Personal Data: Personal data means data relating to a living individual, who is, or can be identified from the data and includes;
Personal details, Family and lifestyle details, Education and training, Employment details, Financial details, Contractual details (for example, goods and services provided to a data subject), Online identifiers (IP addresses, cookies)
Sensitive Personal Data
Sensitive personal data is “special categories of personal data” and specifically include medical data. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing
Medical details, political opinions, religious / philosophical beliefs, trade union membership, data concerning health or sex life and sexual orientation, race / ethnic origin, genetic data, biometric data
Automated and Manual Data
Automated Data means information that is being collected or processed by e.g. a computer, operating automatically in response to instructions given for that purpose. Manual Data means information that is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system.
Privacy by Design states that any action the firm undertakes that involves processing personal data must be done with data protection and privacy in mind at every step. This includes internal projects, product development, software development, IT systems, and much more. In practice, this means that the IT department, or any department that processes personal data, must ensure that privacy is built in to a system during the whole life cycle of the system or process, rather than tagging security or privacy features on at the end of the process
Privacy by Default means that once a product or service has been released to the public, the strictest privacy settings should apply by default, without any manual input from the end user or data subject. In addition, any personal data provided by the data subject, to enable a product's optimal use should only be kept for the amount of time necessary to provide the product or service. If more information than necessary to provide the service is disclosed, then "Privacy by Default" has been breached.
Requirements by Law
We must have a lawful basis to collect and use Personal Data. The Data Protection Principles require that we process all personal data lawfully, fairly and in a transparent manner. The individual’s right to be informed requires us to provide information about our lawful basis for processing their data and means we need to include these details in our privacy notice.We must determine the lawful basis before we begin processing
The individual must be informed of the purpose for processing their data before we begin such processing. We must take care to get it right first time. The data processing should be relevant, adequate and limited to what is necessary for its purpose. If we can reasonably achieve the same purpose without the processing, then we don’t have a lawful basis.
Request to swap the original purpose
We should not seek to swap to a different lawful basis at a later date without good reason and must always consult the Compliance Officer in any such instance. Should it be deemed necessary for the lawful purpose to change, it may be possible to continue processing under the original lawful basis if the new purpose is compatible with the initial purpose (unless the original lawful basis was Consent).
Processing Special Category Data
We need to identify both a lawful basis for general processing and an additional condition for processing this type of data. In order to lawfully process special category data, identify both a lawful basis under Article 6 and a separate condition for processing special category data under Article 9. NOTE: These do not have to be linked.
The lawful bases for processing include:
Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
Legal Obligation: the processing is necessary for us to comply with the law Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
We need to collect and use personal data to provide a contract which may include a living individual’s; name, date of birth, contact details, bank account details, financial information, health details, employment details, pension and salary information, Personal data needed for plan contracts is held and used to; Process an application. issue your solutions, provide information about your plans, provide customer care and service, contact and inform of relevant actions that may need to be taken
Required By Law:
We use personal data to comply with law and regulations; reporting to regulators, maintaining proper records, Internal reporting, quality checking, compliance controls and audits to help meet our regulatory obligations. We must collect certain personal information to comply with Anti-Money Laundering law (Up to date proof of identification and address)
Customer Due Diligence (Financial Sanctions / Politically Exposed Persons (PEP’s) / searches of publicly available information)
tax residence information and tax identification number for tax reporting
Personal and financial information in order to complete a financial plan and recommend the most suitable course of action for a client. This involves creating new and assumed personal information, and we will check to see if a customer record already exists.
We use a living individual’s personal information for our legitimate interests which we believe benefit our customers. We also receive and access information from product producers in order to provide better advice and customer care. We must maintain a record of our assessment so as to demonstrate that we have given proper consideration to the rights and freedoms of individuals involved.
Employment data processing
Fraud and financial crime detection and prevention (AML requirements)
Processing for the purposes of ensuring network and information security, including preventing unauthorised access to electronic communications networks and stopping damage to computer and electronic communication systems
Compliance with law enforcement, court and regulatory requirements
To comply with industry practices (issued by Financial Action Task Force (FATF), AML Principles etc)
Communications & marketing - Direct Marketing OR using summary information to help promote services
We require consent from a living individual for us to collect and use personal data. We must explain what we need it for and how they can withdraw consent if they change their mind in the future. It must be as easy for them to withdraw their consent as it is to give it.
We must be able to demonstrate that the individual owner of that personal data gave their informed, unambiguous and proactive consent to the processing and we bear the burden of proof that consent was validly obtained. The individual shall also have the right to withdraw their consent at any time, has the right to be forgotten.
