rplan

Privacy Notice

rplan Limited is committed to protecting and respecting your privacy. Any reference to "we", "us", "our" or "rplan" in this privacy notice means rplan Limited, which is a private limited company registered with company number 07115485 or, where applicable, our holding company rplan Holdings Limited, company registration number 09215702). Our registered office address is 3rd floor, 1 Ashley Road, Altrincham, Cheshire WA14 2DT.

This privacy notice (together with our cookie policy and any other documents referred to in them) explains what personal data (information) we collect and hold about you, how we collect it, and how we use and may share information about you.

Please ensure that you read this privacy notice and any other similar notice we may provide to you from time to time when we collect or process personal information about you.

This privacy notice is regularly reviewed to ensure that we continue to respect your privacy in accordance with legal requirements. We reserve the right to update this privacy notice from time to time by publishing the updated version on our website and (for the benefit of our employees), our intranet. We therefore encourage you to review our privacy notice periodically for the most up to date information.

WHO COLLECTS THE INFORMATION

rplan Limited, which is a private limited company registered with company number 07115485 is a 'data controller' and gathers and uses certain information about you, as set out below.

We also act as a data processor on behalf of our corporate customers where they are the data controller. In this context, we may process data provided to us by our corporate customer or by you directly in the course of using the services we provide.

DATA PROTECTION PRINCIPLES

We will comply with the data protection principles set out in the relevant legislation when gathering and using personal information, as set out in this notice and the additional policies referred to below.

ABOUT THE INFORMATION WE COLLECT AND HOLD

The table set out in the Schedule summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared. Please note that we may process your information for more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact our Data Manager privacy@rplan.co.uk if more than one ground has been set out in the table below and you require details about the specific legal ground we are relying on to process your information.

We may also need to share some of the categories of personal information set out in the Schedule with other parties e.g. (in relation to our employees) sharing financial information with our payroll services provider.

Where possible (given the purpose of the personal information), information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We may also be required to share some personal information with our regulators or as required to comply with the law.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

WHERE INFORMATION MAY BE HELD

Information may be held at our offices and those of our third party service providers, representatives, agents and regulators as described above. Information may be transferred internationally where this is necessary for us to provide services to our corporate customers and/or their clients. We have security measures in place to seek to ensure that there is appropriate security for information we hold.

HOW LONG WE KEEP YOUR INFORMATION

We keep your information for no longer than is necessary for the purposes for which the personal information is processed and in accordance with our retention policy or the retention policy of our corporate customer, as applicable. Please contact our Data Manager privacy@rplan.co.uk if you require more information.

MANAGING YOUR INFORMATION

You can contact our Data Manager privacy@rplan.co.uk to discuss your information at any time.

It is very important to us that all the information we hold about you remains accurate and up to date to reduce the risk of a misunderstanding.

We need your help in doing so. If you have an online account with us, please ensure that the information (for example, contact information) you provide to us through that account remains accurate and up to date. Please review and update it regularly.

You have a number of rights which we respect and aim to uphold in everything we do. These rights are set out below.

We reserve the right not to comply with any requests to exercise these rights where we may lawfully do so, for example if we reasonably believe a request to be malicious, technically very onerous, to involve disproportionate effort or harmful to the rights of others.

We try to respond to all legitimate requests within one month of receiving them. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

If you wish to exercise one of these rights, we may need to ask you for specific information to confirm your identity. This is a security measure to ensure that your personal information is not disclosed to any person who does not have the right to receive it. We may also contact you to ask for more information about your request to speed up our response. If you are representing another individual and requesting their personal data, we may also require evidence that you are authorised to act on their behalf.

This is a list of your rights:

Asking us about your information You have the right to ask us whether we hold information about you and, if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a subject access request. If you would like to make a subject access request, please do so in writing to privacy@rplan.co.uk.

In the case of information which you have provided to us and which we process based on your consent or in accordance with a contract which we have with you and (in either case) where the processing is carried out by automated means, you may also have the right to receive that information in a commonly used format (e.g. pdf) and/or for us to transfer that data to another data controller. This right is commonly known as the right to data portability.

