Privacy Notice

The purpose of this Privacy Notice

When we provide our Services to you, we will collect information about you and we want to be open and transparent with you as to the types of information we collect about you, why we collect it, how we use it and who we may share it with.

The data controller of your personal data is Cambridge Investments Limited which provides you with a Discretionary Management Model Portfolio Service. Cambridge Investments Limited is registered at Lancaster House, Ackhurst Business Park, Foxhole Road, Chorley, Lancashire PR7 1NY with company number 1370458 (“we”, or “us”, or “our”).

We work closely with our affiliates Perspective Financial Management Group and the Perspective Offices. Our close relationship often includes sharing personal data for shared back-office services, compliance operations and servicing out joint clients. For the purposes of these types of processing, we are joint data controllers. The Perspective privacy notice can be viewed on their website – www.pfgl.co.uk/privacy-notice/

If you have any questions or concerns about the use of your personal data, then please contact us using the contact details provided in the ‘How to contact us’ section at the bottom of this Privacy Notice.

What type of personal data will be collected, processed and why?

The personal data we collect from you, either directly or indirectly, will depend on how you interact with us. The types of information will depend on the services being provided and may sometimes mean we need to collect sensitive personal information (known as ‘Special Category Data’).

We may receive personal data from you directly via our website, by filling in hard copy forms and documents or by corresponding with us by phone, e-mail, letter or otherwise or during the course of meetings which you attend with one of our advisers.

We may collect your personal data indirectly, including through automated means from your device when you use our websites. Some of the information we collect indirectly is captured using cookies and other tracking technologies, as explained further in the Cookies Policy – Cookie Policy – Cambridge Investments

We also collect your personal data from third party sources. For example:

from our service providers that provide anti-money laundering services, tracing services, operational assistance, lead generation, email, marketing and analytics services, and financial and credit related services (including from providers of investment we select)

under introducer and referral arrangements, for example where your professional advisers (which may include accountants, solicitors, estate agents, will writers, ex-vendors etc.) introduce you to us. Sometimes our existing clients also make referrals to us

Information received from third parties will be checked to ensure that the third party either has your consent or are otherwise legally permitted or required to disclose your personal data to us.

We may also receive information as part of exploratory and successful mergers and acquisitions process. For example:

from potential targets for mergers and acquisitions to carry out due diligence checks. Information in these instances is processed in a secure and separate data repository. The processing is to investigate and verify information about the target company, assets, client portfolio and to assess the regulatory risk. The information relating to mergers and acquisition targets that are not progressed is only retained for the duration of the assessment period. from successful mergers and acquisitions where the information is amalgamated into our client systems.

How we use your personal information (our purposes) and our legal basis for processing

We use the personal data that we collect from and about you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your information. Depending on our purpose for collecting your information, we rely on one of the following legal bases:

Contract – we require certain personal data in order to provide the services you request from us;

Consent – in certain circumstances, we may ask for your consent (separately from any contract between us) before we collect, use, or disclose your personal data, in which case you can voluntarily choose to give or deny your consent without any negative consequences to you;

Legitimate interests – we will use or disclose your personal data for our legitimate interests or those of a third party, but only when we are confident that your privacy rights will remain appropriately protected. If we rely on our (or a third party’s) legitimate interests, these interests will normally be to: operate, provide and improve our business and services, including our Websites; to communicate with you and respond to your questions; to improve our Websites or use insights to improve or develop marketing activities and promote our services; detect or prevent illegal activities (for example, fraud); to manage the security of our IT infrastructure, and the safety and security of our employees, clients, vendors and visitors. Where we require your data to pursue our legitimate interests or the legitimate interests of a third party, it will be in a way which is reasonable for you to expect as part of the running of our business and which does not materially affect your rights and freedoms. We have identified below what our legitimate interests are; or

Legal obligation – there will be instances where we must process and retain your personal data to comply with laws or to fulfil certain legal obligations.

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you or with your explicit consent, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).

The tables below in Annex A provide more details on our purposes for processing your personal data and the related legal bases. The legal basis under which your personal data is processed will depend on the data concerned and the specific context in which we use it.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How to contact us” heading below.

When we record communications

We, and persons acting on our behalf, may record and/or monitor communications (including telephone conversations over landlines and mobile phones, emails, instant messaging, chat rooms, fax and other electronic communications) between our staff and you. We only record communications between us in order to comply with our legal and regulatory requirements – as a discretionary portfolio manager, the law requires us to record these communications.

Who might my personal data be shared with?

We may disclose your personal data to the following categories of recipients:

to your Perspective Financial Adviser where they are better-placed to provide you with the required service (for example where you require advice or where that other entity specialises in an area in which you are interested).

our affiliates Perspective Financial Management Group and the Perspective Offices, which provides local offices with support (including accountancy and compliance support), and shared back-office services;

to providers of services in respect of whom you request us to submit applications on your behalf and to receive updates from such providers in order for us to provide our services to you throughout the lifetime of our relationship with you;

to our suppliers and partners in order for them to help us provide our services to you for example providers of:

Compliance services including ID verification services, business quality checking software, regulatory compliance support, legal support, and audit services.

Our IT service providers, and their sub-contractors, who act only on our instructions. The IT services provide back-office systems and paperless office systems to assist us with delivering you with an efficient, modern and professional service.

Using providers that implement artificial intelligence (AI) to facilitate data processing, records management, and to convert information we receive or record from you to update your file, produce reports, annual reviews and other reasonable tasks that aid our client delivery service.

