Client Privacy Policy Statement

Introduction

Ellis Bates Group takes your privacy very seriously and we are committed to protecting your personal information. 

This Privacy Policy Statement sets out how we use and look after the personal information we collect from you. We are the data controller, responsible for the processing of any personal data you give us. We take reasonable care to keep your information secure and to prevent any unauthorised access to or use of it. By providing us with your data, you warrant to us that you are over 13 years of age. 

Who are ‘we’?

In this notice, whenever you see the words “we”, “us” or “our”, we mean any of the Ellis Bates Group of Companies. These include Ellis Bates Financial Solutions Ltd, Ellis Bates Wealth Management Ltd and Ellis Bates Legal Solutions Ltd. 

The effective date of this privacy notice is from the 1st November 2022 

Introduction

  • By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy. 
  • By completing our marketing opt-in form, you are agreeing to receive email-marketing communications. 
  • By using our client portal and agreeing to this policy, you consent to the storage and processing of any personal data provided. 

What personal data do we hold on you?

Personal data means any information about an individual, from which that individual can be identified.  We collect, use, store and transfer personal data whenever you interact with us whether that be through face-to-face meetings, by phone, email, in writing, social media, the use of our website or other methods. 

When permitted, or authorised by law, we may also receive information about you from third parties such as business partners, credit or fraud checking agencies, as well as other third parties with whom we have had no prior contact. 

Clients

If you are our client, or intend to become our client, we need to build up a detailed picture of your current personal and financial position, so we can deliver financial planning services in fulfilment of our contract with you.  The information we hold may include: 

  • Detailed information about who you are, e.g. your name, date of birth, contact details, national insurance number, place of work, previous addresses. 
  • Information about children and other family members where it is relevant to your financial plan. In these cases, we will assume that you have their consent. 
  • Financial information including employment status, details of your income, expenditure, assets, bank accounts and other financial products. 
  • Information about your interests and/or hobbies. 
  • Information classified as ‘sensitive’ personal information e.g. relating to your health, marital or civil partnership status. 
  • Information that is automatically collected, e.g. via cookies when you visit our website, or Ellis Bates advertisements. 
  • Details of all written, email and telephone communication. 

The ‘soft opt-in’

Although organisations can generally only send marketing texts or emails with specific consent, there is an exception to this rule for existing customers, known as the ‘soft opt-in’. This means we can send you marketing texts or emails if: 

  • we have obtained your contact details in the course of a sale of product or service with you 
  • we are only marketing similar products or services; 
  • and we gave you a simple opportunity to refuse or opt out of marketing, both when first collecting the details and in every message after that. 

Prospective Clients and Professional Contacts 

In certain situations, we also hold less detailed personal information about prospective clients and other professionals who we work with.  The information we hold may include: 

  • Information about who you are, e.g. your name, place of work and contact details. 
  • Information about your appetite to risk and financial goals. 
  • Information that is automatically collected, e.g. via cookies when you visit our website. 
  • Details of all written, email and telephone communication. 

Sensitive Data

Sensitive data refers to data that may include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences and only collect information about the above if it is needed for us to provide our services. 

You are not obliged to share sensitive personal data (or any personal data) and must give us explicit consent to process this type of data.  However, without your consent, it is unlikely that we will be able to fulfil our contract to you and would most likely have to terminate any agreement we have in place with you to provide any of our services.  If we are unable to provide these services, we will notify you at the time. 

Why we need your personal data

As an active client, we have a contractual obligation to you to provide planning and investment services for which we need to collect detailed information about you.  As stated above, this could include ‘sensitive’ personal information for which you must also give your explicit consent if you want us to process this data. 

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.  We have also identified what our legitimate interests are, where appropriate.

Data Subject  Purpose / Processing Activity  Lawful Basis for processing 
Client  Processing personal & financial data in relation to providing financial planning services  Performance of a contract 
Client  Processing ‘sensitive’ personal information in relation to providing financial planning services  Consent 
Client  Sharing information with product providers and service providers where you have purchased their services and/or products  Performance of a contract 
Client  Sharing data with third-party service providers, providing services to EBG  Legitimate interest.  Provision of third party services are for the benefit of the company and its clients. 
Client  Sending out marketing information such as newsletters and market updates  Legitimate interest in keeping clients up to date in relation to products or services. You can opt out of this at any time. 
Client  Creating and distributing regular account communications including annual statements, reports, market and portfolio updates   Performance of contract  
Prospects
Professional Contacts 
Sending out marketing information such as newsletters and investment updates.  Consent
You can opt out at any time 
Client
Prospects
Professional Connections 
Processing analytical information about your use of our website and online services such as your IP address, details of your browser and/or device, length of your visit to website and which pages you have visited.  Opt in to our Privacy Policy.  This enables us to properly administer our website and our business. 

You will need to turn off analytical cookies to opt out of this 

Marketing Communications

Under the Privacy and Electronic Communications Regulations (PECR), we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and you have not opted out of receiving such communications since. 

Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time. 

You can ask to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at unsubscribe@ellisbates.com

If you opt out of receiving marketing communications, this opt-out does not apply to personal data provided for other purposes such as the ongoing delivery and servicing and investment services. 

Who we share your personal data with

We may have to share your personal data with the parties set out below: 

  • Service providers who provide IT and system administration services. 
  • Service providers who provide marketing or PR services to us. 
  • Service providers who provide compliance and legal services to us. 
  • Professional advisers including solicitors, bankers, auditors and insurers. 
  • Government bodies that require us to report processing activities. 
  • Fraud prevention agencies 

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. 

Please see section on Third Parties and Channel Pixels below for further information.

