When we say, ‘Mattioli Woods Group’, ‘Mattioli Woods’, ‘the Group’ or ‘we’, this means Mattioli Woods plc and all its companies/subsidiaries within the Group who act as a data controller in respect of your personal data/information.
The Mattioli Woods Group is committed to the principles of good information management, and we intend to go beyond basic legal requirements when it comes to processing your information. This is because we recognise and value the trust you place in us to handle your information in a lawful, fair, and transparent way. We are committed to assuring you that your privacy is protected with us. This policy continues to apply even when your agreement/contract or our services to you may end. The policy should also be read alongside any agreements, service documentation or terms and conditions, that include sections relating to the use and disclosure of your information.
Who are we?
Each entity which provides a service within the Mattioli Woods Group regards itself as a “Data Controller” within current data protection legislation and regulation, and is registered accordingly. Agreements in place will stipulate which firm within the Group is controlling data. We have a team who deal with Data Protection as well as a Data Protection Officer, as specified within the EU General Data Protection Regulation (“GDPR”).
Mattioli Woods plc or via Telephone: 0116 240 8700
One New Walk Place
Leicester or via e-mail: email@example.com
This version was last updated on 16 April 2020 and historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What type of information do we process?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Types of personal data we collect
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:-
- “Identity Data”, which may comprise your first name, last name, marital status, age, date of birth, work location, job title, national insurance number, and gender.
- “Financial Data”, which may comprise your bank account and billing details. This may also include your salary information or additional information about your financial wealth management or employee benefit requirements where we are setting up Employee Benefit services for you, or for your employer on your behalf (please see below for further details).
- “Contact Data”, which may comprise your address, email address and telephone number.
- “Transaction Data”, which may comprise details about payments to and from you and other details of products and services you have purchased from us.
- “Technical Data”, which may comprise your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the device used to access our website.
- “Usage Data”, which may comprise information about how you use our website.
- “Marketing and Communications Data”, which comprises your preferences in receiving marketing from us and third parties and your communication preferences.
Special categories of personal data
We may on occasion need to collect certain sensitive information, or “Special Categories of Personal Data” (as it is termed under the GDPR) about you, and this may include details about your trade union membership or information about your health and genetic or biometric data. We will always be clear in explaining when we are asking you to give us this information, why we need this information, and the purposes for which we will use it. We will always obtain your explicit consent to use any Special Categories of Personal Data about you unless we are otherwise required or permitted to do so by law.
Anonymous or Aggregated Data
How is your personal information collected?
Dependent upon the nature of your contact with Mattioli Woods, we may process different types of information about you and collect this information in different ways. We will only process your data where it is lawful to do so and we will only collect the minimum amount of information necessary to meet the purpose for which we intend to use that information, for example in order to provide you with the services we have been engaged for.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
When you telephone us or write to us
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone and email or otherwise. Your employer may also give us your Identity, Contact and Financial Data where they are engaging our services on your behalf. For example, this includes personal data you provide when you (or, where appropriate, your employer on your behalf):
- apply for our products or services;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- submit an enquiry to us; or
- participate in our complaints handling procedures.
When you visit our website.
As you interact with our website, we may automatically collect Usage Data and Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
We use a third-party service, Google Analytics, to collect internet log information and the behaviour patterns of visitors to the website, in other words to monitor which parts of our website get visited. This information is processed in a way that does not identify you or anyone else. For further information on Google’s policies and practices, please visit www.google.com/policies/privacy/partners/.
Our website also contains a search engine that you can use to find information you require. Any use of this search engine is logged, albeit anonymously, and no user specific identifiable information is captured. Information that is captured is used to improve the search functionality and website navigation.
When you contact us via social media or e-mail
When you contact us via social media outlets you are using applications that are outside of the control of Mattioli Woods. We cannot guarantee the security of any communication made using social media and we advise that should you have any concerns that you look at the privacy policies that these applications publish.
When you contact us via e-mail, we use an industry standard tool called Transport Layer Security (TLS) to encrypt and protect e-mail traffic. If your e-mail service does not support TLS, you should be aware that any e-mails we send or receive may not be protected in transit.
We also monitor e-mails and attachments sent to us for identification of any viruses or malicious software.
Third party websites
When your employer contacts us regarding our Employee Benefits services.
As part of an exchange of information between your employer and ourselves prior to any agreement we may need to obtain some information about you, for example, age, salary information and work location, we will always request this data be anonymised.
Should your employer wish to offer an Employee Benefit scheme, they may contact Mattioli Woods to find out more about the services we can offer. As part of an exchange of information between your employer and ourselves prior to any agreement taking place, we may need to obtain some information about you, and this may include certain Identity Data and Financial Data, in order to respond to this enquiry. This may include, for example, your age, salary information and work location. However, where possible, we will always request that any information we receive about you from your employer is anonymised and will only collect the minimum amount of information about you which is necessary to respond fully to any such enquiry.