You do not have to pay a fee to ask us about your information. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Correcting inaccurate information If you have reason to believe any of the information we collect on you may be inaccurate or incomplete, and you cannot correct such inaccuracy or omission yourself (or, if you are a client of one of our customers, via our customer), please contact us.

Erasing information You may have the right to require us to erase your information without undue delay if one of the following applies:

a) the information is no longer necessary for the purposes for which we collected it;

b) we need your consent to use the information and you withdraw your consent;

c) you object to us using your information: for the purposes of fraud prevention and there are no overriding legitimate grounds for the processing;

d) you unsubscribe from our marketing communications;

e) we have used your information unlawfully; or

f) the information must be erased for compliance with a legal obligation to which we are subject.

However, if it is necessary to use your information to comply with a legal obligation or to establish, exercise or defend a legal claim then your right will not apply.

Stopping our marketing We provide the means for you to stop all marketing email and text (SMS or MMS) communications you receive from us - please see the "unsubscribe" link we include in each email. You can also contact us at any time using the details above and let us know what you would like us to change.

Restricting processing You have the right to require us to restrict our use of your information where one of the following applies:

a) you contest the accuracy of the information that we hold about you, while we verify its accuracy;

b) we have used your information unlawfully, but you request us to restrict its use instead of erasing it;

c) we no long need the information for the purpose for which we collected it, but you need it to deal with a legal claim; or

d) you have objected to us using your information, while we verify whether our legitimate grounds override your right to object.

Withdrawing consent Where we are relying on your consent to process your data, you can withdraw this consent at any time by notifying us. This may include unsubscribing from our marketing emails or you can contact our Data Manager privacy@rplan.co.uk.

KEEPING YOUR PERSONAL INFORMATION SECURE

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach in accordance with the applicable law.

HOW TO COMPLAIN

If you have any questions or complaints about our use of your information, please contact our Data Manager on 020 3670 4130 or privacy@rplan.co.uk. We hope that our Data Manager can resolve any query or concern you raise about our use of your information and we encourage you to raise any issues with them in the first instance but you can also contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

The Schedule

About the information we collect and hold

The information we collect

How we collect the information

Why we collect the information, how we use it and how we may share it

JOB APPLICANTS

1.

Your name, contact details (i.e. address, home and mobile phone numbers, email address)

From you or from a third party recruitment agent

To comply with our legal obligations

Legitimate interests: to assess your suitability for a particular role, to contact you in the future in relation to similar roles, and to comply with legal, regulatory and corporate governance obligations and good employment practice

Consent: where we have your consent to do so, if your application is unsuccessful, we will retain your details so that we can contact you about similar roles in the future

Information shared with: relevant managers and HR personnel and shared with referees

2.

Details of your application, including the application itself and details of your qualifications

From you or from a third party recruitment agent

From a training body

To comply with our legal obligations

Legitimate interests: to assess your suitability for a particular role and to comply with legal, regulatory and corporate governance obligations and good employment practice

Consent: where we have your consent to do so, if your application is unsuccessful, we will retain your details so that we can contact you about similar roles in the future

Information shared with relevant managers and HR personnel, and with referees and third party training bodies to verify information

3.

Details of your current salary and benefits

From you or from a third party recruitment agent

Legitimate interests: to assess your suitability for a particular role and to comply with legal, regulatory and corporate governance obligations and good employment practice

Consent: where we have your consent to do so, if your application is unsuccessful, we will retain your details so that we can contact you about similar roles in the future

Information shared with relevant managers and HR personnel and third party recruitment agents and with referees for the purposes of verification

4.

Details in references about you that we receive from others*

From you or your referees

To enter into/perform the employment contract

Where relevant, to comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

Consent: where we have your consent to do so, if your application is unsuccessful, we will retain your details so that we can contact you about similar roles in the future

Information shared with relevant managers and HR personnel

EMPLOYEES

5.

Your name, contact details (i.e. address, home and mobile phone numbers, email address) and emergency contacts (i.e. name, relationship and home and mobile phone numbers) *

From you

To enter into/perform the employment contract

Legitimate interest: to maintain employment records and good employment practice

6.

Details of salary and benefits, bank/building society, National Insurance and tax information, your age *

From you

To perform the employment contract including payment of salary and benefits

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice Information shared with our payroll administrators and with HM Revenue & Customs (HMRC)

7.

Details of your spouse/partner and any dependants *

From you

To perform the employment contract including employment-related benefits, e.g. private medical insurance, life assurance and pension (as detailed in the employee handbook)

Information shared with our payroll administrators, benefit providers and with HM Revenue & Customs (HMRC)

8.

Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information *

From you and, where necessary, the Home Office

To enter into/perform the employment contract

To comply with our legal obligations, including carrying out right to work checks

Legitimate interest: to maintain employment records

Information may be shared with the Home Office

9.

A copy of your driving licence (where this is relevant to your role/benefits) *

From you

To perform the employment contract

To comply with our legal obligations/comply with the terms of our insurance policy e.g. ensuring that you have a clean driving licence

Information may be shared with our insurers and other third parties (e.g. third party insurers or the police) in the event of an incident.

10.

Details of your pension arrangements, and all information included in these and necessary to implement and administer them*

From you, from our pension administrators (where necessary) from your own pension fund administrators

To perform the employment contract including employment-related benefits

To comply with our legal obligations including to administer your pension benefits AND/OR To comply with our auto-enrolment pension obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

Information shared with our pension administrators and with HMRC

11.

Information in your sickness and absence records (including sensitive personal information regarding your physical and/or mental health) *

From you, from your doctors, from medical and occupational health professionals we engage and from our insurance benefit

To perform the employment contract including employment-related benefits

To comply with our legal obligations, including to you as your employer

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to maintain employment records, to administer sick pay entitlement, to follow our policies and to facilitate employment-related health and sickness benefits and to ensure safe working practices

Information shared with your doctors, with medical and occupational health professionals we engage and with our insurance benefit administrators

For further information, see ** below

12.

Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs*

From you

To comply with our legal obligations and for reasons of substantial public interest (equality of opportunity or treatment) including to comply with our equal opportunities monitoring obligations and to follow our policies

For further information, see ** below

13.

Criminal records information, including the results of Disclosure and Barring Service (DBS) checks*

From you and the DBS

To perform the employment contract

To comply with our legal obligations and our contractual obligations to our customers (legitimate interests)

For reasons of substantial public interest (preventing or detecting unlawful acts, suspicion of terrorist financing or money laundering in the regulated sector and protecting the public against dishonesty)

Information shared with DBS and other regulatory authorities as required and (where applicable) our customers

For further information, see ** below

14.

Information on grievances raised by or involving you

From you, from other employees and from consultants we may engage in relation to the grievance procedure

To perform the employment contract

To comply with our legal obligations

Legitimate interests: to maintain employment records, to follow our policies and to deal with grievance matters and to comply with legal, regulatory and corporate governance obligations and good employment practice

Information shared with relevant managers, HR personnel and with consultants we may engage

15.

Information on conduct issues involving you

From you, from other employees and from consultants we may engage in relation to the conduct procedure

To comply with our legal obligations

Legitimate interests: to maintain employment records, including staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

Information shared with relevant managers, HR personnel and with consultants we may engage

16.

Details of your appraisals and performance reviews

From you, from other employees and from consultants we may engage in relation to the appraisal/performance review process

To comply with our legal obligations

Legitimate interests: to maintain employment records, including staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

Information shared with relevant managers, HR personnel and with consultants we may engage

17.

Details of your performance management/improvement plans (if any)

From you, from other employees and from consultants we may engage in relation to the performance review process

To comply with our legal obligations

Legitimate interests: to maintain employment records, including staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

Information shared with relevant managers, HR personnel and with consultants we may engage

18.

Details of your time and attendance records

From you and from our overtime records

To perform the employment contract

Legitimate interest: for payroll and staff administration and assessments, to follow our policies and to monitor staff performance and attendance to monitor and manage staff access to our systems and facilities and to record staff absences

Information shared with relevant managers, HR personnel and with consultants we may engage and with our payroll administrators

19.

