Privacy Notice

 

On-Line Partnership Group Limited understands its obligations in regards to your fundamental right to a private life and has implemented systems and controls to ensure your rights and freedoms are protected.

On-Line Partnership Group Limited undertakes to meet its obligations under the Data Protection Act, the Privacy and Electronic Communications Regulations and the EU General Data Protection Regulation (GDPR).

  • On-Line Partnership Group Limited will collect the following data, dependent upon the type of enquiry / service / financial product required:

    • Data about a person’s identity such as their name, date of birth and contact details

    • Data connected to a product or service

    • Data about your contact with us e.g. meetings, phone calls, emails / letters

    • Data that is automatically collected e.g. via cookies when you visit one of our websites

    • Information if you visit our office e.g. visual images collected via closed circuit television (CCTV)

    • Information classified as ‘sensitive’ personal data e.g. relating to your health. This information will only be collected and used where it’s needed to provide a product or service you have requested or to comply with our legal obligations in matters of employment.

    • Information you may provide us about other people e.g. joint applicants or beneficiaries for products

    • Information on children e.g. where a child is named as a beneficiary on the application for a policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender)

    Different variations of data are required dependent upon the type of enquiry / service / financial product so we may not be required to collect all the data listed above. A privacy notice detailing the specific type of data required will be issued, specific to the type of enquiry.

  • You directly provide On-Line Partnership Group Limited with the data we collect by the following methods:

    email submission, original physical copy, scanned certified email copy, scanned certified postal copy, telephone conversation, application form for a product or service, meeting with us, registering for one of our events, our websites or via our social media pages.

  • Your personal data will be processed by On-Line Partnership Group Limited.

  • WHY IS YOUR PERSONAL DATA REQUIRED? Your personal data will be required to

    • reply to your enquiry

    • enable us to take necessary steps at your request prior to entering a contract for financial services and to perform such a contract.

    • enable us to take necessary steps at your request prior to entering a contract of employment when applying for a job vacancy and to perform such a contract.

    Dependent upon the type of enquiry this may include identity and age verification checks, credit checks, preventing and detecting fraud, money laundering or other crimes and any other requirements in accordance with rules set by the Financial Conduct Authority (FCA) or other employment legislation.

  • Though there are some legal exceptions, if we wish to process your personal data for any other unrelated purpose than those, we have informed you about we will notify you.

  • Your personal data is essential to enable us to answer your enquiry or to take steps at your request prior to entering a contract or to perform a contract to which you are a party. Without this information we will not be able to proceed any further.

  • The lawful basis for the processing of your personal data as per Article 6 (1) of the GDPR is necessary for:

    • Consent. You can remove your consent at any time by contacting our Data Protection Representative (details below).

    • For the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract

    • for compliance with a legal obligation to which we are subject

    • for the purposes of the legitimate interests pursued by us.

  • We will record your data exactly as you provide it. You may ask us to update it at any time and we will action your request promptly and notify relevant third parties of any changes.

  • We only process sensitive personal data

    • because it is necessary for reasons of substantial public interest

    • to carry out obligations in the field of employment

    • to protect your vital interests e.g. we may pass on an employee’s information about medical conditions to paramedics if they are unable to give consent due to illness.

    Sensitive personal data may include data revealing racial or ethnic origin, data concerning health or data relating to criminal convictions or offences.

  • • To contact you to ensure that our records of your personal data are correct and up to date;

    • To respond to questions or grievances you may have about employment

    • For analysis of our website to understand visitor preferences, visitor numbers and which areas of the site are visited most

    • To review, improve and develop employment conditions or handle complaints

    • To pursue debts

    • To evidence company practices

    • To evidence the standards and processes carried out conform to the company's ethical standards and expectations

    • To protect the business from risks which might be introduced by an individual

    • To raise awareness about other opportunities within the company

    • To provide references to prospective employers when you have named us as a referee.

    You have the right to object to processing for these purposes and we shall cease unless we can show we have compelling legitimate grounds to continue.

  • We will use your personal data to protect members of the public against dishonesty, money laundering or fraudulent activities. This must necessarily be carried out without your explicit consent to ensure this function is not prejudiced. Part of this processing involves verifying your identity using third parties such as GB Group Plc or Creditsafe Business Solutions Ltd.

  • We only collect data that is necessary to carry out the purposes listed above. This includes data you supply and data we receive from reference agencies. Where practical and lawful we will inform you about any of your personal data we receive from third parties that you may be unaware of.

  • We will ensure that your data is only accessible to authorised people in our firm and will always remain confidential. Appropriate security measures will be in place to prevent unauthorised access, alteration, disclosure, loss, damage or destruction of your data. If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal data, we’ll make sure they give reassurances regarding appropriate security measures in place and only process your data in the way we’ve authorised them to. These organisations won’t be entitled to use your personal data for their own purposes. If necessary, our security teams will check them to make sure they meet the security requirements we’ve set. Please contact our Data Protection Representative below if you would like further information.

  • We may share your data with:

    • Appropriate staff such as those who carry out financial or compliance functions.

