Privacy policy

Website Privacy Policy
Personal information is collected by Woodruff Financial Planning Limited. Woodruff Financial Planning Limited is registered with the UK’s Information Commission as a Data Controller in accordance with the Data Protection Act 1998, registration number Z7729932, as well as the General Data Protection Regulation (GDPR). The registered office is Unit 5, Park Lane Business Centre, Langham, Colchester, Essex, CO4 5WR.

Woodruff Financial Planning takes the privacy of its website users seriously. We are committed to safeguarding the privacy of our users while providing a personalised and valuable service. This Website Privacy Policy statement explains the data processing practices of Woodruff Financial Planning relating to the data collected via this website, and email marketing.

If you have any requests concerning your personal information or any queries with regard to these practices please contact us.

By using this website you may exchange some limited personal information so we can deliver our services to you. For example, you may provide us with your name or contact details so that we may contact you, or provide marketing services. We call this “Your Personal Data”.

This document explains what we do with Your Personal Data, and the various rights you have in relation to this data.

This website is fully compliant with the EU e-privacy directive, as well as UK data law, such as the General Data Protection Regulation (GDPR).

Our website contains links to third party websites which are not subject to this privacy policy. We recommend that you read the privacy policy of any such websites that you visit.

What do we mean by “Your Personal Data”?
Your Personal Data is any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, via information such as your name, address, contact details, or social media profiles.

We collect personally identifiable information about you through:

the use of enquiry and registration forms
when you purchase any of our products or services
the provision of your details to us either online or offline
Your Personal Data collected by this website may include:

Names, contact details, and addresses
Any additional personal data is only likely to be provided to us if you if you become a client, or enquire about financial planning services, your data will be subject to our separate Client Privacy Policy.

We may collect information that is automatically sent to us by your computer’s internet browser when you visit our website, such as your computer’s technical address (or ‘IP address’) or information about which particular internet browser you are using. We may also collect non-personal information automatically about your visit to our sites. This information is less likely to be able to identify you directly, although is still likely to be personal data. However, this data is necessary to be able to provide a modern website for your use.

We use cookies to personalise your visit to this site.  We also use code to track visits to this site in a non-personal manner.

If you subscribe to our email newsletters, we may track your subsequent visits to this website for marketing purposes.

How our Firm will deal with Your Personal Data
If we provide marketing services to you

You may sign up to receive marketing communications from us. We use your Personal Data for purposes which may include:

providing our users with a personalised service
processing quotations, registrations and enquiries
running competitions
running a financial forum
providing you with a regular newsletter (provided you agree to receive this newsletter)
providing you with information about products and services we offer
We never share your personal data with any third party organisations for marketing purposes without your permission.

You may withdraw this marketing consent at any time, by emailing advice@woodruff-fp.co.uk. We will withdraw your name from our marketing lists. You can unsubscribe from email communication  from any message we send to you.

If you become a client

All clients of our firm sign a Service Agreement, which is a contract for us to supply services to you.

Your data will then be subject to our Client Privacy Policy.

General

We may also use information in aggregate form (so that no individual user is identified):

to build up marketing profiles
to aid strategic development
to manage our relationship with advertisers
to audit usage of the site
to track visits to our website
We have the right to use Your Personal Data even when there is no contract between us, provided it is in our legitimate business interest to do so, and this does not affect your rights. For example, we will use Your Personal data to comply with legal responsibilities we may owe our regulator The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject.

How do we collect Your Personal Data?
We will collect and record Your Personal Data from a variety of sources, but mainly directly from you when you sign up for services like our newsletter, or contact us verbally, and in writing, including by email.

We may also obtain some information from third parties, including information in the public domain such as social media profiles.

What happens to Your Personal Data when it is disclosed to us?
In the course of handling Your Personal Data, we may:

Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees within our Firm, and only when it is necessary to contact you in previously agreed ways.
Use Your Personal Data for the purposes of responding to any queries you may have in relation to any financial planning, or if agreed to marketing contact, to inform you of any developments in relation to those products of which we might become aware.
Sharing Your Personal Data
We do disclose your information to our employees, business partners and to third party suppliers we engage to provide services which involve processing data on our behalf, successors in title to our business, in accordance with a properly executed court order, or otherwise required to do so by law or our regulator the Financial Conduct Authority.

