As a Compliance Support Company we provide guidance and support to Regulated Businesses (you) so that you can meet your legal obligations under the Financial Conduct Authority (FCA).
Ecompli (UK) Limited is committed to protecting the privacy and confidentiality of all individuals and takes its responsibilities regarding the security of data very seriously. We abide by the rules of the General Data Protection Regulation (GDPR) upheld by the Information Commissioner Officer (ICO). This includes processing any personal data lawfully, fairly and in a transparent manner.
Ecompli (UK) Limited, Business First Business Centre, Davyfield Road, Blackburn, Lancashire, BB1 2QY is the Data Controller. However, where you supply us data to review, such as a client file or carry out due diligence on your behalf we will do so as the Data Processor.
Where you require us to review client files you must gain explicit consent from your customer to pass their data to us and explain our respective Privacy Notices to customers to ensure fair and lawful processing. As mentioned we will be data processors of the data passed to us and we will process that data in accordance with your instructions as data controller. We may only use the data outside of your instructions to comply with our legal responsibilities or upon receipt of a legally valid request from your regulator or appropriate authorities.
What information do we collect about you and why?
Where you provide your personal data on our website or contact us by email or other electronic means it will be taken as a positive action that you would like us to contact you about our services. We will only collect data that we need from you to assess whether we can assist you with your compliance needs and what support package maybe of interest to you.
If you choose to use our services we will then collect data from you, your firm and employees in order for us to fulfil our obligation to provide you with compliance support as set out in your contract with us.
When obtaining information from you we will do this by phone, email, post or face to face and will confirm the accuracy of the data collated at all times. It is important that all the data we hold on you is accurate therefore if your data changes please let us know so that we can update our records.
Generally the types of information we review, hold and process is regarding the firm, such as accounts, professional indemnity insurance, complaints history, advertisements, RMAR information, training records etc. However some of this data also includes personal data such as your name or other information that is personal to you.
The more common types of personal information we will collect from you includes: name, address, telephone number, email address, job role, bank and accountants details. We may also collect data on your employees such as their name, job role, telephone number and email address so that we can liaise with them where required to provide compliance support, training and/or send regulatory newsletters to them.
Where we assist you with an FCA Application or any other form of application to the FCA, we will collect information that is necessary for the completion of that form. This may include personal data such as date of birth, national insurance number, passport, 5 year address history, employment history, CV, references etc. In addition, we may collect sensitive data and criminal offence data where required by the FCA to complete the application on your behalf. Please note this information is set by the FCA application and may alter from time to time. Where we obtain information to assist with completing an application we will only acquire the data that the FCA requests or we believe may assist the FCA approve your application.
Where we carry out due diligence checks on behalf of the firm, we will collect data on employees, Appointed Representatives and/or Directors for the purposes of ensuring the individual is deemed fit and proper to act in the role.
We also complete file monitoring on Advisers to ensure that their files are compliant and meet the requirements of the FCA. The files consist of personal data on the Advisers customers which will only be reviewed for the purposes of compliance.
Information collected via our website
We collect web usage information when you visit our website including information such as the date, time, page viewed or searched relating to your browsing activity. Where you have provided personal data we may collect web usage information to enable us to build a demographic profile.
We may also use web usage information to create statistical data regarding the use of our website. Where statistical data is produced we may then use that data to help us assess the effectiveness of marketing campaigns, develop and deliver services and information to improve the overall effectiveness of our website. We will also use IP addresses to analyse trends, track users movements and gather broad demographic information for our own internal use.
Within our website you can interact with us, if you so wish. Where you provide your personal data on our website it will be taken as a positive action that you would like us to contact you for the purpose as set out on our website.
Cookies
When you visit our website we may store some information (commonly known as a cookie) on your computer. Cookies do not damage your computer. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them. They cannot be accessed by other servers. You do not have to accept cookies. You can decide if you want to accept cookies by changing the settings on your browser to either accept, reject or notify you when a cookie is set. All cookies used by this website are used in accordance with current UK and EU Cookie Law.
Type of Cookie Purpose
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. Like most websites, our site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us.
Linking to other websites
This website may contain links to other websites. The operators of other sites may collect information from you which will be used by them in accordance with their own Privacy Notice.
This Privacy Notice applies only to our website. We are not responsible for the privacy practices within any other websites. You should always be aware of this when you leave this website and we encourage you to read the Privacy Notice on any other website that you visit.
Contact details received from a third party
The majority of our business comes from referrals. Where a third party refers your details on to us we will ensure they have obtained your consent and confirm that you are expecting us to contact you.
Information from other sources
We may obtain information from other sources such as public records, e.g Companies House, FCA Register, Google Search, Directorship Search. This is to enable us to verify who you are or facts that you have told us are accurate.
Where we assist you with an FCA Application or any other form of application to the FCA we may obtain information from public records to support your application. Such as, acquiring information on firms that you have been a Director of over the last 10 years, obtaining accounts information/projections from your accountant. A copy of all the data we have collated for your application will be emailed to you for your records.
How will we use this information?
We will only use your data in ways that you would reasonably expect us to. Below summarises how we will use your data.
Where you make an enquiry to use our services we will only collect data that will provide us with the information for us to assess whether we can assist you with your compliance needs and suggest which compliance package may be of use to you.
Once you become a customer we will use your data for the purpose of providing you with our compliance support service and to register you as a new customer. We will keep a copy of all email communications with you. Where we need additional information from you to support an FCA Application or any other form of application to the FCA we will request this from you. Where we need it for any other reason we will notify you of this.
As part of our service we produce regular newsletters to update you on FCA Regulations or other regulations where applicable. All our newsletters include a link that you can click on to record CPD. Where you click the link we will record this on a CPD Log for you, which we will then periodically send to you by email for your records. This facility is also available to your employees. Should you wish them to receive our newsletters as a way for them to keep up to date with regulation please let us know their name and email address. If you or your employees wish to opt out of this at any point then please let us know and we will remove you from our newsletter list.
Please note our newsletters generally only contain guidance on regulations. However, where we believe that a particular service would help you achieve your compliance commitments or you have previously expressed an interest in a service, we may include content in our newsletter or contact you by email or phone.
Where we review a client file we will produce a report to highlight any areas that require attention and to then be held on the Adviser and firms records.
In addition we also produce knowledge assessments/tests that you and your employees may take to evidence and maintain competency in your roles. Where tests are taken the results will be issued to you to circulate accordingly. We will also log the results on a CPD Log for you. Again, if you or your employees wish to opt out of this at any point then please let us know and we will remove you from our test list.
If you are on one of our more larger packages, e.g. exclusive/elite, we will also keep a log of all compliance tasks that we have completed on your behalf, the firm or your employees, commonly known as our Compliance MI Action Plan. This document details each task, who the task will be completed by and when, and then when it has been completed. This document will be sent to you periodically as a reminder of the tasks completed and also to assist you evidence to the FCA what has been carried out in respect of meeting your compliance requirements.
The lawful basis on which we use this information
We will use your data to register you as a new customer or if you decide to change the service contract or take out additional services with us. We will do this under the lawful basis of a contract. Once a contract is in place we will provide you with compliance support as outlined in that contract.
The compliance support services stated above we will carry out using the lawful basis legitimate interests. We have decided upon this basis as it allows us to meet with our obligation to provide compliance support to you, the firm and your employees and is the most suitable lawful basis for processing data.
Marketing
Where we need your consent we will ask for this separately. We do not use pre-ticked boxes or make assumptions that you have given your consent. Your consent must be freely given by positively opting in or making a clear affirmative action that you are giving your consent. We will do our very best to ensure you know exactly what you are consenting to and remind you that you may withdraw your consent at anytime by contacting us by email or phone. Where consent is obtained a record of this will be made confirming what you have consented to, the time and date and how consent was obtained.
Customers: Our customers are important to us however we appreciate that on some occasions you may wish to look elsewhere. If you do, it would be nice to stay in touch and therefore will ask for your consent in order for us to do so.
Potential Customers: Where you have expressed an interest in our service but have then decided not to proceed we will ask for your consent to stay in contact with you in case you would like to use our services at a later date.
Non-Customers: We will only send you information about our services if we have obtained your consent to do so.
Who will it be shared with?
We will only share your data with firms who assist us in meeting our obligation to you to provide compliance support. On occasion we use the support of other compliance consultants, secretary type business’s or IT Support companies. Where we use such firms we will carry out due diligence on them and obtain a copy of their Privacy Notice.
We may also share your data with Mayes Accountants and Brownlows Accountants to enable them to assist with our accounts. Where required we may share your data with Forbes Solicitors, if we need them to act on our behalf for any legal matter.
We will also liaise with your Accountant where relevant to assist with your RMAR. We may also liaise with your IT / Website Support company where required and requested by you.
Where required we may forward your details onto regulatory authorities or fraud agencies where we have a legal obligation to do so to comply with our regulatory requirements or where fraud is suspected. We may do this under the lawful basis legal obligation.
What we will do to ensure the security of personal information
We will not share any of the information you provide to third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us regardless of whether the information is in electronic or physical format. We use leading technologies and security measures to safeguard your information and keep strict security standards to prevent any unauthorised access to it.
How long will we retain your data
We will only hold data for as long as is necessary. Where you have expressed an interest in our services but have not proceeded we will keep the information for one year in case you decide to proceed. Where we have provided compliance support of any kind we will retain the file for a minimum of seven years, in line with the law. Where we need to hold your file for longer than this then we will inform you of this.
Where we review a file on behalf of the firm we will keep a copy of the client record for one year in case you wish to discuss the case. The client file will then be deleted however a copy of the report we produce will be held on file for a minimum of seven years.
What are your rights?
You have the right to:
- Be informed about how we use, share and store your personal information;
- Request access to the personal data we hold on you (also known as a Subject Access Request (SAR)). Where a SAR is requested we will respond promptly and within one month from the date we receive the request;
- Request your personal data is amended if inaccurate or incomplete;
- Request your personal data is erased where there is no compelling reason for its continued processing and we don’t have a legitimate interest to retain it;
- Request that the processing of your data is restricted;
- The right to object to your personal data being processed;
- Rights in relation to automated decision making and profiling.
Where the processing of your data is based on your consent, you have the right to withdraw this consent at anytime by contacting us by phone or email. We do not use automated decision making systems.
Right to complain
We hope that the compliance support service you receive from us is to the high standard you would expect. If at any point you are unhappy with the way we have used your data then please notify: Stephen Gibson by either email, post or phone as shown below. If you remain concerned about the way we collect or use your personal data you can raise your concern with the Information Commissions Office (ICO) on 0303 123 1113. For further details you may visit the ICO website www.ico.org.uk
We will tend to disclose the complainants identity to whoever the complaint is about, however if you wish your identity to remain anonymous, we will try to respect that. We will keep your complaint on record for two years once closed.
Changes to the information
We regularly review and, where necessary update our Privacy Notice. If we plan to use personal data for a new purpose our Privacy Notice will be updated and you will be notified.
How to contact us
If you wish to contact us about the above or any other matter then please contact us at:
Stephen Gibson
Ecompli (UK) Ltd
Business First Business Centre
Davyfield Road
Blackburn
Lancashire
BB1 2QY
Tel: 01254 675674
Email: stephen.gibson@ecompli.co.uk