As a data controller, Vincent Burch Ltd (“VBL”, “we”, “us”, “our”) comply with all applicable data protection and privacy legislation in force from time to time in the UK including the UK General Data Protection Regulation and EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and the Data Protection Act 2018 (“DPA18”). This Privacy Notice details how we process your personal data.
Under the GDPR we are required to notify the Information Commissioner’s Office (“ICO”) about our use of personal data. Vincent Burch Ltd, Norfolk Tower, 48-52 Surrey Street, Norwich, NR1 3PA and you can view current data notification on the ICO website.
We place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing personal data. Vincent Burch Ltd is committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.
We collect personal data about a range of people including:
If you have applied to work with us, please refer to our job applicant privacy notice.
We process personal information to act as an intermediary for financial transactions; typically to advise and apply for property finance such as mortgages or similar for clients. The same applies to advising and arranging insurance policies. Although we capture your consent for this purpose, we rely on performance of the contract as our lawful basis for processing.
To understand how any personal information other than that provided to us through this website is processed you will need to refer to any personal communications you receive from us, check any privacy documents provided when entering into a contract with us or contact us to ask about your personal circumstances.
We also maintain our own company accounts and records and retain employee or contractor information for the purpose of personnel management.
When you contact us, we ask for some personal information. You are under no obligation to provide this information to us. Providing that information, enables us to give you the right information or services that you ask for or notify you of further information required to facilitate that service.
If we would like to use your information for any other purpose than those stated above, we will contact you.
As a minimum, we will hold your name and phone number for the purposes specified above. If you do not become a client of ours, your information will be erased in line with our retention policy.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with our office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. We cannot take responsibility for ensuring the safe passage of emails sent to us.
We would like to receive your views on the service provided and any improvements you think are necessary. We use Trustpilot as a data processor to collect feedback from our customers on our behalf and to support our marketing activities. If this is something you agree to help us with, we will share your name and email address with Trustpilot in order to generate a review invite and confirm you are a verified customer.
As a regulated firm we are required to retain and provide information to the FCA regularly or in particular circumstances. Most of the information is provided to us under the Financial Services and Markets Act 2000. Some of this information may be personal data about our employees/advisers or their clients.
We will only use your personal data when the law allows. Most commonly, we will use your personal information for the following purposes and on the following lawful bases:
|Purpose||Lawful Basis for Processing|
|Carrying out due diligence on our clients and performing risk assessments. This includes carrying out standard due diligence checks in relation to financial affordability checks for the mortgage and insurance products we recommend to you.||Necessary to comply with legal obligations to which we are subject.
Our legitimate business interest to assess the risk associated with providing you with our services.
When processing sensitive personal data, we do so with your explicit consent.
|Legal and regulatory compliance and compliance with law enforcement requests. This includes biometric facial recognition to confirm your identity, other checks and monitoring transactions for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, and fraud. Also, sharing information on suspected financial crimes, fraud and threats with law enforcement and regulatory bodies.||Necessary to comply with legal obligations to which we are subject.
When processing sensitive personal data, we do so with your explicit consent.
|Providing our mortgage and insurance advisory and administration services, covering any services we provide to you as a private client.||Necessary for the performance of the contract agreement to which you are a party.|
|Managing and developing our relationship with you. This includes providing account management, contacting you for feedback and inviting you to participate in customer satisfaction surveys.||Our legitimate business interest to develop our relationship, collect your feedback, assess your level of client satisfaction and to improve our services.|
|Sending you marketing about our services, our news and events. This includes sending you our news emails, information about our services, related information which may be of interest to you and to invite you to our events.||Our legitimate business interest to send you marketing and promotional materials from time to time.
Where we have obtained your consent to send marketing, we rely on that consent as the legal basis.
You can tell us to stop sending you marketing information at any time by objecting or withdrawing your consent. You can do so by contacting us at [email protected] or by using the unsubscribe link in any marketing email you receive from us.
|Internal management, administrative and organisational purposes. This includes maintaining internal records and carrying out other business administration tasks.||Our legitimate business interest to process your personal data to manage and improve our business processes.|
|Statistics and other data analysis. This includes creating forecasts and business plans, improving our services and developing new services.||Our legitimate business interest to process your personal data to develop and improve our business through aggregated and anonymised reporting and analysis.|
|Sharing data with entities in our group. This includes sharing client records and results of due diligence with our Appointed Representatives entities.||Our legitimate business interest to identify and develop shared clients across our network of advisers and to utilise existing due diligence and risk assessment information when providing our clients with services.|
|Sharing data with other third parties, including third parties who process personal data on our behalf.||Our legitimate business interest to share your data with trusted third parties who provide us with services relevant to our provision of services to you, including professional advisers, screening service providers and IT service providers.|
|Maintaining a record of and monitoring clients that consider themselves to be or are considered to be vulnerable.||Necessary to comply with FCA guidance on the fair treatment of vulnerable customers. When processing sensitive personal data, we do so with your explicit consent which can be withdrawn at any time.|
We sometimes need to share the personal information with other organisations. Where this is necessary, we are required to comply with all aspects of the UK GDPR.
What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where a joint application is made, we are not able to restrict data sharing between applicants.
VBL will only collect the information needed so that it can provide you with marketing and consulting services. We do not sell or broker your personal data.
Where Necessary or Legally Required We Share Information With
We may, on occasion, pass your personal information to third parties exclusively to process work on our behalf; for example, a data destruction provider. We always require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and the UK GDPR.
Vincent Burch Ltd takes the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by its employees in the performance of their duties. Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of the data.
To ensure we meet our legal, regulatory and customer obligations, we will retain client information for the following periods:
It is unlikely that we will ever share your personal data outside the UK or European Economic Area. (the EU member states plus Norway, Iceland and Liechtenstein) (“EEA”). If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations in countries benefiting from a European
Issued April 2021 Commission (“EC”) adequacy decision, approved by the UK ICO, or on the basis of EC Standard Contractual Clauses, approved by the UK ICO, which when reinforced with additional supplementary measures, contractually oblige the recipient to process and protect your personal data to the standard expected within the UK and EEA.
At any point whilst VBL is in possession of, or processing your personal data, all data subjects have the following rights:
You have the right to access your personal information (subject to certain exemptions). If you wish to find out what information we hold that relates to you, please contact us; details below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In the event we refuse your request under rights of access, we will provide you with a reason why, which you have the right to legally challenge.
We do not make client or supplier decisions based solely on automated decision making.
This privacy notice does not provide exhaustive detail of all aspects of the collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you have any questions or complaints, or wish to exercise any of your data subject rights, please contact the Data Protection Manager at:
The Data Protection Manager,
Vincent Burch Ltd,
48 – 52 Surrey Street,
Telephone 01603 856 870 or email [email protected]
We have also appointed an independent Data Protection Officer, Evalian Limited, who can be contacted by email at [email protected].
If you are not satisfied with how VBL has responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom.