Privacy Statement-  NPFS Advisors Limited (NPFS Advisors)

About us and our Privacy Statement

NPFS Advisors Limited (NPFS Advisors) Privacy Statement refers to our commitment to data protection legislation compliance including the Irish Data Protection Acts and the EU General Data Protection Regulation.
We collect and process your personal data in the course of business. This personal data includes any offline physical data or online data that makes a person identifiable.
We process data for the following groups of individuals (current and former);

  • Job candidates
  • Prospective clients and Clients (including family members)Clients (including family members)
  • Contractors and outsourced service providers whose personal data is processed by us and
  • Other parties whose personal data is processed by us.

We are the data controller for the personal information we process, unless otherwise stated.
There are many ways you can contact us, including by phone, email and post. For more information see
www.npfs.ie

Please read this statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We know your personal information is important to you and it is important to NPFS Advisors too.

Purpose and legal basis for processing your data

You agree that any data you provide to us will be true, complete and accurate in all respects and you agree to notify us immediately of any changes to it. We will only collect personal information from or about you which is necessary for the following purposes:

General

  • Provide advice and services to you and respond to your queries
  • To comply with all relevant law & regulations (for example Ð anti money laundering regulations)
  • To manage the safety and security of you while on our premises
  • To facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders
  • To investigate, exercise or defend legal claims or other claims of a similar nature.

Prospective and existing clients

We need to collect and use your personal information to arrange for your contract through the relevant insurer/ providers who underwrites or effects any policy you choose to go ahead with.
The personal information needed for policy contracts and accounts is held and used to:

  • verify your identity and to verify the accuracy of the information we receive about you -assess the information you have provided and make a decision as to whether we can provide you with cover through the relevant insurer -provide you with a quotation for a product and to arrange for the provision of specific product cover should you decide to purchase a product through NPFS Advisors -share your personal information with the relevant provider to ensure that you have the appropriate cover in place (including provide quotes etc) -provide you with information about your policy or plan
  • provide ongoing client service
  • to administer your policy and make any changes during its term, answer queries, provide updates or
    process a cancellation, contact you to inform you of any relevant actions you may need to take
    assist you in the making of a claim through the relevant insurer
  • Provide quality advice, products and ongoing services to you
  • Set up and administer your account as a client with us including meeting our Know Your Client (KYC) obligations
  • To maintain our relationship with you whilst you are a client and investigate any complaints or disputes
  • Contact you for direct marketing purposes, subject to restrictions under the relevant laws, including the right to opt out of such marketing
  • To provide essential communication with you, including to respond to information requests submitted
  • To notify you about changes to contracted services relevant to you (or your family where appropriate)

 

Outsourced service providers

-Set up, avail of your services, contact you and administer our account as a customer with you

Job candidates –

To facilitates the selection of suitable candidates for employment with us.

Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree with the collection, use or disclosure of personal data. Once consent is obtained, it can be withdrawn at any stage.

We collect your data based on the following legal basis:

Consent-where you have explicitly agreed to us processing your information for a specific reason such as collecting data where necessary relating to racial or ethnic origin, political, religious or, philosophical beliefs, trade union membership, health, sexual life or orientation, genetic or biometric data for your pension or life assurance application .

Contract-where you have entered into a service with us and the processing is necessary to perform this service

Compliance -the processing is necessary for compliance with a legal obligation we have such as keeping records for revenue or tax purposes or providing information to a public body or law enforcement agency (including Central Bank of Ireland); we may be required to process certain data to carry out our obligations under employment, social security or social protection law; the processing is necessary for the establishment, exercise or defence of legal claims.

We must also collect certain personal information to comply with Anti-Money Laundering law. This depends on your policy type and may include items such as up to date proof of identification and address.

We use our clients personal information, including yours, to identify the target market for our regulated products and services.

Where lawful basis is a statutory or contractual requirement, if an individual is obliged to provide the personal data, failure to provide this information may result in us being unable to provide our services.

Legitimate interest

  • Processing is necessary for the purposes of a legitimate interest pursued by us to manage our business, subject to those interests not over-riding your fundamental rights and freedoms. This includes:
    .
    To safeguard the safety and security of our employees, property, and clients, buildings, information located or stored on the premises, and assets, and those of service providers, consultants, and advisors that assist us in carrying out its functions.
  • .
    Informing recruitment decisions taken about appointments and new hires.
  • .
    To operate our business generally and manage and administer our services to clients, suppliers and potential candidates.
  • .
    For us to provide financial advice, you must give personal and financial information for your current and future needs to be assessed. This allows us to recommend the most suitable financial product for you. This also involves creating new personal information about you. We are required to complete this analysis of you, using your personal information, in order to comply with regulations applicable to NPFS Advisors.
  • .
    As part of our marketing activities. A withdrawal option will be provided in all marketing communication thereafter.
  • .
    From time to time we may conduct customer satisfaction surveys. Where we do so we reply on the lawful processing of legitimate interest to enhance our service delivery.