Client portal, investment Platform partner, and other related client facing applications that enhance the delivery of our services to clients.

and with other suppliers and partners who otherwise process personal data for the purposes described in this Privacy Notice.

to a prospective buyer (and its agents and advisers) in the event that our parent company intends to sell any part of its business or its assets or if substantially all of its assets are acquired by a third party, in which case your personal data could form part of one of the assets sold, provided that the buyer is informed that it must use your personal data only for the purposes described in this Privacy Notice – neither we nor our Parent Company will ever rent or sell your personal data other than as part of a business sale;

to any national and/or international regulatory, enforcement body, government agency or court where we believe disclosure is necessary (i) as a matter of applicable law or regulation (including where we are required by law to provide information to organisations such as HMRC), (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests of those of any other person; and

to any other person with your consent to the disclosure or where the law requires or permits us to do so.

International Data Transfers

We process personal data inside the UK, and do not ordinarily transfer your personal data internationally.

To the extent we decide to transfer your personal data outside the UK in the future, for example to suppliers, partners, future group entities, providers of services, we will ensure these transfers are made in compliance with applicable data protection laws. In that scenario we would rely on available UK GDPR adequacy decisions (data bridges) or entry into standard contractual clauses to protect the data transferred.

Your data protection rights

You have the following data protection rights:

If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.

In addition, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.

You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.

Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent. For specific information about our processing of your sensitive category personal data with your explicit consent, please see the Annex B below.

You have the right to make a complaint to the data controller if you feel there is an infringement of UK GDPR, DPA 2018, or other relevant legislation. We will acknowledge receipt of your complaint within 30 days and respond without undue delay.

If following our response to your complaint relating to UK GDPR you remain dissatisfied, then you have the right to contact the Information Commissioner’s Office (ICO). For more information, see the ICO’s website https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Data Retention

We retain personal data we collect from you where we have an ongoing legitimate need to do so, for example:

to provide you with a Service you have requested us to provide,

to perform our contractual obligations to you;

to comply with applicable legal, tax or accounting requirements;

to defend or manage any claims or complaints between us, you and any relevant third party including taking legal advice in respect of such claims in order to establish, exercise or defend our legal rights or such claims.  This would include complaints and claims which you may bring against us or which are submitted to a court, regulatory authority or ombudsman.

When we have no ongoing legitimate need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

Updates to this Privacy Notice

We may change or update this Privacy Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. When we update our privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

How to contact us

If you would like to contact us in relation to this Privacy Notice or if you have any other questions in respect of our processing of your personal data, please contact The Data Protection Officer by telephone on 01223 365656 by email at enquiries@cambridgeinvestments.co.uk or by post at Cambridge Investments Limited, Nine Hills Road, Cambridge, CB2 1GE.

Annex A

Types of personal data	Why we collect it
Identity details including your name and date of birth. We may ask for copies of identity documents in which case we may collect details including your place of birth and residential address.	To carry out money laundering and financial checks and for fraud and crime prevention and detection purposes. We will only ever use external anti-money laundering tools or copies of identity documents for this purpose. We collect and process this personal data in order to comply with our legal and regulatory requirements.
Your contact details including your name, postal and email address.	To contact you in order for us to manage, administer and provide our Services to you. To respond to any correspondence and service-related enquiries you send to us in respect of our Services. To discuss Services for which you apply or may be interested in applying for. To manage any applications you make for products or services. To communicate any updates to you including any changes to our Services, the terms and conditions of any Services which we have provided to you, any changes to this Privacy Notice and to our websites. To contact you in order to receive your feedback on our services and to participate in related surveys.
Financial information relating to you, including pension contributions and current value, and details of investments.	To evaluate your eligibility for products. We collect and process this personal data in order to provide the Services to you that you have requested and for our legitimate business interests.
Details of contact that we have had with you such as referrals and queries.	To allow us to provide a professional service to you and to contact you with information about other Services of ours that we think you may be interested in. We collect and process this personal data for our legitimate business interests.
Details of services you have received.
Customer experience and other feedback and information you provide to us.	To review your feedback and experience with us so that we can improve our Services for you and for our other customers. · We collect and process this personal data for our legitimate business interests (and we record calls both for quality and training purposes and to comply with our legal and regulatory obligations). Please see section entitled “When we record communications” for more information.
Information about complaints and incidents.
Recordings of calls we receive or make.
All of the personal data described above.	We may disclose your personal data to carefully selected third party firms that we enter into a contract with to assist us in delivering our service to you. We may disclose your personal data to third parties where we are required to do so to comply with applicable laws and regulatory requirements including in circumstances where we are required to do so by a Court Order, regulatory authority or any other third party with the lawful right to request and receive the personal data we hold about you (including law enforcement agencies and tax authorities). We may also use your personal data where it is necessary for us to take legal advice in order to establish our legal rights, to bring a claim against you or any related parties or to defend a claim from you or any related parties. We collect and process this personal data for our legitimate business interests.

Annex B

Types of special category personal information (“Special Category Data “)	Why we collect it
Health Information relating to your physical or mental health.	We will usually collect this information in the course of meetings with you or your financial planner, on specific questionnaires or in the process of completing an application form for such products and Services. This information will be used solely to support clients in vulnerable circumstances and to ensure that clients are receiving the appropriate level of support.
Dependants’ Health Information relating to your dependants’ physical or mental health.	Where you are responsible for a dependant’s care, using any information that is shared within us to support the delivery of a service that is designed to meet the needs of that individual.
Other Special Category Data which you ask that we take into account (e.g. ethical, or religious considerations)	To tailor our Services recommended by your Financial Planner in line with particular social, ethical, environmental and/or religious considerations you have asked we take into account. Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership constitutes special category data and is afforded special protection under data protection law.