This Privacy Policy contains important information about what personal details we hold; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.

We will only use your personal details when it’s necessary in order to provide the product or service you have requested or for us to meet our legal or regulatory obligations

In order to facilitate the processing of any business, we will need to hold the following information about you:

  • Who you are e.g. your name, date of birth and contact details.
  • Details connected with advice given or investments that we arrange, such as your bank account details.
  • Data verification documents to meet Anti-Money Laundering requirements, such as a copy of your passport or a recent utility bill.
  • Historical data relating to our contact with you e.g. meetings, phone calls, emails and letters which are a necessary part of being able to advise you.
  • ‘Sensitive’ personal information e.g. relating to your health, marital or civil partnership status. This information will only be collected and used where it’s needed to provide the product or service you have requested or to comply with our legal obligations.
  • Details about joint applicants or beneficiaries.
  • Where appropriate, the personal details of your children, for example, where a child is named as a beneficiary or where investments are made on their behalf.

We would typically gather this personal information directly from you through meetings, phone conversations, written correspondence or application forms.

If you do not wish us to use your personal information in these ways, we will be unable to provide you with advice, services.

We will need to share your information with some third parties, including:

  • Companies we have chosen for the products and services we offer to you.
  • Our regulators and Supervisory Authority, namely the Financial Conduct Authority (FCA), or the Information Commissioner’s Office
  • Law enforcement, credit and identity check agencies for the prevention and detection of crime
  • HM Revenue & Customs (HMRC), by way of example for the processing of tax relief on pension payments or the prevention of tax avoidance

We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.

We will only share your personal data when we are carrying out transactions that you have authorised, so we have a lawful basis for processing your personal data, referred to as “compliance with a legal obligation”.

Similarly, your consent to carry out any transactions is a condition of service, as our recommendations will only be executed on receipt of your written confirmation to proceed.

We will keep your personal information as long as required in order to meet our legal and regulatory obligations.

The majority of your information is processed in the UK and European Economic Area (EEA). However, some of your information may be processed by the third parties we work with outside of the EEA.

We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which we hold, or is recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.

Your information is protected by procedures designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake training on this.

You have several rights in relation to how MDFM uses your information. These are:

Right to be informed: You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with – we do this in our Privacy Policy and privacy notices.

Right of access: You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR).

Right to request that your personal information be rectified: If your personal information is inaccurate or incomplete, you can request that it is corrected.

Right to be forgotten: You can ask for your information to be deleted or removed if there is not a compelling reason for MDFM to continue to hold it. Please be aware that in most cases where advice has been given, we are required to hold this indefinitely.

Right to restrict processing: You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but we will ensure that we do not use it in the future for those reasons you have specified.

Right to data portability: You can ask for a copy of your personal information for your own purposes to use across different services.  In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way.

We will always strive to gather, use and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in our Privacy Policy, or have any questions about our Privacy Policy, please contact our Data Controller, John Davey, on 020 7588 2378 or email john.davey@mdfm.co.uk.

If you are still unhappy, you can complain to our Supervisory Authority – the ICO. Details of how to “Report a Concern” can be found at: https://ico.org.uk/concerns