Information in applications you make for other positions within our organisation

From you

To enter into/perform the employment contract

To comply with our legal obligations

Legitimate interests: to process the application, to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

Information shared with relevant managers, HR personnel and with consultants we may engage

20.

Information about your use of our IT, communication and other systems

Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, remote access systems, email and instant messaging systems, intranet and Internet facilities, telephones, call monitoring, voicemail, mobile phone records

To comply with our legal obligations, including in relation to the use of in-vehicle CCTV

Legitimate interests:

to monitor and manage staff access to our systems and facilities

to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage

to ensure our business policies, such as those concerning security and internet use, are adhered to

for operational reasons, such as maintaining employment records, recording transactions, training and quality control

to ensure that commercially sensitive information is kept confidential

to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with

for security vetting and investigating complaints and allegations of criminal offences

for statistical analysis

to prevent unauthorised access and modifications to our systems

as part of investigations by regulatory bodies, or in connection with legal proceedings or requests

Information shared with relevant managers, HR personnel and with consultants we may engage

For further information, see *** below

21.

Details of your use of business-related social media, such as LinkedIn

From relevant websites and applications

Legitimate interests:

to monitor and manage staff access to our systems and facilities

to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage

to ensure our business policies, such as those concerning security and internet use, are adhered to

for operational reasons, such as maintaining employment records, recording transactions, training and quality control

to ensure that commercially sensitive information is kept confidential

to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with

for security vetting and investigating complaints and allegations of criminal offences

as part of investigations by regulatory bodies, or in connection with legal proceedings or requests

Information shared with relevant managers, HR personnel and with consultants we may engage

For further information, see *** below]

22.

Your use of public social media (only in very limited circumstances, to check specific risks for specific functions within our organisation; you will be notified separately if this is to occur)

From relevant websites and applications

Legitimate interests:

to monitor and manage staff access to our systems and facilities

to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage

to ensure our business policies, such as those concerning security and internet use, are adhered to

for operational reasons, such as maintaining employment records, recording transactions, training and quality control

to ensure that commercially sensitive information is kept confidential

to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with

for security vetting and investigating complaints and allegations of criminal offences

as part of investigations by regulatory bodies, or in connection with legal proceedings or requests

Information shared with relevant managers, HR personnel and with consultants we may

For further information, see *** below]

23.

Details in references about you that we receive from/give to others*

From your personnel record and from our other employees

To perform the employment contract

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

You are required (by law or under the terms of your contract of employment, or in order to enter into your contract of employment) to provide the categories of information marked * above to us to enable us to verify your right to work and suitability for the position, to pay you, to provide you with your contractual benefits, such as holidays, pension and sick pay and to administer statutory payments such as statutory sick pay (SSP). If you do not provide this information, we may not be able to employ you, to make these payments or provide these benefits.

** Further details on how we handle sensitive personal information and information relating to criminal convictions and offences are set out in our employee handbook and associated policies, available on the intranet or by contacting HR or the Data Manager.

*** Further information on the monitoring we undertake in the workplace and how we do this is available in our employee handbook and associated policies, available on the intranet or by contacting HR or the Data Manager.

Third party service providers

Details of our current third party benefit providers, including links to their privacy notices, and recruitment agencies, together with any other third parties service providers are set out in the employee handbook.

MARKETING CONTACTS

24.

Your contact details

From the information you provide to us or we obtain in the course of our dealings with you

To provide you with information about our services that may be of interest to you

Consent: in accordance with your preferences (as updated from time to time)

Legitimate interests: direct marketing and promotion of our business

CLIENT DATA

25.

Your personal details, (including name, age/date of birth, gender, marital status, citizenship, customer unique identifier, national insurance number), financial information (including bank account details, details of investments and financial holdings etc) and contact details (including name, address details, email and telephone number(s)

From the information you or our customer provide to us in the course of using our services

To provide you with investment management services/provide services to our customer in accordance with our contractual obligations and to comply with regulatory obligations e.g. in relation to anti-money laundering regulations

Legitimate interest: in accordance with our contractual obligations to our customers and in fulfilment of their contractual obligations to you

Information shared with our relevant customers and, where required, the regulatory authorities