal data for our legitimate interests including:
3.4.1 sharing personal data with Paradigm Mortgage Services* as they provide third-party compliance services to us. Further details regarding how Paradigm will use personal customer data can be found in its Privacy Policy, which can be found on its website at https://www.paradigm.co.uk/mortgages/ or by contacting Paradigm on 03300 536 061;
3.4.2 with your consent, marketing our other products and services by mail and email; and
3.4.3 with your consent, obtaining your sensitive personal data from third parties including your health, ethnic origin, or criminal prosecutions from third parties such as employers and credit reference agencies, fraud prevention agencies and other similar organisations.
3.5 We will not transfer any customer personal data outside the United Kingdom unless permitted to do so by data protection legislation (see section 9 on Cross-Border Data Transfers in this Privacy Policy).
*Group companies include Paradigm Partners Limited, Paradigm Consulting, Paradigm Mortgage Services LLP, Paradigm Protect and its associated companies.
4. SUPPLIERS
4.1 We will collect details such as contact names, address, email address and telephone number in order to contact you about goods and/or services we have ordered from you, to comply with our contractual obligations and to place further orders. We may share your personal data with our employees to manage our relationship with you and we will keep your personal data for as long as we require your goods and/or services subject to a maximum of six years from the date of our last contact with you. We will not transfer your personal data outside the United Kingdom unless permitted to do so by data protection legislation (see section 9 on Cross-Border Data Transfers in this Privacy Policy).
5. INTRODUCERS
5.1. We will collect details such as name, address, contact numbers, financial information and employment references via the introducer application forms. We may also receive details of credit checks undertaken where you have supplied these to us or where you have given consent for these details to be collected on your behalf. Depending on the legal structure of the prospective introducer, such personal data may relate to a sole trader, directors, company secretaries, shareholders, and partners.
5.2 In order to comply with our legal obligations, we will:
5.2.1 use your personal data to ensure you are suitable to act as an introducer and we satisfy the requirements of the ‘Principles for Business’ in accordance with the Financial Services and Markets Act 2000 (“FSMA”) and Financial Conduct Authority Handbook rules;
5.2.2 pass your personal data to the Financial Conduct Authority in order to comply with our legal obligations and may also pass your personal data to the Financial Ombudsman Services and the Financial Services Compensation Scheme to assist with an investigation or complaint or the Prudential Regulation Authority, Solicitors Regulation Authority, European Accounting Association or other authorities required by law; and
5.2.3 use your personal data to facilitate the payment of commissions to you.
5.3 We may share your personal data with our employees to manage our relationship with you and we will keep your personal data for as long as you are introducers to us subject to a maximum of seven years from the date of our last contact with you or expiry of our last contract. We will not transfer your personal data outside the United Kingdom unless permitted to do so by data protection legislation (see section 9 on Cross-Border Data Transfers in this Privacy Policy).
6. MARKETING
6.1 We may use customer personal data to provide you with details about our services, products, business updates and events which we think may be of interest. We will only send you marketing correspondence where you have given us your consent to do so.
6.2 You have the right to opt-out of receiving the information detailed in Section 6.1 at any time. To opt-out of receiving such information you can:
6.2.1 tick the relevant box situated in the form on which we collect your information;
6.2.2 clicking the unsubscribe button contained in any such communication received; or
6.2.3 email us at info@henrydannell.co.uk or call 0204 5999 444 providing us with your name and contact details. It may take up to seven days for this to take place.
6.3. Where you have subscribed to receive marketing correspondence from us, we will keep your personal data for six years from when you subscribed to receiving marketing information from us or until you unsubscribe from receiving such correspondence from us (whichever is earlier).
7. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
7.1 In accordance with data protection legislation, we are required to notify you of the legal basis upon which we process your personal data. We process your personal data for the following reasons:
7.1.1 for performance of a contract we enter into with you;
7.1.2 where necessary for compliance with a legal obligation we are subject to; and
7.1.3 for our legitimate interests (as described within this policy).
7.2 We will also process your personal data, including personal sensitive data, where we have obtained your explicit consent.
