Privacy Policy

INTRODUCTION

The EB Partnership London Limited (“The EB Partnership”) is dedicated to protecting the confidentiality and privacy of information entrusted to us.  Please read this Privacy Notice to learn about your rights, what information we collect, how we use and protect it.

This notice applies to any personal data we hold about individuals (other than staff), whether they are a client or otherwise.  In this notice “you” refers to any individual whose personal data we hold or process (i.e.: to you as an individual client, or to you as an employee of one of our business clients).  “Personal data” means information that relates to you as an identified or identifiable person. 

This notice is governed by the EU General Data Protection Regulation (the “GDPR”).

WHO WE ARE

This Privacy Notice applies to The EB Partnership, including EB Wealth, a trading style of the firm.  This Privacy Notice explains to you what decisions we have taken in relation to Personal Data that we hold.

The EB Partnership London Limited is an Appointed Representative of Bond Wealth Ltd, which is authorised and regulated by the Financial Conduct Authority.  The EB Partnership is registered, and operates, in England & Wales: registered number 08977367.

WHO CAN YOU CONTACT FOR PRIVACY QUESTIONS OR CONCERNS?

If you have you have questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to: Data Protection Manager, The EB Partnership, Apsley House, 176 Upper Richmond Road, London, SW15 2SH or email enquiries@theebpartnership.co.uk.  We aim to respond within 30 days from the date we receive privacy-related communications.

You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.

LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

We may rely on the following lawful reasons when we collect and process your personal data to operate our business and provide our products and services.

  • To fulfil a contract we have with you;

  • You have provided your consent for the processing of data;

  • When it is in our legitimate interests - we may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced, including delivering the professional services our clients have engaged us to provide; or

  • To comply with legal and regulatory obligations.

WHAT INFORMATION DO WE COLLECT ABOUT YOU?

We may collect and process the following categories of personal data about you. 

Financial : Your financial position, status and history.

Contact : Your name, where you live and how to contact you, as well as emergency contact details.

Socio-Demographic : Your gender, marital status, nationality, education.

Transactional : Details about payments to and from your accounts with us and third parties.

Contractual : Details about the products or services we provide to you.

Behavioural : Details about how you use products and services from us and other organisations.

Communications : What we learn about you from letters and emails you write to us, meetings and other communication between us, including telephone calls which may be recorded.

Family and beneficiary : Marital status, dependants, and other relationships, including names and dates of birth

Know Your Client : Details about you that are we may gain access to via a third party provider to verify your identity.

National Identifier : A number or code given to you by a government to identify who you are, such as a National Insurance or social security number, or Tax Identification Number (TIN).

Documentary Data : Details about you that are stored in documents in different formats, or copies of them.  This could include things like your passport, proof of address or share certificates.

Special categories of data : The law and other regulations treat some types of personal information as special, including health data, which we may use in the context of advising on insurance, pensions and similar products.

Consents : Any consents that you may give us and the data provided with your consent e.g., testimonials published on our website. 

HOW DO WE COLLECT PERSONAL DATA?

Directly.  We obtain personal data directly from individuals in a variety of ways, including data provided on the application forms for the various services we offer; when you talk to us on the phone, including recorded calls and notes we make; or via other correspondence. 

Indirectly.  We obtain personal data indirectly about individuals from a variety of sources, including the following:  

  • Business clients -- if your employer is a business client of ours, then your employer may provide personal data about you to us in order for us to deliver our services to you;

  • Service providers - this will include pension and other providers that we conduct business with on your behalf or your existing / previous providers that you have provided consent for us to contact;

  • Other third party providers – this may include credit reference agencies to verify your identity; product providers where you have appointed us as advisers or as an authorised point of contact to deal with your pensions, insurances and investments on your behalf; cloud-based service providers relating to the administration and management of employee benefits or personal finances.

You do not have to supply any personal information to us but our services may not be operable in practice without providing data to us.

WHAT WE USE YOUR PERSONAL DATA FOR

We use personal information for the purpose for which it has been provided to us, or to fulfil legal or regulatory requirements if necessary.  We have a legitimate interest in holding and processing information provided to us in order to provide our services and up-to-date advice, as well as manage our relationship with you or your business.

SHARING YOUR INFORMATION

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.  We may share your information with certain suppliers or other group companies who are assisting us with the management of employee benefits, IT services.

We will share your personal information with other entities in our group i.e., Bond Wealth Ltd, as part of our regular reporting activities on company performance and to enable them to assess if we are conducting our business in line with the requirement of the Financial Conduct Authority.

Where we do supply your personal data to a third party, they will only be authorised to process it for specified purposes and not for use for their own purposes.

SECURITY

We have put in place appropriate measures to protect the security of your information, including the provision of annual training and testing for all our employees.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

We will retain an individual’s personal data for so long as the purpose the individual has provided it for still exists, unless a longer retention period is required or permitted by law, including:

  • To respond to a question or complaint, or to show whether we gave you fair treatment.

  • To obey rules that apply to us about keeping records, generally 3-10 years.

We may also keep your data for longer than 10 years if we cannot delete it for other legal, regulatory or technical reasons.  As an example, in some circumstances we may be required to hold pension transfer information indefinitely.

For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data.

We will only use your personal information for those purposes and will make sure that your privacy is protected at all times.

YOUR PRIVACY RIGHTS

The GDPR gives you the following rights in respect of personal data we hold about you:

The right of access : You have the right to see personal data that is held about you and a right to have a copy provided to you.

The right to correction : If at any point you believe that the personal data we hold about you in inaccurate, you can ask to have it corrected.  

The right to erasure (the ‘right to be forgotten’) : You may ask us to delete or remove personal data if there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), if we may have processed your information unlawfully or if we are required to delete your personal data to comply with local law.

We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

The right to object to processing : Unless we have overriding legitimate grounds for such processing, you may object to us using your personal data if you feel your fundamental rights and freedoms are impacted.

The right to restrict processing : You can request that we no longer process your personal data in certain ways, whilst not requiring us to delete the same data.

The right to data portability : You can request the transfer of your personal information to another party (where technically possible).

Right to withdraw consent : If we are relying on your consent as the basis on which we are processing your personal data, you have the right to withdraw your consent at any time.

If you would like to exercise any of your above rights, please contact the Data Protection Manager in writing (or email) as detailed above.

We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).

DATA BREACHES

If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and our Data Protection Manager.

If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.

OTHER WEBSITES

Our websites may contain links and references to other websites.  Please be aware that this notice does not apply to those websites.  Please review the destination websites’ privacy policies before submitting personal data on those sites. In addition, if you came to us via a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site.

TRANSFERRING YOUR INFORMATION OUTSIDE EUROPE

We store personal data on servers located in the European Economic Area (EEA) and transfer data to other parties within the EEA.  There are certain cases where your employer (where you are an employee of a business client) may request we transfer your personal data to another company in contract with them or within their group of companies that is situated outside the EEA.  We carry out these requests on the understanding that your employer in their capacity as the “data controller”, can provide “sufficient guarantees” that the requirements of the GDPR will be met and that your rights will be protected.

NOTIFICATION OF CHANGES TO THE CONTENTS OF THIS NOTICE

We will post details of any changes to our policy to our website, to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.

POLICY TOWARDS CHILDREN

Our services are not intended for and should not be accessed by individuals under 16. Our policy is not to intentionally or knowingly collect, process, maintain or use personal information from any individual under the age of 16.