Pacem offer our clients Accountancy Business Services and Private Financial Planning advice. We and our clients view this as a unique combination of services that help them grow their business and achieve their personal financial goals. This privacy notice explains how we use any personal information we collect about you.
General Use of Personal Data
- The Data Protection Act 2018.
- The Privacy and Electronic Communications (EC Directive) Regulations 2003.
- General Data Protection Regulation (EU) 2016/679 which will come into force in the UK in May 2018 and replace the Data Protection Act 1998.
Generally, our processing of your personal information is allowed by these laws because we have a legitimate business interest to carry out this processing. Some processing may also be necessary so that we can perform a contract, because it is required by law or we believe it is in your vital interests.
The Principles of Data Protection
The General Data Protection Regulation (GDPR) sets out the data protection principles of the main responsibilities for organisations. Personal data must be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
What information do we collect about you?
Pacem holds both personal and sensitive data as defined by the legislation. We only collect the information we need. Access to your data will be restricted. We collect two kinds of information
- Non-personal information such as IP addresses (the location of the computer on the internet), pages accessed, and files downloaded. This helps us to determine how many people use our sites, how many people visit on a regular basis, and how popular our pages are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our servic
- Personal and/or medical information (where appropriate).
We collect information about you when you engage with us for financial planning services. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as health information, if this is necessary for the provision of our services.
For example, for a client, we may hold the individual’s title, names, address, gender, date of birth, email address, telephone numbers, GP details, special needs, next of kin details, medical history, bank details, client feedback, photographs with client consent for marketing material purposes.
For staff and interns, we may hold information such as name, address, date of birth, gender, email address, telephone numbers, next of kin, National Insurance number, bank details for payroll purposes. Photographs, recruitment and selection notes, references, medical history, qualifications, insurance information, training records, car details, workplace accidents, and perceived community background for Section 75 (NI Act) purposes, etc.
For suppliers and customers, we may hold your name, address, contact details and bank details.
We may also collect information when you voluntarily complete client surveys or provide feedback to us.
Information relating to usage of our website is collected using cookies. These are text files placed on your computer to collect standard internet log information and visitor behaviour information. We’ll use your information collected from the website to personalise your repeat visits to the site
Information about connected individuals
We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We’ll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
Why do we need to collect and use your personal data?
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations.
Where special category data is required we’ll obtain your explicit consent in order to collect and process this information.
For employees, it is a condition of employment that Pacem processes your personal data. By applying for a role with us, you signify your agreement.
Everyone has the right to know what personal data Pacem holds about you and for this to be correct. Procedures for the management of personal data are in place and enquiries may be made as set out below.
If you do not consent to Pacem processing your information, we will not be able to offer you our services.
Changing your details or how we contact you
You can opt in or out of receiving general marketing communications or change your preferences (e.g. how you receive our communications) by calling our team on weekdays between 9am – 5pm on 02890996948.
Similarly, if your contact details have changed or you think any information we have about you is incorrect or incomplete, you can always update or correct the information we hold about you, via the same channel.
If you indicate that you do not wish to be contacted for general marketing purposes, we will maintain your details on a suppression list to help ensure that we do not continue to contact you. However, we may still need to contact you for administrative purposes, for example providing you with information about a service you have requested.
How will we use the information about you?
We collect information about you in order to provide you with the services for which you engage us.
Who might we share your information with?
If you agree, we may email you about other products or services that we think may be of interest to you.
We won’t share your information for marketing purposes with companies outside our group.
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you.
Where third parties are involved in processing your data we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
Storing your information
We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date. We only keep it as long as reasonable and necessary.
Your information may be stored in a digital or paper format (secure onsite and offsite storage).
Information is stored by us on computers located in the UK. We may transfer the information to other staff members off-site and to other reputable third party organisations as explained below. We may also store information in paper files. Sensitive information is always locked away.
We place a great importance on the security of all personally identifiable information associated with our supporters, customers and service users. We have security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, only authorised personnel can access user information.
Where you or we have provided a password enabling you to access parts of our websites or use our services, it is your responsibility to keep this password confidential. Please don’t share your password with anyone.