8. DISCLOSURE OF YOUR DATA TO THIRD PARTIES
8.1 On any occasion where we may disclose your personal data to third parties, we enter a contract with these parties and impose contractual obligations on them to ensure the following:
8.1.1 they only process the personal data on the documented instructions of us (the controller)
8.1.2 they only use staff and other persons who have a duty of confidentiality with regard to the data
8.1.3 they comply with security obligations equivalent to those imposed on the controller under the UK GDPR
8.1.4 they notify the controller of any breach in relation to the personal data shared by the controller
8.1.5 they seek the permission of us, the controller, if they wish to enlist a sub-processor.
8.2 In addition to the third parties mentioned previously in this policy, we may disclose your personal data to third parties for the following legitimate business purposes:
8.2.1 staff members in order to facilitate the provision of services to you;
8.2.2 IT software providers that host our website and store data on our behalf; and
8.2.3 service providers who provide us with software solutions and platforms in order to carry out our business and provide services (including, without limitation, open banking services); and
8.2.4 to a prospective buyer (including where we may transfer or merge) some or all of our business or assets, in which case personal data including Your Data will also be one of the transferred assets. The recipient of the information will be bound by confidentiality obligations. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
8.3 take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors, e.g. in relation to ISO accreditation and the audit of our accounts.
8.4 We may disclose your personal data to the police, regulatory bodies, legal advisers or similar third parties where we are under a legal duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8.5. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8.6. We will not sell or distribute your personal data to other organisations without your approval.
9. CROSS-BORDER DATA TRANSFERS
9.1 We share your personal information with external third parties in order to provide our services to you. Some of these parties may transfer personal data outside the United Kingdom. We require such third parties to ensure that such transfers take place in accordance with data protection legislation.
9.2 Whenever we transfer your personal data out of the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data;
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
9.3 Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
10. DATA SECURITY
10.1 We have put in place appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10.2 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
10.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk. If you would like detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
11. ACCESS TO, UPDATING, DELETING AND RESTRICTING USE OF YOUR DATA
11.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
11.2 Data protection legislation gives you certain rights in relation to your personal data.
You have the right to object to the processing of your personal data in certain circumstances and to withdraw your consent to the processing of your personal data where this has been provided.
11.3 You can also ask us to undertake the following:
11.3.1 request access (Article 18 UK GDPR) to your personal data (more commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
11.3.2 request correction (Article 16 of UK GDPR) of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
11.3.3 request erasure (Article 17 UK GDPR) of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully of where we are required to erase your personal data to comply with local law. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
11.3.4 object to processing (Article 21 UK GDPR) of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
11.3.5. request restriction (Article 18 UK GDPR) of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
11.3.6 request the transfer (Article 20 UK GDPR) of your personal data to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to provide contact with you.
11.3.7 We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11.4 Please send any requests relating to the above to our Privacy Officer, details of whom can be found at section 13 of this policy, specifying your name and the action you would like us to undertake.
12. RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, processing and transfer of your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of data processing based on consent before it is withdrawn. To withdraw your consent please contact us at info@henrydannell.co.uk or call 0204 5999 444.
13. CHANGES TO OUR PRIVACY POLICY
We reserve the right to update this Privacy Policy at any time, and any changes we make to our Privacy Policy will be posted on this page. We will notify you if there are any changes to this policy that materially affect how we collect, store or process your personal data. This version of our Privacy Policy was last updated on 1 June 2023. Historic versions can be found by contacting us. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent where required by applicable law or regulation.
14. CONTACT US
We have appointed a Privacy Officer to oversee compliance with this Privacy Policy. If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer/Data Privacy Manager in one of the following ways:
- Name: Kem Kemal
- Email address: info@henrydannell.co.uk
- Postal address: Henry Dannell Private Clients Limited, First Floor, Tabard Words, 6-12 Tabard Street, London, SE1 4JU
- Telephone number: 0204 5999 444
This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied with our response to any issues you raise at https://ico.org.uk/global/contact-us/
Last updated: June 2023