Data Privacy Notice - Customer Summary
Data Privacy Notice – Customer Summary
IMO Financial Services takes your privacy and confidentiality seriously. You provide us with personal and financial information and we want you to understand why we collect your data, what we do with it, who we share it with, why we share data and help you understand our legal obligations as well as your rights.
This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which came into force on 25 May 2018. From that date, the GDPR, together with applicable Irish requirements, amended existing data protection law and place enhanced accountability and transparency obligations on organisations when using your information. The GDPR also introduces changes which give you greater control over your personal information, including a right to object to processing of your personal information where that processing is carried out for our business purposes.
This summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information.
Please take time to read this notice carefully. If you would like clarification on any points in this summary document, please contact us.
1. Who we are
IMO Financial Services is a firm of financial advisors which provides advice on financial matters and arranges transactions or products suited to your needs. Further details of our services are provided in our Terms of Business document which we issue to all customers prior to providing a service or product.
2. The information we collect about you
We collect the following personal data (‘Data’) from you (unless you are a member of a pension group scheme, in which case we may collect the Data from your employer or the trustee of the scheme):
• Contact and identifying information such as title, name, address, email, telephone number, gender, marital status, date of birth, occupation, PPS number, nationality, country of residence and photographic identification. We require this Data to identify you, contact you, conduct a suitability assessment, to comply with legal obligations (e.g. performance of anti-money laundering checks). For investment products we also collect your US citizen status and your Tax Identification Numbers from other other countries (if applicable) which we require to comply with Revenue law. If you are a member of a pension group scheme, we may also collect your employer’s details.
• Financial information/details such as employment, bank account details and income/assets/liability details (where applicable).
• Other sensitive information (e.g. medical information and history and health status) for protection and some pension and investment products which also offer life and serious illness benefits.
• Information about you provided by others, e.g. your spouse/partner, professional advisers etc.
• Information provided when exercising your rights
Sometimes we may use your information even though you are not our customer. For example, you may be a beneficiary under a trust, a director of a client company, an employee of a client, or be a potential customer applying for one of our products or services.
3. When we collect your information
We collate information at the initial point of contact with you and aim to update this whenever you require a further service or product.
4. How and why we use your information
We collate, use and share information only where there is a legal basis for doing so. This includes where you have given us information in order to provide you with a service, product or arrange a transaction for you.
Typically, the legal basis for using your data is to provide a service or arrange a transaction which you have requested. The legal basis will also include complying with our legal and regulatory obligations,
e.g. under our Central Bank authorisations, interaction with the Data Protection Commission, Financial Services and Pensions Ombudsman, Revenue, Pensions Authority, Anti-money Laundering checks etc.
Where you have agreed or explicitly consented to the using of your data in a specific way, you may withdraw your consent at any time.
We may use your data if necessary to protect your “vital interests” in exceptional circumstances e.g. where we suspect a fraud may be in the course of perpetration.
Data may also be used for our legitimate interests such as managing our business, providing service information, conducting marketing activities, training and quality assurance and strategic planning.
5. How we use automated processing or “analytics”
We may analyse your information using automated means:
• to help us understand your needs and develop our relationship with you;
• to help us to offer you products and service information we believe will be of interest to you, providing that you have given us consent to use your data for this purpose;
• by using product providers IT systems and similar systems where you apply for a financial product e.g. to obtain underwriting terms from an insurer, affordability testing, analyse your investment risk profile, affordability testing.
The types and sources of the information we process by automated means about you are listed in Section 2 above.
We also use automated processing to assist in compliance with our legal obligations in connection with prevention of money laundering, fraud and terrorist financing.
6. Who we share your information with
When providing our services to you, we may share your information with:
• your authorised representatives;
• third parties with whom (i) we need to share your information to facilitate transactions you have requested, and (ii) you have agreed that we may share your information;
• product providers with which we propose to arrange business on your behalf;
• service providers who provide us with support services;
• statutory and regulatory bodies where we are legally obliged to do so;
• pension fund administrators, where applicable;
• pensions trustees, where applicable;
• Trustees or Grantees of a Group Scheme if you are a member of such a Scheme;
7. How long we hold your data
How long we hold your data is subject to legislation and regulatory rules we must follow, set by authorities such as the Central Bank of Ireland, Data Protection Commission, Financial Services and Pensions Ombudsman. The timescales may also depend on the type of financial or insurance, investment, or pension product provided to you. Our aim is to hold your data for no longer that is necessary and subject then to the timescales imposed by our legal obligations.
8. Implications of not providing your data
If you do not provide information we may not be able to:
• provide requested products or services to you;
• continue to provide and/or renew existing products or services;
• assess suitability; and
• where relevant, give you a recommendation for a financial product or service which you require.
9. Transfer of information outside the European Economic Area (EEA)
It is our aim to retain any information which we hold within the EEA. However, given the nature of our business relationships with certain product providers, such providers may have legitimate business reasons to transfer information outside the EEA. The product providers with which we arrange business on your behalf are obliged to comply with the provisions of the GDPR in relation to the transfer of data within or outside the EEA.
10. Data Subject Rights - How to exercise your rights
Under the GDPR you will have additional rights in relation to how your data is used, including the rights to:
• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have certain data we hold about you transferred to you or to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that we refuse you request under rights of access, we will provide you with a reason.
If you wish to avail of these rights, a request must be submitted in writing to us on the below address. In order to protect your privacy, you may be asked to provide suitable proof of identification before we can process your request.
If we are unable to deal with your requests fully within a calendar month we may extend this period by a further two calendar months and explain the reason why. If you make your request electronically, we will try to provide you with the relevant information electronically.
11. IMO FS Website
IP Addresses - Each time you use the internet, an IP address is assigned to your computer via your Internet Service Provider. This number may either be the same or different each time. Each time your computer requests information from our website, we log your IP address on our server. We may use this information in order to gather information about website traffic. There will not be any personal data transfers outside the EEA.
If you are dissatisfied with our services or how we use your data, you have the right to complain to the Data Protection Commission, contact details as follows:
Address: Office of the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2 D02 RD28
Telephone: +353 87 103 0813 or Lo Call Number 1890 252 231
We will update our Data Privacy Notice – Customer Summary and Website Privacy Notice from time to time. You may request a copy of our current Notices at any time or refer to our website which is www.imofs.ie.
14. Our Contact Details
IMO Financial Services 10 Fitzwilliam Place
Telephone no: 01/6618299 Email address: firstname.lastname@example.org
Effective Date: April 2020