Personal data we hold:

As part of our services, we need to obtain and process personal data as required where necessary to provide our services such as:

Types of Personal Data (i.e. any information relating to an identified or identifiable person)

Demographic Data name, date of birth, age,

Contact Details home/work landline phone number, personal/work mobile, home/work postal address, personal/work email address

Financial Data bank account number, investment account number, tax details

Financial Information earnings, asset values, liabilities

Digital Identifiers IP Address meta data, cookie identifier, advertising IDs, pixel tags, account handles

Occupation Occupation

Residency and Citizenship Country of Residence, Citizenship and Domicile

Investment risk profile To establish a customer’s attitude to investment risk (relates to pensions and investments) advisors have automated calculators which calculate the customers attitude to various levels of risk having answered a series of questions

Dependants

Professional Advisors Accountant, Solicitor

Social Media URL LinkedIn

Special Categories Data health for the purposes of a life assurance application, capacity for the purpose of assisting vulnerable customer.
Government Identifiers passport number, personal public service number, driver’s licence, income tax number
Opinions and Assessments Opinions and assessments collected in the course of operational tasks
Other policy number, account number, unique reference number of a combination of specific criteria e.g. age, occupation, place of residence
Any other types of data not listed above Financial goals and objectives

How we protect your data?

We collect this data in a transparent way and only with the full knowledge of interested parties. Once this
information is available to us, the following rules apply. Our data will be:

Accurate and kept up-to-date
-Collected fairly and for lawful purposes only
-Processed by us on the basis of either a valid contract, consent, legal compliance or legitimate
interest
-Protected against any unauthorised access or illegal processing by internal or external parties.

Our data will not be:
-Communicated to any unauthorised internal or external parties
-Stored for longer than required for the purpose obtained
-Transferred to organisations, states or countries outside the European Economic area without
adequate safeguards being put in place as required under Data Protection law.
Our commitment to protect your data:
-Restrict and monitor access to sensitive data
-Develop transparent data collection procedures
-Train employees in data protection and security measures
-Build secure networks to protect online data from cyberattacks
-Establish clear procedures for reporting privacy breaches or data misuse
-Establish data protection practices (document shredding, secure locks, data encryption, frequent
backups, access authorisation etc.).

Who we share your data with

Your personal information may also be processed by other organisations on our behalf for the purposes outlined above. We may disclose your information where necessary to the following: Revenue, Social Welfare, Central Bank of Ireland, Data Protection Commission, outsourced Employment Law advisors, legal advisors, business advisors, financial, pension and leasing institutions, health professionals, law enforcement, Garda, debt collectors, Service providers, IT providers, couriers, shredding company, security company, printing company, CCTV company, providers with whom we hold agencies, administration services, accountant/auditors, insurers, recruitment agents, business consultants or subcontractors and to possible successors to our business
Some of these parties may reside outside the European Economic Area (which currently comprises the Member states of the European Union plus Norway, Iceland and Liechtenstein). If we do this, your information will be treated to the same standards adopted in Ireland. We may also disclose your information for the prevention and detection of crime and to protect the interests of us or others, or if required to do so by law or other binding request.

How long will we hold your personal data?

We will only retain personal data for as long as necessary for the purposes for which it was collected as required by law or regulatory guidance to which we are subject or to defend any legal actions.
Corporate Client
Where you, as a data controller, engage the services of use, we will act as data processors on your behalf. In doing so, we will:
Where we are the processor. In doing so, we will: .
– Only process personal data under the Contract in accordance with your reasonable written
instructions and in accordance with applicable Data Protection Legislation
– Adopt appropriate technical and organisational measures against accidental disclosure, loss or
destruction of personal data
– Inform you promptly in the event of unauthorised disclosure, loss or destruction of any personal
data processed on your behalf
– Refer to you any requests, notices or other communication from data subjects, the Office of the
Data Protection Commissioner or any other law enforcement agency relating to personal data
processed on your behalf
– Ensure that all our personnel processing personal data are under an obligation of confidentiality
– Make available reasonable information necessary to demonstrate compliance with our data
protection obligations
– Make available such information and assistance as is reasonably necessary for you to comply with
your obligations to respond to request for exercising the data subjectÕs rights, to report personal
data breaches and to conduct Data Protection Impact Assessments and prior consultation with data
protection authorities
– Comply with our obligations to you in respect of sub-processing and third country transfers.
– Delete or return all personal data processed on your behalf where there is no legal basis for use to
retain this data, upon the termination of any services provided by us to you

Your Rights

When have I the right to all my personal data being deleted by NPFS Advisors?
You have the right to have your personal data deleted without undue delay if:
.
The personal data is no longer necessary in relation to the purpose(s) for which it was collected/processed

.
You are withdrawing consent and where there is no other legal ground for the processing

.
You object to the processing and there are no overriding legitimate grounds for the processing

.
The personal data has been unlawfully processed

.
The personal data must be erased so that we are in compliance with legal obligation

.
The personal data has been collected in relation to the offer of information society services with a child.

What happens if NPFS Advisors has made my personal data public?

If we have made your personal data public, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform those who are processing your personal data that you have requested the erasure.
What happens if NPFS Advisors has disclosed my personal data to third parties?
Where we have disclosed your personal data in question to third parties, we will inform them of your request for erasure where possible. We will also confirm to you details of relevant third parties to whom the data has been disclosed where appropriate.
Would NPFS Advisors transfer the personal data to another service provider if I requested this?
We can transfer this data to another company selected by you on your written instruction where it is technically feasible taking account of the available technology and the feasible cost of transfer proportionate to the service we provide to you.

Under what circumstances can NPFS Advisors refuse?

You will not be able to obtain, or have transferred in machine-readable format, your personal data if we are processing this data in the public interest or in the exercise of official authority vested in us.
Will NPFS Advisors provide me with my personal data if the file contains the personal data of others?
We will only provide you with your personal data, ensuring we protect the rights and freedoms of others. Where personal data of another person may be on the same files as yours, we will redact the full details of the other person.

Retention of your personal data

Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. NPFS Advisors will process personal data in accordance with our retention policy. This retention policy has been governed by our regulatory body (Central Bank of Ireland) and our internal governance.

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Your rights as a data subject
.
Right of access Ð you have the right to request a copy of the information that we hold about you.

.
Right of rectification Ð you have a right to correct data that we hold about you that is inaccurate or incomplete.

.
Right to be forgotten Ð in certain circumstances you can ask for the data we hold about you to be erased from our records.

.
Right to restriction of processing Ð where certain conditions apply to have a right to restrict the processing.

.
Right of portability Ð you have the right to have the data we hold about you transferred to another organisation.

.
Right to object Ð you have the right to object to certain types of processing such as direct marketing.

.
Right to object to automated processing, including profiling

.
Right to judicial review: in the event that NPFS Advisors refuses your request under rights of access, we will provide you with a reason as to why.

All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
Profiling Ð automatic decision making
a) Risk Profiling
To establish a customerÕs attitude to investment risk (relates to pensions and investments) advisors have automated calculators which calculate the customers attitude to various levels of risk having answered a series of questions.
b)
Establishing affordability and providing quotations for financial services products.

c)
Profiling for marketing purposes.

Object

Have I already been informed about my right to object?

We have informed you of your right to object prior to us collecting any of your personal data as stated in our privacy statement.
When can I object to NPFS Advisors processing my personal data?
You can object on grounds relating to your situation. NPFS Advisors will stop processing your personal data unless:
.
we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms

.
the processing is for the establishment, exercise or defence of legal claims.

What are my rights to object for direct marketing purposes?

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, we will no longer process this data for such purposes.
What are my rights to object in the use of information society services?
In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications.
Contact us at 01 4980005 info@npfs.ie
Restrict processing

When can I restrict processing?

You may have processing of your personal data restricted:
.
While we are verifying the accuracy of your personal data which you have contested

.
If you choose restricted processing over erasure where processing is unlawful

.
If we no longer need the personal data for its original purpose but are required to hold the personal data for defence of legal claims

.
Where you have objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our legitimate grounds override.

What if NPFS Advisors has provided my personal data to third parties?

Where we have disclosed your personal data in question to third parties, we will inform them about the restriction on the processing, unless it is impossible or involves disproportionate effort to do so.
How will I know if the restriction is lifted by NPFS Advisors and/or relevant third parties?
We will inform on an individual basis when a restriction on processing has been lifted.

Rectification
What can I do if NPFS Advisors is holding incorrect personal data about me?
Where you suspect that data we hold about you is inaccurate, we will on demand rectify any inaccuracies without undue delay and provide confirmation of same.
What happens if NPFS Advisors has disclosed inaccurate information to third parties?
Where we have disclosed inaccurate personal data to third parties, we will inform them and request confirmation that rectification has occurred. We will also provide you with details of the third parties to whom your personal data has been disclosed.

Withdraw consent
Under what circumstances could I withdraw consent?
You can withdraw consent if we are processing your personal data based on your consent.

