Independent Personal Financial Management Limited (IPFM Ltd)

Independent Personal Financial Management Limited (“IPFM Ltd”) is committed to protecting your personal information.

Our Privacy Policy contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.

We may need to make changes to our Privacy Policy; so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed; we will contact, you to let you know.

Who are we?

IPFM Ltd is an independent financial planning firm directly authorised by the FCA. Our FCA number is 402334. IPFM Ltd was founded in 1987 by James Gibbon and is now owned by his daughter Charlotte Gibbon.

How to contact us

if you have any questions about our Privacy Policy or the information we collect or use about you, please contact:

Charlotte Gibbon
Millers Barn
48a Shortmead Street
SG18 0AP

Information we collect and use

Information about you that we collect, and use includes:

  • Information about who you are e.g., your name, date of birth and contact details.
  • Information connected to your product or service with us e.g., your bank account details.
  • Information about your contact with us e.g., meetings, phone calls, emails / letters
  • Information to allow you to access our online services e.g., username, email address.
  • Information classified as special category data [‘sensitive’ personal information] e.g., relating to your health.
  • Information collected during recorded calls.
  • Information you may provide us about other people e.g., joint applicants or beneficiaries for products you have with us.
  • Children are not able to buy products and services from us. However, a parent or guardian can, and a child can also be named as a beneficiary on some of our products. In these cases, we collect limited personal information to identify the child (such as their name, age, gender). Any communication about these policies will be with the policyholder.

Where we collect and use sensitive personal information, this information will only be collected and used where it is needed to provide the product or service you have requested or to comply with our legal obligations, and where we have also obtained your explicit consent to process such information.

Where we collect your information

We may collect your personal information directly from you, from a variety of sources, including:

  • An application form for a product or service
  • Phone conversations with us
  • Emails or letters you send to us.
  • Our online services such as websites, social media, and mobile device applications (‘Apps’)

Why we collect and use your information.

We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair, and lawful to do so. We will collect and use your information only if are able to satisfy one of the lawful processing conditions set out in the data protection laws.

This will be the case where:

  • You have given us your permission (consent) to use your information.
  • It is necessary to provide the product or service you have requested e.g., if you wish to invest in a pension or savings products or enter into a mortgage contract, we will require some personal information including your name, address, date of birth, bank account details.
  • It is necessary for us to meet our legal or regulatory obligations e.g., to send you Annual Statements, tell you about changes to Terms and Conditions or for the detection and prevention of fraud.
  • It is in the legitimate interests of IPFM LTD i.e.
    • To deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product or investment.
    • Where we need to process your information to better understand you and your needs so we can send you more relevant communications about the products you have with us
    • To develop our services
    • To conduct research and collate management information to improve the products and services we offer.
  • It is in the legitimate interests of a third party e.g., sharing information with your employer for the governance of a pension scheme of which you are a member.

Where the processing is in our legitimate interests or those of a third party, we will always conduct an assessment to ensure that this use of your personal information is not excessive or unnecessary or otherwise more intrusive than it needs to be.

Who may we share your information with?

We may share your information with third parties for the reasons outlined in ‘Why we collect and use your information’.

We may share your information with:

  • Credit and identity check agencies for ID verification and credit reference checks
  • Your discretionary investment manager, or employer where this is required as part of the product or service you have agreed with us.
  • Companies we have chosen to support us in the delivery of the products and services we offer to you and other customers e.g., research, consultancy, or technology companies; or companies who can help us in our contact with you, for example companies who help us validate mailing addresses.
  • Our regulators; including the Financial Conduct Authority (FCA), The Pensions Regulator (TPR) and the Information Commissioner’s Office for the UK (the ICO)
  • Law enforcement and other appointed agencies who support us (or where they request the information) in the prevention and detection of crime.
  • Reinsurers: e.g., if you purchased an annuity with us, we may have reinsured the associated risks with a specialist Reinsurer
  • HM Revenue & Customs (HMRC) for the processing of tax relief on pension payments or the prevention of tax avoidance

Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.

Where your information is processed

Most of your information is processed in the UK.

However, some of your information may be processed by us or the third parties we work with in the European Economic Area (EEA), and countries such as India.

Where your information is being processed outside of the UK, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK data privacy laws e.g., we will put in place legal agreements with our third-party suppliers and do regular checks to ensure they meet these obligations.

How we protect your information

We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded, or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.

Your information is protected by controls designed to minimise loss or damage through accident, negligence, or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake training on this.

Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity, and availability of your information.

How long we keep your information.

To provide your product and meet our legal and regulatory obligations, we keep your personal information and copies of records we create (e.g., calls with us) while you are a customer of ours.

Even when you no longer have a relationship with us, we are required to keep information for different legal and regulatory reasons. The length of time will vary, and we regularly review our retention periods to make sure they comply with all laws and regulations.

Your rights

You have a number of rights under Data protection laws which may be exercised in certain circumstances.
These are:

Right to be informed about how and why we are processing your personal information.

You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with – we do this in our Privacy Policy and privacy notices.

Right of access to personal information relating to you.

You have the right of access to your personal information. If you wish to receive a copy of the personal information, we hold on you, you may make a data subject access request (DSAR).

Right to request rectification of inaccurate or incomplete personal information

If your personal information is inaccurate or incomplete, you can request that it is corrected.

Right to request erasure of your personal information

You can ask for your information to be deleted or removed if there is not a compelling reason for IPFM LTD to continue to have it.

Right to restrict processing of your personal information

You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we do not use it in the future for those reasons you have restricted.

Right to data portability

You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy, or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.

Right to object to processing of your personal information.

You can object to IPFM LTD processing your personal information where: it is based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for research and statistics.

More information can be found on your rights here

If you want to talk to us about any of the individual rights, please contact us at the Data Protection Officer’s address.

How to make a complaint

We will always strive to collect, use, and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in our Privacy Policy, please let us know immediately and we will do our utmost to make things right by contacting our Data Protection Officer at the address previously provided in the How to Contact Us section.

While we hope that we can resolve any complaints for you, you do have the option complain to the ICO (whether or not you have exhausted our complaints procedure). Their contact details are as follows:

Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number