The execution of a contract or the provision of a service cannot be conditional on consent to processing or use of data that is not necessary for the execution of the contract or the provision of the service.
Living Individuals provide us with their personal information directly when they contact us, complete our forms, speak with us or visit our website, our social media accounts. For more information on what personal information is collected and used on our website please see our Web Privacy.
We also get personal information from solicitors, employers, and regulators and create new personal information about data subjects based on information they have given us and through their interactions with us.
We pass personal information to; Data processors:
Companies that act as service providers under contract with us and only process personal information as instructed by us. All personal information is transferred securely and is not used by other parties for any other reason.
The categories of services that we use other Data Processors for include; document management, administration, customer services, marketing, Financial Sanctions and PEP checks to comply with Anti-Money Laundering rules and to maintain a list of identified high-risk customers, to comply with legal obligations.
Product Producers/Platforms & Custodians
We pass personal information to product producers or Platforms with whom we partner with, in order to arrange transactions agreed with our customers.
Investment Service Providers;
We pass personal information to investment service providers where our customers want to access specialist investment services through their plan e.g. Stockbroker or Online Trading Platform.
We pass personal information to Regulators and the Revenue Commissioners or as needed to comply with regulations and laws.
We pass personal information to third parties, including other companies with whom we have business arrangements, with the recorded consent of the data subject.
All personal information is processed and stored within the EU.
We keep and use personal information for as long as a living individual has a relationship with us.
We also hold it after this where we need to for complaints handling, for system back-ups needed for disaster recovery and for as long as we have to under regulations. We confirm to a living individual how long we will keep personal information for when they avail of a single or specific service such as a quote or call-back on our website.
Living individuals have a number of rights over their personal information which they can exercise free of charge by contacting us. We will need to verify the identity the data subject in line with our normal DP checks and we will respond within one month in line with the GDPR regulation. Any restrictions to their rights will be explained in our response.
Right to Information
The information set out in our Privacy Notice. If we update the Privacy Notice, if we change the type of personal information we collect and / or change how we use it, we need to inform the living individual. We have controls in place to protect all personal information and minimize the risk of security breaches. However should any breaches result in a high risk for the data subject, we will inform them without delay.
Right to Restrict or Object
Living individuals can restrict or object to any unfair and unlawful collection or use of their personal information. They can object to any automated decision making that has a legal or similar significant impact for them and ask for the decision to be made by a person. They can withdraw consent and object to, for example, direct marketing.
Right to Correct and Update
Living individuals can ask us to correct and update personal information we hold about them. In order to provide them with the best service it is important we have their correct personal information, such as contact details.
Right to Delete and Be Forgotten
Living individuals can have their personal information deleted if it is incorrect or has been processed unfairly or unlawfully. If they have withdrawn consent they can ask for their personal information to be deleted. We will keep a record of their request so we know why their personal information was deleted. If we have provided a regulated product or service to them, we must keep their personal information for a minimum period by law (e.g. 7 years).
Right to Portability
Living individuals can ask for a copy of all personal information that they gave us (including through their interactions with us), and which we hold in an automated format. Living individuals can receive this in a machine readable format that allows them to keep it. They may also request us to send this personal information in a machine readable format to another company. The format will depend on our ability to provide this in a secure way that protects all the personal information. We will not likely be able to use a copy of any personal information sent to us in this way from another company because we can only collect personal information that we need.
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, mailing address or other details to help you with your experience.
When do we collect information?
We collect information from you when you subscribe to a newsletter or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
• To personalize user's experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To improve our website in order to better serve you.
• To send periodic emails regarding your order or other products and services.
How do we protect visitor information?
We do not use vulnerability scanning and/or scanning to PCI standards.
We only provide articles and information. We never ask for personal or private information like email addresses or credit card numbers.
We do not use Malware Scanning.
We do not use an SSL certificate
• We do not need an SSL because:
We do not store or transfer any private data
Do we use 'cookies'?
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled that make your site experience more efficient and some of our services will not function properly.
However, you can still place orders .
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have not enabled Google AdSense on our site but we may do so in the future.
Online Privacy Protection Act
According to CalOPPA we agree to the following:
Users can visit our site anonymously.
Users are able to change their personal information:
• By emailing us
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via in-site notification
• Within 7 business days
We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
To be in accordance with CANSPAM we agree to the following:
If at any time you would like to unsubscribe from receiving future emails, you can email us at
and we will promptly remove you from ALL correspondence.