When can I withdraw consent?
You can withdraw consent at any time.

If I withdraw consent what happens to my current data?
Any processing based on your consent will cease upon the withdrawal of that consent. Your withdrawal will not affect any processing of personal data prior to your withdrawal of consent, or any processing which is not based on your consent.

Lodge a complaint
Can I lodge a complaint with the Data Protection Commission?
You can lodge a complaint with the Data Protection Commission in respect of any processing by or on behalf of NPFS Advisors of personal data relating to you.

How do I lodge a complaint?
Making a complaint is simple and free. All you need to do is write to the Data Protection Commission giving details about the matter. You should clearly identify the organisation or individual you are complaining about. You should also outline the steps you have taken to have your concerns dealt with by the organisation, and what sort of response you received from them. Please also provide copies of any letters between you and the organisation, as well as supporting evidence/material.

What happens after I make the complaint?
The Data Protection Commission will then take the matter up with NPFS Advisors on your behalf.

Access your data
When do I have the right to access my personal data from NPFS Advisors?

Where NPFS Advisors process any personal data relating to you, you have the right to obtain confirmation of same from us, and to have access to your data.

What information will NPFS Advisors provide to me?
If we are processing your personal data, you are entitled to access a copy of all such personal data processed by us subject to a verification process to ensure we are communicating with the correct person. We will provide any of the following information:
.
why we are processing your personal data

.
the types of personal data concerned

.
the third parties or categories of third parties to whom the personal data have been or will be disclosed. We will information you if any of the third parties are outside the European Economic Area (EEA)or international organisations

.
how your personal data is safeguarded where we provide your personal data outside the European Economic Area or to an international organisation

.
the length of time we will hold your data or if not possible, the criteria used to determine that period

.
your rights to:

o
request any changes to inaccurate personal data held by us

o
have your personal data deleted on all our systems

o
restriction of processing of personal data concerning you

o
to object to such processing

o
data portability

.
your right to lodge a complaint with the Data Protection Commission info@dataprotection.ie

.
where we have collected your personal data from a third party, we will provide you with the information as to our source of your personal data

.
any automated decision-making, including profiling which includes your personal data. We will provide you with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

What information is not provided?
Business information retaining to your role as an employee.

How long will it take to receive my personal data from NPFS Advisors?
We will provide you with a copy of the personal data we are currently processing within one month of request. In rare situations if we are unable to provide you with the data within one month we will notify you, within one month of your valid request, explaining the reason for the delay and will commit to delivery within a further two months.

How much will it cost me to receive my personal data?
We will not charge for providing your personal data unless we believe the request is excessive and the cost of providing your data is disproportionate to your services provided.

Can I request additional copies of my personal data?
If you require additional copies we will charge Û20 to cover our administrative costs.

Can I receive my personal data electronically?
You can request your personal data by electronic means and we will provide your personal data in a commonly used electronic form if technically feasible.

What will NPFS Advisors do if another personÕs personal data is shared with my personal data?
We will only provide you with your personal data, ensuring we protect the rights and freedoms of others. Where personal data of another person may be on the same files as yours, we will redact the full details of the other person.

HR and Recruitment
Right to Hire:
Any employment agency, person or entity that submits an unsolicited Curriculum Vitae (CV) to NPFS Advisors does so with the understanding that NPFS Advisors will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.

Application for an unsolicited job
If you are interested in applying for an unsolicited job within NPFS Advisors you may provide us with your CV. We will then match your qualifications and experience to the position you applied for, or any other current job opportunity. If your profile corresponds to our requirements, we will contact you.

Verification
Verification checks are required for specific roles and will be identified in the job advertisement where relevant. Verification checks such as:
.
Reference checks

.
Proof of identity

.
Proof of residency

.
Proof of the right to work

.
Garda vetting (only in limited circumstances where required for regulatory reasons)

The purpose of personal data processing

The personal data you provide NPFS Advisors will be used for the purpose described above.
Solicited or unsolicited job applications:
NPFS Advisors collects and processes name and contact details and other personal data which you have provided in your CV and job application.
Deletion and rectification of your personal data
Personal data processed because of unsolicited job applications, where the job applicant is not offered a job, will be deleted 1 week after the rejection of application has been sent to the job applicant (in some cases no communication may take place), unless the job applicant accepts the storage for a longer period. In such case, the application will be stored for 6 months. Unsuccessful candidates personal data for solicited jobs will be held for a maximum of 13 months.
Sensitive personal data
NPFS Advisors endeavours not to collect sensitive personal data via CVs. By sensitive personal dataÓ is meant personal data relating to race or ethnic origin, political opinions, religious or philosophical beliefs, membership of trade unions, or health or sex life.