    • Organisations that need your data because we are required to provide it by law (e.g. The FCA, HMRC, The Information Commissioner etc).

    • Organisations that carry out credit references or identity checks such as GB Group Plc or CreditSafe Business Solutions Ltd. These organisations may keep a record of the data and may disclose the fact that a search of its records was made to its other customers for the purposes of assessing the risk of giving credit, to prevent fraud and to trace debtors.

    • Sometimes other authorised firms with specialist advisers, such as pension specialists, who assist us in providing pension schemes. You will be provided with their details if this applies.

    • Law enforcement agencies, courts or other public authorities if we must, or are authorised to by law.

    • If you are an employee, our parent company to administer various benefits such as life insurance, our bank to enable payment of salaries and benefits and our group pension provider, The Royal London Mutual Insurance Society Limited.

    • Where we go through a business transaction, such as a merger, being acquired by another company or selling a portion of its assets, your data will, in most instances, be part of the assets transferred.

    • Companies or organisations requesting a reference where you have named us as a referee.

    We do not sell your personal data to third parties.

  • We do not usually transfer any of your personal data outside of the UK or EU except when we need to perform pre-contractual measures (credit and identity checks) or because the checks we request are necessary for important reasons of public interest. Some companies, like Creditsafe Business Solutions Ltd, may transfer data outside of the EU to countries which do not, in the view of the EU Commission, offer an adequate level of protection. In such cases Creditsafe encrypts any data it sends to other selected agencies and only transfers information necessary to carry out checks. (A list of countries used to perform checks include Germany, Netherland, Belgium, France, Sweden, Norway, Finland, Luxembourg, Switzerland, Liechtenstein, Spain, USA, Estonia, Latvia, Lithuania, Poland, Slovakia, Czech Republic, Hungary, Slovenia, Bosnia, Serbia, Montenegro, Croatia, Macedonia, Kosovo, Albania, Bulgaria, Romania, Ukraine, Austria, Denmark, Moldova, Portugal, Italy, Canada, Brazil, Greenland, China, India, Australia, Russia, South Korea, Taiwan, Mexico, South Africa, New Zealand, Hong Kong, UK.)

    Furthermore, we will occasionally use third parties for the processing of personal data in third countries. However, we shall put in place appropriate safeguards to ensure your data is safe before such transfers.

  • We will use your personal data now and, in the future, to carry out direct marketing activities as these are legitimate interests pursued by us. Sometimes this includes, with your consent, sharing data with product providers for their marketing activities. You can choose which method you’d prefer us to use to contact you (by email, telephone, SMS or post) and you have the right to object at any time to the use of your personal data for this purpose and we will cease marketing activity.

  • We sometimes use automated processes when making decisions but you will not be subject to a decision based solely on automated processing, including profiling.

  • When someone visits www.inpartnership.net we use a third-party service, Squarespace Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Squarespace to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be clear about this and explain what we intend to do with it.

  • You can read more about cookies on our cookie use page.

  • The Financial Conduct Authority lays down rules relating to how long your personal data should be held for and we will keep your data to meet these requirements. We will not keep your personal data for longer than is necessary.

  • You may at any time ask for a copy of the personal data we hold about you – it is your legal right. We will provide you with a copy of any non-exempt personal data within one month unless we ask you for an extension of time. To protect your personal data, we will ask you to verify your identity before we release any data. We may refuse your request if we are unable to confirm your identity.

    Information will be provided to you in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.

  • You have the right, on grounds relating to your situation, at any time to object to processing which is carried out as part of our legitimate interests or in the performance of a task carried out in the public interest. We will no longer process your personal data unless we can demonstrate there are compelling legitimate grounds which override your rights and freedoms or unless processing is necessary for the establishment, exercise or defence of legal claims.

    You have the right to object at any time to processing your personal data for marketing activities. In such a case we must stop processing for this purpose.

  • In addition to the rights above the additional following rights:

    • You have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning your data

    • You have the right to receive data you have provided to us in a structured, commonly used and machine-readable format and in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.

    • You have the right to object.

    • You have the right to lodge a complaint with the regulator (see below).

    To exercise any of these rights please contact our Data Protection Representative.

    machine readable format

    • You have the right to object

    • You have the right to lodge a complaint with the regulator (see below).

    To exercise any of these rights please contact our Data Protection representative.

  • You can contact our Data Protection Representative about any data protection issues by:

    • Writing to:

    The Data Protection Representative,

    On-Line Partnership Group Ltd,

    On-Line House, 50-56 North Street,

    Horsham, West Sussex, RH12 1RD

    • Telephoning: 01403 214200

    • Emailing: dpo@inpartnership.net

  • • By writing to:

    Information Commissioner's Office,

    Wycliffe House,

    Water Lane,

    Wilmslow,

    Cheshire,

    SK9 5AF

    • By telephoning: 0303 123 1113

    • By emailing: casework@ico.org.uk

    • By using their website:

    https://ico.org.uk/for-organisations/report-a-breach/