If your employer enters into a contract with Mattioli Woods to provide Employee Benefit services, we will need to collect further personal information in respect of all employees in order to fulfil the terms of that contract, however this will always be limited to the minimum amount of information we require to provide those services.
When personal data is transferred between Mattioli Woods and your employer for any reason, we follow a strict process and have procedures in place to ensure that your data is always protected and kept secure .
When you provide us with your Business Card
We encourage the exchange of business contact details as it enables yourselves and Mattioli Woods to maintain healthy business communications. When you provide us with your business card details, we will ask for express permission via email to send you future marketing emails. Only on receipt of your consent will we be able to subscribe you to our marketing database.
When you visit our premises.
Our premises may operate CCTV systems for the purpose of prevention and detection of crime and protection of assets. Recordings may be taken in the Reception areas and communal areas of our premises and will only be retained in accordance with our retention schedule. Signage will be displayed to ensure you are aware that recordings may be taking place. You can be assured that we will not record any meetings, confidential conversations, or any aspect of business dealings.
How will we ensure we process your information lawfully?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the commercial contract we are about to enter into or have entered into with you, or in order to takes steps, at your request, prior to entering into the commercial contract
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. In particular where we are taking steps to enter into or are fulfilling the terms of a contract we have with your employer in order to provide you with some kind of benefit in the course of your employment.
- Where we need to comply with a legal or regulatory obligation.
“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
We may also use and disclose your personal information for the following purposes:-
- Where we want to send you, or permit others to send you, marketing if you have given us your express opt-in consent to do so (we will make sure that you are able to make an informed decision around that consent by being open and transparent with you about the specific purposes for which we intend to use your information). You can opt-out of receiving marketing at any time by contacting us (or the relevant third party).
- In some circumstances, there may be a legal obligation placed upon us to process information and share it with third parties, for example for law enforcement purposes. Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
We will not process any of your information as part of any automated decision making, in other words should we use your information to assist us in making any decisions, for example offering you a service, we will treat you and your information with respect and dignity and not use a machine to make decisions for us.
Who may we share your information with?
Your personal information may be shared at times within the Mattioli Woods Group (which includes other Mattioli Woods Group companies and subsidiaries) and this may be for example, to provide you with the varying products and services that we offer.
Your data from time to time may also be shared amongst third parties. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We will ensure that your information is not subsequently shared further by these third parties without our agreement. We shall not share your personal data with any third parties for marketing purposes without your express consent.
We shall however, share your personal data with third parties, for the following reasons: –
- To meet any agreed contractual arrangements we have with you, or your employer on your behalf, we may share your information with other service providers that we use to perform that contractual service. Examples of service providers include hosting services, suppliers and sub-contractors. We may also need to share your personal data with third party software or IT support providers for the purpose of system administration, data security, data storage, back up, disaster recovery and IT support.
- We reserve the right to disclose or share your personal data in order to comply with any legal or regulatory requirements, enforce our terms and conditions (or any agreement we enter into with you), or to protect the rights, property, or safety of our business and other website users. We may also share your personal data with our professional advisers including lawyers, bankers, auditors and insurers based who provide consultancy, banking, legal, insurance and accounting services.
Where possible we aim to ensure that any third party with whom we share personal data is based within the United Kingdom or the European Economic Area (EEA). In some instances, as part of our agreed contractual relationship with you, or your employer on your behalf, we may undertake an international transfer of information to a third party outside of the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection that it receives in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer personal data to them if they are part of the Privacy Shield Network, which requires the provision of a level of protection acceptable to the European Commission of personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
How long will we retain your information for?
We will only retain your personal data for as long as necessary to fulfil the purposes we originally collected it for. We may also retain your personal data for the purposes of satisfying any legal, accounting, or reporting requirements.
We are committed to being transparent about the management of our information, and this includes ensuring that we do not continue to hold any information about you for longer than is necessary.
As part of our commitment towards continual improvement and ensuring your trust in us, Mattioli Woods is currently undergoing a review of retention periods of all types of information that we hold, whether that involves information that can identify someone or not. Once this review has been completed, we intend to publish our agreed and lawful retention periods on this page, so we recommend that you regularly review this page to check for any updates.
How will we protect your information?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (for example anti-virus solutions and electronic monitoring applications, policies, procedures, employee vetting and training). In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Please note that the transmission of information via the internet is not completely secure. Although we shall do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we shall use effective safeguarding procedures and security features to try to prevent any unauthorised access to your personal data.
What are your rights regarding how we process your information, and how can you exercise these rights?
At Mattioli Woods, we want to work with you to ensure that we deliver an excellent service to you, and we recognise that you should feel and remain confident that you are in control of how we always use your information .
Within the scope of the applicable legislation and regulations governing the management of your information, we embrace and fully support your legal rights, and the exercising of these rights. The following paragraphs describe those rights to you in more detail and provide you with information as to how to exercise them.
Some of these rights include a legal obligation on Mattioli Woods to respond to any request made without delay and in most cases within a calendar month. As Mattioli Woods recognises the importance the rights you have regarding your personal information, we will always aim to process and respond to any request submitted under this section as soon as possible, and in any event within one calendar month, irrespective of whether this is a legal requirement.
Your right to be informed about the information we collect and process that can identify you.
Your right of access to your information.
You have a right to access your information that you have provided us with, or any other information we hold about you. Unless we consider the request to be exceptional or excessive (and we will communicate further with you should we consider this to be the case) then this service will be free.
Your right to make changes to the information we hold.
If you believe the information that Mattioli Woods holds about you requires updating, for example you have a new contact address, or believe that any information we hold is currently inaccurate, then you have a right to have changes made to it. This right is sometimes referred to as your right to rectification.
If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.
You may be contacted by your direct contact, Consultant or Client Relationship Manager within Mattioli Woods from time to time to confirm the accuracy of records and information we hold. You will be able to respond to them directly to ensure your information is correct. You may also contact them at any stage yourself to request records are updated to reflect any changes in your circumstances.
Your right to have your information removed or deleted.
If you believe Mattioli Woods should no longer be holding information about you, or you no longer wish Mattioli Woods to process your information then you have a right to request that your information be deleted. This right is sometimes referred to as your right to erasure, or your right “to be forgotten”.
Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Your right to request that we temporarily restrict the processing of your information.
Should you wish, you have a right to request that we place a temporary halt to any processing of your information, rather than requesting that we delete your information. You may wish to exercise this right, for example, should you be involved in any dispute or legal proceedings regarding the processing of your information, or in connection with a contractual arrangement.
Your right to have us transfer your information elsewhere in a readily available format.
This right allows you to obtain and re-use your personal information for your own purposes, to move it easily from one IT environment to another in a secure manner. Alternatively, we can transmit such data directly to another organisation. This right assists you to take advantage of other applications or services that can use this information to offer you a service. This right is sometimes referred to as the right to data portability.
Your right to object to the processing of your information.
Should you no longer wish to have dealings with Mattioli Woods, for example you have been receiving marketing type communications from us, and you no longer wish to be in receipt of these then you have a right to ask that we stop doing this. If you have previously given us your consent to process your information and we have relied upon this consent to contact you, then you can withdraw this consent at any time. This right is sometimes referred to as “the right to object”.
Your right to have any automated decision made about you to be reviewed.
If you believe that Mattioli Woods have made a business decision regarding you that has been based entirely upon an automated process, for example profiling of your circumstances prior to offering of any services, then you have a right to ask for that decision to be reviewed.
Please note that we do not make any decisions without human intervention but believe that we should still be transparent and inform you of this right, even though we do not believe you will need to exercise it with us.
What can you do if you are not happy about how Mattioli Woods has responded to you in exercise of your information rights?
We would like to work with you to understand how we can provide a better service to you in the exercise of your rights, and in our processing and use of your information. We understand the importance of your privacy and want you to feel that you can entrust us with your valuable information.
Should you be dissatisfied with how we have responded to you when you have tried to exercise your information rights with us then we would ask that you initially contact us to express your dissatisfaction and ask that we conduct an internal review of how we have responded. You can contact us at:
Mattioli Woods plc or via Telephone: 0116 240 8700
One New Walk Place
Leicester or via e-mail: firstname.lastname@example.org
Right to lodge a complaint with the Information Commissioner’s Office
You also have the right to lodge a complaint directly with the independent “supervisory body” should you wish, if you are unhappy in any way with how we handle your personal data. The supervisory body can act upon your behalf and investigate to ensure that your rights have not been compromised. Within the United Kingdom, the supervisory body is the Information Commissioner’s Office (ICO), and they can be contacted directly at:
Information Commissioner’s Office or via their website: www.ico.org.uk/concerns
Water Lane or via telephone: 0303 123 1113
Annex – Processing Activities
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new client or to register you on a scheme we have set up for your employer.||(a) Identity
|(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to fulfil the terms of a contract with your employer they have entered on your behalf)
|To manage our relationship with you which will include:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to recover debts due to us/keep our records updated)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how clients use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, client relationships and experiences||(a) Technical
|Necessary for our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about services that may be of interest to you||(a) Identity
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
Last updated: 16 April 2020