In particular, we share data with

Employees of suppliers who provide design and/or support services;
Our web hosting technology suppliers who provide the physical server infrastructures that our website operates on. Some of this data may reside outside of the EU.
Our cloud storage and technology supplier whose services we use for secure backup storage and email relay services.
Our email marketing software, used to provide you with email newsletters and delivery of free downloads.
We have obtained Data Privacy Agreements with all of the 3rd party technology suppliers above which detail our respective responsibilities for data security.

In each case, your Personal Data will only be shared for the purposes set out in this website privacy notice, to provide you with the website materials, and any additional marketing you have agreed to receive.

Please note that if we share Your Personal Data, this does not entitle third parties to send you marketing or promotional messages: this data is shared so we can adequately fulfil our responsibilities to you, and as otherwise set out in this Website Privacy Notice.

The Internet is a global environment. Using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing our websites and communicating electronically with us you acknowledge and agree to our processing of personal data in this way. By agreeing to our transfer of your Personal Data to third party organisations for them to deliver our services, you are deemed to provide your consent to any transfer of your Data to organisations based outside the European Economic Area. We only pass personal data to third party organisations that comply with the GDPR regulations, or of an equivalent standard.

Security and retention of Your Personal Data
Your privacy is extremely important to us and we will secure Your Personal Data in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against unlawful or malicious access by a third party.

Your data is protected in a number of ways:

Access control: access to personal data is strictly limited in line with our policy. Access is controlled by individual user accounts, where a strong password policy is enforced
Dedicated security software: We operate dedicated security scanning and access control software on all of our websites. This software is responsible for limiting login attempts to our site, blocking potentially malicious attempts to access our services, and regularly performing full file system scans.
Data encryption: where data is stored in a cloud facility (such as the storage of website backup files), that data is encrypted both ‘in transit’ and ‘at rest’ – meaning that all data is securely obscured both during the process of transfer to the cloud provider, and then additionally when it is in storage at its final location.This website is also secured with SSL encryption, which means that all traffic to and from our servers is encrypted. This applies to our own administrative access to the website as well as that of users of our services.Additionally, we ensure that our own dedicated secure Virtual Private Network (VPN) is used when we access the site from anywhere on a public wifi network.
Selection of third party service providers: we use a very limited number of third party service providers, but some are essential for the provision of physical hosting environments and cloud services. One of the core factors in the selection of such providers is their ability to provide secure systems and processes. We have written Data Processing Agreements with each of our core service providers that sets out the requirements for data security.
ICO registration: We are registered with the Information Commissioner’s Office, the UK’s data regulator, ensuring that our data privacy record and reputation is available in the public domain.
Your Personal Data will be retained by us either electronically or in paper format for as long as you agree to receive marketing services from us. Other personal data will be deleted regularly according to our policies, and will be held for no longer than is necessary.

Your rights in relation to Your Personal Data
You can:

Request copies of Your Personal Data that is under our control
Ask us to further explain how we use Your Personal Data
Ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request)
Ask us to send an electronic copy of Your Personal Data to another organisation should you wish
Change the basis of any consent you may have provided to enable us to market to you in the future (including withdrawing any consent in its entirety)
Children
We do not intentionally collect any information on children, since our website is designed for UK resident adults. We will delete any details of such users where a parent or guardian has notified us that any such details have been obtained.

Changes to this Policy
From time to time, and without prior warning, we may make changes to this website privacy policy to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or website enhancements.

Terms and conditions
This privacy policy forms part of our site terms and conditions. By accessing any part of this site, you will be deemed to have accepted these terms in full.

How to make contact with our Firm regarding the use of Your Personal Data
If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact Magali Woodruff on 01206 919101 or at advice@woodruff-fp.co.uk.

We will inform you if we believe we have a legal right not to deal with your request, or to action it in different way to how you have requested.

If you become aware of any unauthorised disclosure of Your Personal Data, please notify us immediately, so that we may investigate, and fulfil our own regulatory obligations.

If you have any concerns or complaints regarding how we handle Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, which can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Document issued 10th May 2018, and updated 11th May 2018.