We’re here to get your retirement back on track.

PRIVACY POLICY

1. It is recommended that the firm revises “We are regulated by the Ministry of Justice CRM number 33416 registered in England under Company Number 08632359” to “We are authorised and regulated by the Financial Conduct Authority FRN 833645 registered in England under Company Number 08632359.”

2. The privacy policy sets out “You will be required to read and accept this Privacy Policy when signing up for an Account.” It is recommended that a notice be set out above the “send your enquiry” button on the contact form setting out “By submitting your enquiry you agree to your personal data to be processed in accordance to our privacy policy.”

3. The privacy policy sets out various purposes that personal data is processed to achieve however does not set out the lawful basis being relied upon for each processing purpose. It is recommended that the firm sets out in its privacy policy the lawful basis under the GDPR that each purpose relies upon. For example, “Providing and managing your access to the site based on the legitimate interest lawful basis”.

4. It is recommended that the firm revises “We will also monitor, record, store and use any telephone call, email or other electronic communications with you for training purposes so that we can check any instructions given to us and to improve the quality of our customer service” to “We will also monitor, record, store and use any telephone call, email or other electronic communications with you for training and regulatory purposes so that we can check any instructions given to us and to improve the quality of our customer service and to fulfil our regulatory obligations.” It is recommended that the firm sets out the lawful basis that the aforementioned processing activity relies upon. For example, this processing activity can rely on legitimate interest. The legitimate interest being the fulfilment of training and regulatory obligations.

5. The section titled “How long will the Data be stored for?” is duplicated on the privacy policy. It is recommended that this be deleted.

6. The privacy policy sets out “United Claims Management Ltd currently does not share your Personal Data with any Third parties and Third Countries. If this does change we will notify you prior to that processing and advice the categories of recipients who we will send your information to. We will also advise what safeguards exist (i.e. the existence of an Adequacy agreement in place with the Commission).” This is incorrect as the firm shares personal data with third parties in the course of presenting claims on behalf of its clients. It is recommended that the aforementioned be revised to “United Claims Management Ltd shares your personal data with relevant third parties in the course of pursuing your claim. These third parties include financial advisers, pension providers, the Financial Ombudsman Service and the Financial Services Compensation Scheme. From time to time, United Claims Management Ltd may engage professional services from third parties such as solicitors, accountants and compliance consultants who may require access to your personal data to provide their professional services.”

7. The privacy policy sets out the sub-heading “Subject access requests” however sets out the right to restrict processing and the right to erasure under that sub-heading. It is recommended that the “Subject access request” sub-heading be replaced with “Your rights in relation to your personal data” or wording to that effect.

8. The privacy policy sets out that the right to erasure applies “Where you withdraw Consent”. It is recommended that this be revised to “Where you withdraw Consent in circumstances where consent or explicit consent was the lawful basis upon which your personal data was being processed.”

9. It is recommended that the firm revises “When you object to the processing and there is no overriding Legitimate Interest for continuing the processing, as well as the right to data portability” to “When you object to the processing and there is no overriding Legitimate Interest for continuing the processing.”

10. It is recommended that the firm revises “In case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be blocked instead of deleted” to “In case a deletion is not possible due continued processing being necessary to defend legal claims that can arise during the six-year limitation period, the data will be blocked instead of deleted.”