Privacy Policy

About us

Johnston Financial Ltd also trades as Johnston Financial.  Johnston Financial Ltd will be a data controller of any personal data it holds about you and the account(s) or policies that either we have arranged for you or which you have either mandated into our agencies or mandated us to obtain information about.  This Privacy Notice will apply to all processing of your personal data that may occur within Johnston Financial Ltd.

 

A data controller is an individual or organisation which decides how your personal data will be used. The data controller is referred to as “we”, “us” and “our” in this Privacy Notice.

 

If you require any further information or wish to contact us or our Data Protection Officer at any time our contact details are:

 

Post                                                                                                       Telephone

Write to us at:                                                                                   Call us on 0131 556 4540.

Johnston Financial Ltd

49 Northumberland Street

Edinburgh

EH3 6JQ

 

Email

You can contact us by emailing info@johnstonfinancial.co.uk. You can also contact our Data Protection Officer at this email address.

 

Use of our website

We don’t collect personal data from people browsing our websites.  We don’t make any attempt to find out the identities of those browsing our website.

 

If you provide us with personal data through our website, our Privacy Notice is available to read from a link on the Home Page.

 

Our obligations under Data Protection Laws

Applicable Data Protection laws, (including the General Data Protection Regulation 2016 and the Data Protection Act 2018), impose obligations on us as the data controller, when we collect or create, hold, amend, disclose, share or otherwise use or erase/destroy (collectively referred to as processing) your personal data and give you, as the data subject, rights over your personal data.

 

 

One such obligation is to process, (e.g. collect, hold, use or erase) your personal data fairly, lawfully and in a transparent manner.  The lawful basis on which we process your personal data is “Legal Obligation”.  This basis applies as we are required by our regulator, The Financial Conduct Authority, to have sufficient information about you, your objectives and your financial arrangements to be able to demonstrate both now and in the future that the advice we give you is suitable to your circumstances and objectives.

 

This means that we will hold your personal data throughout your lifetime and for up to six years thereafter.  If you hold any pension plans and we have provided advice in relation to them, we are required by the Financial Conduct Authority to hold your data in perpetuity.

 

We may change our Privacy Notice in the future. If we make any substantial and/or material changes and those changes materially affect you, we’ll inform you of any changes before they take effect.

 

What personal data do we hold and where did we get it from?

We hold data on your personal details such as your name, address, date of birth and National Insurance Number.  We hold details of your personal financial situation such as your earned and investment income.  We also hold details of the protection, pension and investment arrangements you have.  We may hold data in connection with the taxes you pay.  This data will have been given to us by you with your agreement when we are advising you.  We may also have gathered personal data from product providers or other sources if you have signed a mandate to allow us to obtain that information.  We will also obtain personal data from credit reference agencies when we fulfil our legal obligation to carry out ID checks to comply with the Anti Money Laundering regulations.

 

Broadly, we are likely to hold personal data that will give us a complete picture of your financial position and financial planning objectives.

 

Which other organisations may we share your data with?

We do not share your personal data except as required to implement instructions in making or maintaining any financial arrangements and in meeting regulatory obligations.  This may, for instance, require some of your personal data to be shared with an insurance company or investment platform.  In all cases, we will only share what is required for the specific purpose and only on your instruction which is likely to be in the form of a signed application form but could be in other forms.

 

On occasion we may be required to share your personal data with regulatory bodies like the Financial Conduct Authority who have a legal right to instruct us to provide such data.

 

How long do we hold your personal data for?

We will hold your personal data indefinitely.  We are required by our regulatory authority to be able to show the information on which we based our advice and upon which we determined the suitability of our advice.  There is no time limit over which we have to meet that requirement.

If you decide not to appoint us following your initial consultation, we will delete your personal information within 12 months of your decision.

 

Your legal rights

You have a number of rights over your personal data processed by us. These include your rights to request:

  • Access to your personal data. You may request a copy of the personal data that we hold about
  • Accuracy of your personal data. You may request that we correct incomplete, inaccurate or outdated personal data. We take sensible steps to make sure that personal data is accurate,               complete, and current. You can help us do this by notifying us of any changes to your personal
  • Transmission of personal data. You may request that we transfer personal data you have provided to us to you or to another person.
  • Erasure of personal data. You may request that we delete your personal data.
  • That the processing of your personal data be restricted. You may request that our use of your personal data ends, is restricted or limited.

 

The extent of these rights are limited by law and we may not act on part or all of your request(s) where the right(s) are not applicable. If we don’t act on your request we will explain our reasons for not doing so when responding to your request.

 

If you require any further information about how we handle your personal data, including details of the relevant credit reference agencies we use for confirming ID for anti-money laundering purposes or wish to make a request to exercise any of your rights under applicable Data Protection Laws, please contact our Data Protection Officer.

 

How to complain

If you’re unhappy with the outcome of any of your requests to exercise your rights, or how we handle your personal data then please let us know.

 

You are also entitled to complain to the Information Commissioner’s Office:

 

Post                                                                                                       Telephone

Write to them at:                                                                             Call them on 0303 123 1113

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Email

Send a message to Casework@ico.org.uk.