International Transfers

We do not envisage that the performance by us of our service will involve Your Personal Data being transferred outside of the European Economic Area. 

However, should this be necessary in performance of our service to you, we will ensure that an adequate level of protection has been established as follows: 

  • That the country (or industry sector within that country) of the recipient is on the EU approved list of countries as set out in the Official Journal of the European Union;  
  • The country of the recipient has adequate data protection controls by virtue of legal or self-regulatory regime; 
  • We have a contract in place, which uses either existing or approved data protection clauses to ensure adequate protection; 
  • We are making the transfer under approved binding corporate rules; 
  • We are relying on an exemption set out in Article 49 of the GDPR 
  • We are relying on approved codes of conduct or certification mechanisms, together with binding and enforceable commitments in the third country or international organisation to apply the appropriate safeguards in relation to data subject rights. 

Data Security

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential. 

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to. 

How long we hold your personal data

Prospect Data

Once you have contacted Ellis Bates, no matter what the channel, and opted into our Privacy Policy, we will keep your data for 3 years. If you become a client of Ellis Bates before that date the below will apply. 

If you have not become a client of Ellis Bates at the end of that 3-year period, we will delete your account.   

Client Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

If you cease to be a client of the Ellis Bates Group, we will ‘deactivate’ your data, which means your data will be held on record in alignment with Financial Conduct Authority rules and regulations but cease to actively process your data in terms of marketing, and account servicing. In addition, due to the potential of civil actions in the courts, there is usually an overall “long-stop” requirement that the matter complained about should have happened within the last 15 years. This limitation does not apply to complaints to the Financial Ombudsman Service where is no 15-year “long-stop” rule in the complaints-handling rules made under the Financial Services and Markets Act and the Consumer Credit Act and we, therefore, need to maintain records of advice provided indefinitely in most cases. 

Enquiry Handling and Call Recording in relation to your Personal Data

On contacting Ellis Bates you will be asked to complete a form which will include your name, email, telephone number and nature of your enquiry. At this point you will be advised that a member of our enquiry team will be calling you and we ask you to read and confirm acceptance of this Privacy Policy. Calls from the enquiry team are recorded, to ensure we remain fully compliant with FCA regulations regarding vulnerability and their code of conduct in handling financial enquiries, consumer duty requirements and for training purposes. We will hold this recording for 30 days if your enquiry does not progress further, at which point it will be deleted. 

Should your enquiry progress further and the information contained in the call is pertinent to the progression of your becoming a client with Ellis Bates, we will treat this as we do your other personal data. 

You are able to request access to this recording in the procedure shown below.  

Your rights regarding your personal data

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent. 

You can see more about these rights at: 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise any of the rights above, please email us at DPO@ellisbates.com

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee (or refuse to comply with your request) if your request is clearly unfounded, repetitive, or excessive. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within the initial month. 

If you think your data has been misused or that we have not kept it secure, you should contact us in the first instance at 

FAO Steven Thompson, The Data Protection Officer
Ellis Bates
Clarendon House
Harrogate HG1 1JD
Tel 01423 520 052 DPO@ellisbates.com 

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues https://www.gov.uk/data-protection/make-a-complaint

Third-Party Links and Channel Pixels

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. 

Current third-party links and channel pixels include 

  • Google Analytics 
  • Social media platforms 
  • WordPress 
  • Mailchimp 
  • Mailpoet 
  • Unbounce 

What are cookies?

A cookie is a small file that is saved on to your computer or other device when you visit our website so the website can remember who you are. All websites use cookies, and they can help a website to arrange content to match your preferred interests more quickly. 

Cookies cannot be used by themselves to identify you and we do not use cookies on our website to modify prices or services specific to you. We use them to understand how the website is being used so that we can make improvements. 

A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number. 

The cookies on our website provide three main functions:

  • Maintain user preferences
  • Statistical reporting
  • Deliver embedded content from 3rd party sites.

Two types of cookies are used by us on our site: 

  • Session Cookies: which are temporary cookies that remain in the cookie file of your browser until you leave the site; and 
  • Persistent cookies: which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie). 

Session Cookies allow you to carry information across pages of our site and avoid having to re-enter information and to allow you to access stored information. 

Persistent Cookies help us recognise you as a unique visitor (just a number) when you return to our website and to allow us to assess and understand our content, which pages are being visited and how long visitors spend on each page.  We specifically use Channel Pixels and Google Analytics for this. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. 

On using our website you will see a cookie banner appear like this

This gives you control over your use of cookies, being able to accept, reject or choose cookies and the duration these preferences are stored. 

Your cookie information is stored within cookie-compliance.co and you are free to read their particular privacy policy terms in addition to our own.  

Please note that third parties may also use cookies, over which we have no control. 

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. 

Our details 

This website is owned and operated by The Ellis Bates Group Ltd. under registration numbers: 

  • Ellis Bates Financial Solutions Limited (EBFSL). Company Reg Number: 1655955. Registered in England. 
  • Ellis Bates Wealth Management Limited (EBWML). Company Reg Number: 09052815. Registered in England. 

Our principal place of business is Clarendon House, Victoria Ave, Harrogate, North Yorkshire, HG1 1JD. 

You can contact us: 

(a)           by post, using the postal address given above
(b)           using our website contact form https://www.ellisbates.com/get-in-touch/ 
(c)           by telephone, on 01423 520 052
(d)           by email, using harrogate@ellisbatesgroup.com 

Data protection officer 

Our data protection officer’s contact details are:
Data Protection Officer, Clarendon House, Victoria Ave, Harrogate, North Yorkshire, HG1 1JD.