We will keep your information only for as long as we need it to provide you with the goods, services or information you have required, to administer your relationship with us, to comply with the law or best practice, or to ensure we do not communicate with people that have asked us not to. When we no longer need information, we will always dispose of it securely, using specialist companies, if necessary, to do this work for us.
How long do we keep hold of your information?
In principle, your personal data shouldn’t be held for longer than is required under the terms of our contract for services with you. However, we’re subject to regulatory requirements to retain data for specified minimum periods. The retention period for documents are outlined in our ‘Retention Schedule’ as attached in Appendix 1. We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us.
You have the right to request deletion of your personal data. We’ll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
How can I access the information you hold about me?
You have the right to request a copy of the information that we hold about you. If you’d like a copy of some or all of your personal information, please email or write to us using the contact details noted below.
When your personal data is processed by automated means you have the right to ask us to move your personal data to another organisation for their use.
We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.
For further information visit http://www.allaboutcookies.org/
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
What can you do if you are unhappy with how your personal data is processed?
You also have a right to lodge a complaint with the supervisory authority for data protection. In Northern Ireland this is:
Information Commissioner’s Office: 3rd Floor, 14 Cromac Place, Belfast,BT7 2JB
Tel: 028 9027 8757 or 0303 123 1114, Email: firstname.lastname@example.org
If you have a query regarding the accuracy of your personal data then your query will be dealt with quickly by a member of our team.
If you have any other general queries about your information, you can contact Gemma McShane, our designated employee responsible for Data Protection, by email at email@example.com or by telephone on 02890996948.
Appendix 1 – Retention Schedule
We aim to highlight to the user how and when data/records should be destroyed.
Records Retention and Disposal
Records should not be retained any longer than is necessary for the efficient operation of the Pacem, or to meet statutory/regulatory obligations. Records that have outlived their administrative usefulness or statutory retention period, should be destroyed.
No data file or record should be retained longer than highlighted in the Retention Schedule after it is closed unless a good reason for longer retention can be demonstrated. It is to be emphasised that the period defined in the Retention schedule is a maximum period. It may be appropriate, having regard to the nature of the record, to opt for a shorter period.
Requirements to Retain
If documents are not required to be kept by statute, consider the need to retain at all.
As a rule, the following types of records below have no significant operational, informational or evidential value. They can therefore be destroyed as soon as they have served their primary purpose.
- Announcements and notices of meetings and other events, and notifications of acceptance or apologies
- Requests for, and confirmations of, reservations with third parties (e.g. travel, hotels, accommodation) when invoices have been received
- Transmission documents: letters, FAX cover sheets, e-mail messages, routing slips, compliments slips and similar items which accompany documents, but do not add any value to them
- Message slips
- Superseded address lists, distribution lists etc.
- Duplicate documents such as: ‘CC’ and ‘FYI’ copies, unaltered drafts, ‘Snapshot’ printouts or extracts from databases, ‘Day Files’ (chronological copies of correspondence)
- Working papers, where the results have been written into an official document and which are not required to support it
- Stocks of in-house publications which are obsolete, superseded or otherwise useless e.g. magazines, marketing materials, prospectuses, catalogues, manuals, directories, forms, and other material produced for wide distribution
- Published or reference materials received from other parties or from vendors or other external organisations which require no action and are not needed for ‘record’ purposes, e.g. trade magazines, vendor catalogues, flyers, newsletters.
Examples taken from: The JISC. HEI Business Function & Activity Model, 2003.
Exceptions to Retention Schedule
Under the Freedom of Information Act 2000 and Data Protection legislation, it is a criminal offence to destroy or dispose of records once Pacem Glover has received a formal request to access the information contained in those records.
Reasons for longer retention will include the following:
- The record contains information relevant to legal action which has been started or is in contemplation
- Whenever there is a possibility of litigation, the records and information that are likely to be affected should not be amended or disposed of until the threat of litigation has been removed.
- The record should be archived for historical or research purposes, e.g. the record relates to an important policy development or relates to an event of local or national purpose
- The records are maintained for the purpose of retrospective comparison
- The records relate to individuals or providers of services who are judged unsatisfactory. The individuals may include employees who have been the subject of serious disciplinary action
Departmental Retention Schedules
Each department will develop and maintain its retention schedule. Below is a guide to Statutory Retention Periods. Consideration should be given to the length of time any other piece of information is held for.
