1. Introduction – Who We Are and How to Contact Us
PENFOLD SAVINGS LIMITED or 'us' or 'we' refers to the owner of the Website whose registered office is 1 Long Lane, London, SE1 4PG. Our company registration number is 11668244. The term 'you' or 'your' refers to the user or viewer of our Website.
To contact us, please email us at firstname.lastname@example.org or via Live Chat on our website.
1.1 Data Controller
We are the controller of and are responsible for your personal data.
However, our custodian partner Seccl Custody Limited (registered number 10430958) will also be owners or controller of the data you pass through us to them for the purposes of operating your Penfold Pension. We will let you know any other entity that will be the controller for your data when you open a Penfold Pension.
1.2 Data protection manager
This privacy notice sets out the processing practices in relation to personal data which is collected, stored and retained through the use of this Website and any other electronic communications by us, which is the data controller for that data.
Your right to privacy is important to us. This privacy notice sets out how we use and protect any information that you give us when you use this website. We are keen to strike a fair balance between your personal privacy and ensuring that you obtain full market value from the internet and other products and services we may market to you.
If you do not agree to the following policy, you may wish to cease viewing/using this Website, and or refrain from submitting your personal data to us. This may mean we cannot provide services to you, and we may have to close any pension plans or accounts.
We may change this notice from time to time by updating this policy. You should check the Website page it is located on, from time to time to ensure that you are happy with any changes.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
3. Your rights
If you have any requests concerning your personal data or any queries with regard to this notice, please contact us through the Contact Us section of our Website. We are registered with the Information Commissioner’s Office (ICO); our Registration number: ZA505781. Information on the Data Protection Act 2018 and the General Data Protection Regulation (the GDPR) is also available on the Information Commissioner's website at https://ico.org.uk/. Under the GDPR, your individual rights in relation to your personal data are as follows (you can read more about your rights in detail here;
4. Subject access rights
You have a right to a copy of and details of the personal data we hold about you. To obtain a copy of this, please contact us using the details set out in the Contact Us section of our Website. No charge will normally be made by us for providing this information. If your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
5. Personal data we collect
We collect your personal data typically when you register for our services, make a purchase, enter a sales promotion or otherwise interact with us. Below are examples of the categories of the data we collect on you.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
6. If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
7. Purposes for which we will use your data
We have set out in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity: To register you as a new customer
Purpose/Activity: To process and deliver your instructions and Penfold Pension, and orders including (a) Manage payments, fees and charges, (b) Collect and recover money owed to us our partners or due to you, (c) give effect to your instructions
Purpose/Activity: To enable you to take part in marketing activity including a prize draw, competition or complete a survey
Purpose/Activity: To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Purpose/Activity: To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Purpose/Activity: To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Purpose/Activity: To make suggestions and recommendations to you about goods or services that may be of interest to you
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
8.1 Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or opened an account with us and you have not opted out of receiving that marketing.
8.2 Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
8.3 Opting out
You can ask us or third parties to stop sending you marketing messages at any time by letting us know through the Contact Us section of our website or by following the opt-out links on any marketing message sent to you.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of for other purposes.
9. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
10. Technical Information
For the most part, you may visit our website without having to identify yourself. However, certain technical information is normally collected by us as a standard part of our services. This information relates to your IP address, information about your device and other technical information your browser provides us with, and data about your use of our website (such as when you use the website and how you interact with its content). If you call us, additional information such as your telephone number may be saved as a standard part of that communication.
11. Information you provide to us
To allow us to provide you with the products and services you have requested, or to communicate with you, we may ask you to provide us with certain information such as your name, date of birth or age, email address, home or postal address, or financial situation. In registering for our services, you may create usernames, passwords and other credentials that we use to authenticate you and to validate your actions. You may send us copies of your personal identity documents or details about other financial products to which you may be a party.
Our services may ask you to submit information about other people, for example, members of your family or household, or a beneficiary of a product. You may also indirectly provide us with information through your consents, preferences and feedback.
11.1 Your transactions with us
We collect details of the queries or requests you have made, the products and services provided (including delivery details), purchasing details (including payments made, credit card details, billing address, credit checks and other such financial information), details of agreements between us, records of contacts and communications, information and details relating to the content you have provided us with and other such transactional information. We may, in accordance with applicable law, record your communication with our customer care team or with other similar contact points.
11.2 Location data
Certain services may involve the use of your location data. Use of your location data is, however, subject to your prior consent for each service.
Personal data obtained from third parties. We may obtain personal data about you from third party sources such as social media analytics, and from the following partners: Contego Solutions Limited (trading as “Northrow”) (company registered number 7358038).
11.3 How do we secure your personal data?
We have robust procedures in place within our business:
11.4 How long do we keep personal data?
We will keep your personal data only for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we collected it. In general, we will delete redundant account information within 14 days of our relationship ending. However, we are obliged to keep certain records of our relationship to comply with the FCA’s and other regulatory rules, in which case we will instead restrict access through our archiving processes. Subject to any actual or potential legal claim or regulatory investigation, the maximum time that we envisage retaining any of your information is seven years from the date our relationship with you ends, after which time it will be destroyed.
Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information. If you do notify us that you no longer wish to receive marketing information, we will keep an encrypted version of your contact information to ensure we respect your wishes.
12. Other websites
Our website may contain links to other websites which are outside the control of Penfold and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy notice which may be different to the privacy notice of Penfold. You should exercise caution and look at the privacy notice applicable to the website in question.
13. Transfers of your personal data
We may transfer your personal data to the third parties noted below, or as required by law.
Material service providers. We may transfer your personal data to the following third parties who provide us with a material service:
Event-driven transfers. We may transfer your personal data to third parties in certain events where it is necessary to protect your, or our, legitimate interests. This includes the cessation, sale or transfer of our business, civil or criminal legal, or regulatory, proceedings or insurance claims.
International transfers. Our products and services may be provided using resources and servers located in various countries around the world. Therefore, your personal data may be transferred outside the country where you use our services, including to countries outside the European Economic Area (EEA). We will transfer data in such circumstances only if the level of data protection in that jurisdiction is deemed adequate and if there are appropriate safeguards in place to protect your privacy.
Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of information on an international basis. Therefore, by browsing the Website and communicating electronically with us, you acknowledge and agree to processing personal data in this way.
A cookie is a small piece of code, sent from a website to a user's internet browser, which allows that website to track the user's previous activity when they return to that website. This allows us to provide you with the experience that you expect from us and lets us continually improve our service.
You can block cookies by changing the settings on your browser, but if you do you will not be able to access all or parts of our website. The types of cookies we may use are: