Data Protection - Privacy Policy

Our Commitment:

At Edgewater Associates Limited (“Edgewater”), we are aware of the trust you place in us and our responsibility to protect your privacy and keep your personal data secure in accordance with Data Protection legislation.

This privacy notice covers:

  • How and why we collect, use, protect and retain your personal information;
  • The sources of information about you;
  • The parties we may disclose it to;
  • How long we will retain your information;
  • What rights you have in respect of your personal data; and
  • How you can contact us with any further queries or concerns.  

Definitions:

Below are definitions to help you understand this privacy notice:-

‘Provider’ means any third party company we work with on your behalf that offer financial products or services such as pensions, annuities, life insurance, critical illness cover, income protection, private medical insurance and general insurance.

The Data Controller:

Edgewater Associates Limited is the Data Controller for the purposes of the Data Protection Act 2018 and in relation to all the personal data provided to us.

The legal basis for processing your data:

  • The Data Controller may process personal data when any of the following apply:
  • For the performance of contracts we enter (or may enter) into with you, or with third parties or for employment contracts;
  • For compliance with legal and regulatory obligations to which the Data Controller is subject;
  • For the performance of a task carried out in the public interests; and
  • For your and our legitimate interests. 

The following table explains our legitimate and public interests. These interests are not overridden by your interests or fundamental rights and freedoms.

Interest Explanation
Safeguarding the economic wellbeing of customers In the unlikely event we receive health data on a customer from a third party (e.g. Government agency) and consent for processing cannot be given or cannot reasonably be expected to be given by the customer; we may process this data only where it is lawful to do so in accordance with public interest conditions. For example, where it is necessary to safeguard the economic wellbeing of a vulnerable customer.
Helping to prevent and detect financial crime, fraud and money laundering In addition to our legal, regulatory and statutory obligations to report any suspicions of crime, we also have a legitimate interest and public interest in preventing financial crime, fraud and money laundering in order to protect our business and report such crimes to fraud and crime prevention agencies, law enforcement or other relevant organisations.
Share customer data with other companies within Manx Financial Group PLC group Subject to applicable data protection law we may have a legitimate interest to share your personal data with Manx Financial Group PLC group of companies and associated companies in which we have shareholdings (www.mfg.im).
For the commercial interests of the Data Controller; and promoting responsible and informed marketing for the benefit of customers

We have a legitimate interest to provide goods, products and services to generate sales revenue.

Subject to applicable data protection law, it is reasonable for us to send existing customers information about our similar goods, products and services where we believe it is in the customer’s legitimate interests to receive that information; except where a customer has already opted out of all marketing. You can change your mind on how you receive marketing messages, or you can stop receiving them at any time. To make that change please contact us at the address below.

Why do we collect personal information?

We collect your personal information for any of the following purposes:

  • It is necessary to review your financial requirements to allow us to consider whether we can offer you our services;
  • For the preparation of the entering into a customer relationship for financial advice or insurance brokering services with you;
  • It is necessary to provide existing customers with our services, to perform obligations under our Terms of Business, and to generally maintain relationships with our customers;
  • To manage any third party arrangements required by Edgewater in order to run the business and provide you with our services; 
  • To understand how our customers use our services to enable us to improve our services;
  • To help detect and prevent fraud;
  • To develop and carry out marketing activities, send marketing communications and to make sure any offers are relevant for you;
  • To consider any applications for employment or sponsorship; and
  • To comply with our legal and regulatory obligations as a regulated financial services provider. 

Your personal information is only collected and used for the purpose(s) it was provided for, and of which you were aware at the time your information was supplied to us.  We will limit the collection of your personal information to only that which is needed in order to satisfy the intended purpose.

It is ultimately your choice as to whether to provide us with your personal data, but please note that if you fail to do so, or you fail to provide us with accurate data, we may not be able to properly provide you with our services. 

What information do we collect and how do we collect it?

In order to fulfil the purposes above, we will need to collect your personal information. We collect it from you when you initially provide it to us, every time you contact us during the administration of our relationship with you, you accessing our website, and from additional sources such as background checks and/or references. Information is collected when you meet with us, complete forms, correspond with us, telephone us, or send us an email. We may also get your personal information from Providers during the management of any financial products you take out, such as for example, a pension Provider in the case of crystallisation of a pension, or an insurance company in the case of an insurance claim.      

This information can include all, or a combination of any of the items listed below depending on the nature of your relationship with us:

  • General personal details including your name, date of birth, place of birth, nationality, gender, marital status and National Insurance Number;
  • Your contact details (address, telephone numbers, e-mail);
  • Additional information about your lifestyle and/or insurance requirements, such as details of your car, your home, your other assets, your household, your health, or your travel arrangements;
  • Information about your other policies, such as claims data and history, quotes history, additional pensions held, or your payment history;
  • Pension information including pension scheme names, pension scheme numbers, fund/investment details, tax information, NI Number, salary, occupation and information on other savings and financial assets;
  • Information about your home from you and from publicly available sources, third parties and from information already held by Edgewater about your home;
  • If you’re applying for a job with us, employment details such as employment status, qualifications, employer contact details, benefits and salary information; and character references;
  • Financial details such as bank account details, savings, investments, tax information and/or reference checks you may provide to us;
  • Health data (please refer to Sensitive Information, below);
  • Publicly available information (generally obtained through internet searches) such as news articles or public register information which is obtained from background searches or reference checks;
  • Social media platforms (LinkedIn, Facebook, Twitter, etc.,); and
  • Criminal convictions or bankruptcy information for certain general insurance products such as motor insurance.

Personal information about others:

We may collect information about other members of your household or family e.g., family members who may drive your car or who may be included on a travel or health insurance policy or on whose life you take out a life insurance policy, or any named beneficiaries of a life policy.

If you give us information about another person it is your responsibility to ensure and confirm that:

  • You have told the individual who Edgewater is and how we use their personal information, as set out in this Privacy Notice; and
  • You have permission from the individual to provide that personal information (including any sensitive personal data) to us and for us to process it, as set out in this Privacy Notice.

Sensitive Information:

Certain types of personal information are classed as “sensitive” under the Data Protection legislation, or otherwise referred to as “special categories” of data. This includes information about your health, race, ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership and genetic and biometric data.

In order to offer advice or find suitable products and/or services, Edgewater needs to collect special categories of data (such as health data for health insurance advice) during the normal course of our business. We must get your separate explicit consent to process and disclose any special categories of data.

Sometimes we may indirectly come across sensitive information. In the event we are likely to (or do) come into possession of your sensitive personal data, we will contact you separately to seek your consent for its processing; unless the law allows us to do so. If we do, it will only be when it is necessary:

  • To safeguard the economic well-being of a vulnerable customer;
  • Using criminal offence data to help prevent, detect and prosecute unlawful acts and fraudulent behaviour;
  • To establish, exercise or defend legal claims; or
  • For reasons of substantial public interest.

How do we use your personal information?

We store and process the personal information that you (or third parties) have provided to us in any or all of the following ways:

  • To assess your application for a product, service or quote;
  • To request or obtain quotes for the products you are seeking;
  • Arranging a product from your chosen Provider;
  • To conduct background checks for financial products, insurance or other related services;
  • To perform our obligations under any contract, or terms of business, or employment contract you have entered into with us;
  • To supply you with the information and product(s) and/or service(s) that either you have requested from us, or wish to provide to us;
  • To manage our relationship with you;
  • To investigate complaints;
  • To reconnect with you if you move house or change employer;
  • To handle claims;
  • To consider any application for employment or sponsorship you may have submitted;
  • For general business purposes, to prepare management and accounting information necessary for the conduct of our business, including audit;
  • For the prevention and detection of crime, including AML purposes, fraud detection and debt collection;
  • For our legitimate and public interests;
    • To develop and improve products and services including market research, analysis and developing statistics;
    • To make decisions about what goods, products and services we think you may be interested in;  
    • To develop and improve how we deal with financial crime including using criminal offence data to help prevent, detect and prosecute unlawful acts and fraudulent behavior;
  • Responding to regulatory requirements;
  • Passing information to the regulator or Financial Services Ombudsman as needed to allow investigation into whether we have acted in the right way;
  • Defending legal claims; and
  • To comply with our legal, regulatory any statutory responsibilities.

Information you submit through our website may be held and processed by our Internet Service Provider, but it is only held and processed on our behalf and under our strict instruction.

Disclosure of Personal Information:

During the term of your relationship with us we may disclose your personal information to any of the following parties to allow us to properly manage our relationship with you:

  • To the Providers of your financial products to allow them to supply your chosen policies/insurance/cover;
  • To persons acting as our agents or on our behalf under a strict code of confidentiality where we outsource functions relating to our services (for example, our IT system providers, document storage and archiving companies etc.);
  • To screening companies, credit reference agencies and fraud prevention agencies to conduct background and credit checks; (for further information see below)
  • To anyone we transfer or may transfer our rights and duties under your Customer Terms of Business;
  • Back to you during the course of your relationship with us and we will be in periodic communication with you;
  • If you are a current or previous employee, to future employers who seek references about you (who will require your consent to do this);
  • To the suppliers of your products to investigate any complaints you may have;
  • To other parties legally connected with your contract;
  • To relevant Financial Services Ombudsmen;
  • To law enforcement and fraud prevention agencies; or
  • To legal, statutory or regulatory bodies (such as the Isle of Man Financial Services Authority) as required by law or regulation.

Otherwise, we will keep all of your personal information confidential unless you give us consent to transfer it to a third party.

It is not normally necessary during the usual course of business to transfer your personal data outside of the Isle of Man or the UK, however, in the event it is necessary, it will be done so in accordance with the requirements of the relevant Data Protection legislation. These requirements include the provision that the recipient of your personal data must have the same level of protections in place as you are entitled to on the Isle of Man or in the UK. We will advise you in the event that your personal data is to be transferred in this manner.

The exception to this is, if you as a customer live outside the Isle of Man, UK or the EEA and we are sending your personal information back to you, this will be necessary in order to communicate with you and for providing you with our services. Our e-mails to you are subject to encryption and any sensitive documentation will be sent via registered mail.  

Credit Reference Agencies:

In considering whether to enter into any agreement with you, we (or your Provider) may search your record and that of any joint applicant or any guarantor, using standard public searches and credit reference agencies. This may include a quotation search from a credit reference agency which will appear on your credit report and will be visible to credit providers. It will be clear that this is a quotation rather than a credit application by you.

Where you agree to pay periodically under a provider’s agreement, the status of your quotation search from the credit reference agencies may be updated to reflect your credit application and this will be visible to credit providers. Credit reference agencies may keep a record of the search. Providers may also pass to credit reference agencies information they hold about you and your payment record. The information will be used by other credit lenders for making credit decisions about you, and people with whom you are financially associated, for fraud prevention and the prevention of money laundering.

This and other information about you and those with whom you are linked financially may be used to make credit decisions about you and other members of your household.

We currently use the following 3 credit reference agencies. For further information regarding how they will process your information, please refer to the websites provided:

Fraud Prevention Agencies:

We have a legal obligation, public interest and legitimate interest to report suspected fraud to law enforcement and fraud prevention agencies, and we are not permitted to share the detail of any disclosure with you.

We may share your personal information with fraud prevention agencies if we feel fraud has been or might be committed. We will use the information to confirm identities, help prevent fraud and/or money laundering or fulfil any contracts you or your business has with us.

These agencies collect, maintain and share data on known and suspected fraudulent activity for the purposes of fraud prevention. These records may be searched and shared with other organisations by the fraud prevention agencies. This is to support their duty to prevent, detect, investigate and prosecute crime.

If fraud is detected, you could be refused certain services, finance or employment.

The fraud prevention and law enforcement agencies we may share data with are:

  • CIFAS - https://www.cifas.org.uk/fpn
  • Dun & Bradstreet - https://www.dnb.com/utility-pages/privacy-policy.html
  • Equifax - www.equifax.co.uk/crain
  • Experian - www.experian.co.uk/crain
  • TransUnion - https://www.transunion.co.uk/legal/privacy-centre
  • Law enforcement agencies
  • Regulatory bodies

Please telephone or write to us at the address stated below if you would like further details of the fraud prevention agencies.

How long do we retain your personal information?

We are permitted by law to retain your information for as long as is necessary in relation to the purposes for which the information was originally provided. This includes our legal requirement to hold information for at least six years following the termination of a customer relationship or transaction.

We will therefore hold your personal information, accounting records, customer due diligence (CDD) and transaction records for a minimum of six years following the termination of our relationship with you, except in the following circumstances:

  • Where records are required for investigation by law enforcement, where they will be retained for as long as required by the Police or any competent authority; or
  • Pension information including pension advice, pension transfers, pension opt-outs or free standing additional voluntary contributions which will be kept for a much longer period. Pensions by nature last for a lifetime or longer (in the cases of pension transfer exercises) and therefore, to enable Edgewater to respond to queries, records will be retained for lifetime of the pension plus six years.  

If you have been unsuccessful in applying for a job with us, we will retain your information for a maximum of 6 months unless you give us permission to retain it for longer.  

Once your information is no longer necessary, it shall be destroyed in accordance with Data Protection legislation. 

Your Rights:

Under Data Protection legislation you have the following rights free of charge. To exercise these rights, please contact us using any of the methods detailed below.  

1.    Access to Personal Data

Subject to exceptions detailed in Data Protection legislation, you have a right of access to all personal data we hold about you. If you wish to exercise this right, or you have any questions regarding your personal data, please write to the Data Protection Officer at the address below. We will respond within one month from receipt of a valid request, and in any event, without undue delay.

2.    Automated Decision Making:

Edgewater does not use any kind of automated decision-making technology.

3.    Rectification

You have the right to the rectification of inaccurate data, and to obtain completion of incomplete personal data. To correct or amend your personal data, please contact the Data Protection Officer at the address below with the details. We will make the required changes as soon as possible.

4.    Erasure

In certain situations, you have the right to request that your personal data is erased, however, there are limitations to this right.

Examples of grounds for exercising your right to erasure include:

  • Your Personal data is no longer necessary for the purpose of the performance of a contract between us and you;
  • Where data has been unlawfully processed by us;
  • Where data has to be erased to comply with a legal obligation;
  • Where a right to object to direct marketing or the right to object to processing has been exercised.

Examples of limitations to your right of erasure include:

  • It is still necessary for the performance of a contract between us and you;
  • Our compliance with legal obligations to retain customer records for certain periods of time (as detailed above); and
  • Our establishment, defence or exercise of legal claims.

5.    Restriction of Processing

You have the right to restrict our processing of your personal data in the following circumstances:

  • If you contest the accuracy of personal data processed by us, (we may restrict processing for a limited period to enable us to verify the accuracy and amend the data as necessary);
  • We no longer require your information for the purposes we originally obtained it;
  • We have no legitimate grounds for processing your information or your information has been processed unlawfully.

If you wish to exercise this right, please contact the Data Protection Officer at the address below with the full details.

6.    Data Portability

You have a right to receive your personal information that you have provided to us, in a structured, commonly used and machine-readable format. You also have a right to have this personal data transmitted to another data controller (i.e. another business), where technically feasible.

7.    Right to Object

You have the right to object to us processing your personal data in the following circumstances:

  • For direct marketing purposes;
  • Profiling in relation to direct marketing.

8.    Right to Lodge a Complaint

If you have a complaint regarding the way we are processing your personal data, please address it with us in the first instance in the hopes that we will be able to resolve the matter with you. However, if you do not want to address your concerns to us, or we have failed to satisfactorily respond to your complaint, you have the right to complain to the Isle of Man Information Commissioner.

The contact details are below:

To complain in person:

Isle of Man Information Commissioner

First Floor, Prospect House

Prospect Hill

Douglas

Isle of Man

IM1 1ET

To complain in writing:

Isle of Man Information Commissioner

PO Box 69

Douglas

Isle of Man

IM99 1EQ

Tel: +44(0) 1624 693260

Marketing:

We may use your personal data to make decisions about what goods, products and services we think you may be interested in. We can only use your personal information to send you marketing if we either have your consent or a Legitimate Interest. This is when we believe we have a business or commercial reason to use your personal data. In this instance, we must balance our legitimate interests with your own rights and freedoms.

If at any time you decide you do not want us to use your contact details in this way, please contact us at the contact details below.

Cookies:

Our website uses a number of cookies to store data on our visitor's computers. For further information, please refer to our Cookie Policy on our website, or by contacting us at the contact details below.

What is aggregate information?

Aggregate information is used to show us the total number of visits to our website and which parts of the site are used and the frequency of their use. Aggregate information does not identify individuals, as it does not contain any personal data. This information helps us in developing our website and improving the service we offer you.

Changes to our privacy notice:

We keep our privacy notice under regular review, and we may change it to reflect any changes in the law or our privacy practices. We will place any updates on the web page and encourage you to check it regularly. We will indicate at the top of this privacy notice when it was last updated. Where you have provided us with your email address, we may also contact you to let you know that we have updated the Notice. We may also take that opportunity to ask you if you would like to update your marketing preferences.

The Data Protection Officer and Contact Details:

If you have any questions or concerns regarding this notice or you wish to exercise your rights, please contact us, addressing your query to the Data Protection Officer using any of the following methods:

Writing:             

Edgewater Associates Limited

1st Floor, Clarendon House,

Victoria Street,

Douglas,

Isle of Man,

IM1 2LN

Telephone:    +44 (0)1624 654000

Email:             dataprotection@dgewater.co.im

 

Edgewater Associates Limited. Registered in the Isle of Man. No. 082727C. Registered Office: 1st Floor Clarendon House, Victoria Street, Douglas, Isle of Man, IM1 2LN.

Edgewater Associates Limited is licensed by the Isle of Man Financial Services Authority and is registered with the Financial Services Authority in respect of General Business.

[EAL/60/WPN/V4-Oct2021