Statutory Retention Periods
The table below summarises the main legislation regulating statutory retention periods. However, if in doubt, the government’s Business Link website advises that it is a good idea to keep records for six years to cover the time limit for bringing any civil legal action.
|Record||Statutory Retention Period||Statutory Authority|
|accident books, accident records/reports||3 years after the date of the last entry (see below for accidents involving chemicals or asbestos)||The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR)
(SI 1995/3163) as amended. Special rules apply concerning incidents involving hazardous substances (see below).
|Accounting Records||6 years||Section 221 of the Companies Act 1985 as modified by the Companies Acts 1989 and 2006|
|Income tax and NI returns, records and correspondence with HMRC||6 years||Taxes Management Act 1970|
|Records relating to children and young adults||Until the child/young adult reaches the age of 21||Limitation Act 1980
|Retirement Benefits Schemes – records of notifiable events for example, relating to incapacity||6 years from the end of the scheme year in which the event took place||The Retirement Benefits Schemes (Information Powers) Regulations 1995
|Statutory Maternity Pay records, calculations, certificates (Mat B1s) or other medical evidence||3 years after the end of the tax year in which the maternity period ends||The Statutory Maternity Pay (General) Regulations 1986
(SI 1986/1960) as amended
|Statutory Sick Pay records, calculations, certificates, self-certificates||3 years after the end of the tax year to which they relate||The Statutory Sick Pay (General) Regulations 1982
(SI 1982/894) as amended
|Wage/salary records||not less than 3 years after the end of the financial year to which they relate||The Income Tax (Employments) Regulations 1993
(SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No. 6) Regulations 1996 (SI 1996/2631)
|National minimum wage records||3 years after the end of the pay reference period following the one that the records cover||National Minimum Wage Act 1998|
|Records relating to working time||2 years from date on which they were made||The Working Time Regulations 1998 (SI 1998/1833)|
Recommended (non-statutory) Retention Periods
For many types of personnel records, there is no definitive retention period: it is up to the employer to decide how long to keep these records and it’s a question of judgement rather than there being any definitive right and wrong. An employer needs to consider what would be a necessary retention period, depending on the type of record. The advice in this factsheet is based on the time limits for potential tribunal or civil claims and aims to draw sensible conclusions as to how long keeping the records will protect an employer.
Where the recommended retention period given is 6 years, this is based on the 6-year time limit within which legal proceedings must be commenced as laid down under the Limitation Act 1980. Thus, where documents may be relevant to a contractual claim, it is recommended that these be retained for at least the corresponding 6-year limitation period.
|Record||Recommended Retention Period|
|application forms and interview notes (for unsuccessful candidates)||6 months to a year. (Because of the time limits in the various discrimination Acts, minimum retention periods for records relating to advertising of vacancies and job applications should be at least 6 months. A year may be more advisable as the time limits for bringing claims can be extended. Successful job applicants documents will be transferred to the personnel file in any event.|
|assessments under health and safety regulations and records of consultations with safety representatives and committees||Permanently|
|Inland Revenue/HMRC approvals||Permanently|
|parental leave||5 years from birth/adoption of the child or 18 years if the child receives a disability allowance|
|pension scheme investment policies||12 years from the ending of any benefit payable under the policy|
|pensioners’ records||12 years after benefit ceases|
|personnel files and training records (including disciplinary records and working time records)||6 years after employment ceases|
|redundancy details, calculations of payments, refunds, notification to the Secretary of State||6 years from the date of redundancy|
|senior executives’ records (that is, those on a senior management team or their equivalents)||permanently for historical purposes|
|Time cards||2 years after audit|
|Employee Personnel Records||10 years after ceasing to be effective|
|Investment business for non-current client||10 years from end of relationship|
|Insurance (Protection) business for non-current client||10 years from end of relationship|
|Mortgage business for non-current client||10 years from end of relationship|
|Pension transfers and opt-outs||Indefinitely for pension transfer and opt-outs.|
|ID/ Money Laundering||10 years|
|Current clients||10 years from end of relationship|
|Prospect (a person who is not yet a client, but we hold contact details for. No recommendations have been provided)||1 year|