QED Financial Associates Ltd processes information as an essential part of its business function. This includes confidential information about businesses and individuals. Information is a valuable asset and business continuity is dependent on its integrity and continued availability. Therefore, these procedures are in place to protect the information under our control from unauthorised use, disclosure or destruction, either accidental or deliberate.
QED Financial Associates Ltd will comply with all legislative and regulatory requirements in this respect and this policy and procedure will be monitored and updated as required.
The information within this policy and procedure is important and applies to the entire workforce at QED Financial Associates Ltd. Non-compliance may result in disciplinary action.
The primary purpose of data protection legislation is to protect individuals against possible misuse of information held about them by others. It is the policy of QED Financial Associates Ltd to ensure that all members of staff are aware of the requirements of data protection legislation and their individual responsibilities in this connection.
The Data Protection Act 1998 is all about personal data which means any information relating to living individuals. This can be as little as a name and address. This personal data may be information held on computer or in structured manual files. The Act also refers to sensitive personal data which means information relating to a person’s racial or ethnic origins; political beliefs; religious or other beliefs; trade union membership; physical or mental health; sexual life; criminal allegations or criminal proceedings or convictions.
QED Financial Associates Ltd holds and processes information about its employees, customers, suppliers and other living individuals.
QED Financial Associates Ltd’s Data Protection Officer is Mark Sanderson. All queries about QED Financial Associates Ltd’s policy, procedure and all requests for access to personal data should be addressed to the Data Protection Officer.
QED Financial Associates Ltd has an obligation as a Data Controller to notify the Information Commissioner (formerly Data Protection Commissioner) of the purposes for which it processes personal data. Individual data subjects can obtain full details of QED Financial Associates Ltd’s data protection registration/notification Z2989934 with the Information Commissioner from the Information Commissioner’s website http://www.ico.gov.uk
QED Financial Associates Ltd is obliged to abide by the data protection principles embodied in the Act.
These principles require that personal data shall:
‘Processing’ of data will, in practical terms, mean anything you do with the data, including obtaining the information, accessing it, updating it, printing it, disclosing it etc.. All these things must be done ‘fairly and lawfully’.
To comply with this principle, whenever QED Financial Associates Ltd collects information about people, those people should be made aware that it is QED Financial Associates Ltd they are giving their information to and be told what QED Financial Associates Ltd intends to do with that information if not obvious. People should not be misled about this. This rule applies whether the information is collected on-line, in writing or via the telephone.
Additionally, a condition for processing must be satisfied. See conditions at Appendix 1.
In the case of sensitive personal data, a further condition must also be met. See additional conditions at Appendix 2.
The register entry identifies the purposes for which data are held and processed by QED Financial Associates Ltd. If you wish to use data for any additional purpose(s) then you must consult the Data Protection Officer before doing so.
In particular, no member of staff may, without the prior authorisation of the Data Protection Officer:
Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements. Do not process excessive and irrelevant information provided by customers.
Ensure the quality of information used. Errors in recording information can subsequently cause problems for the Council and individuals alike.
Personal data shall be held for no longer than is necessary. In most cases data is held in accordance with the requirements of the Financial Conduct Authority to maintain a suitable audit trail for the safeguarding of the client’s best interest.
The Act provides individuals with rights in connection with the personal data held about them.
The following 8 points explain the client’s rights in greater detail.
The right to be informed encompasses our firm’s obligation to provide ‘fair processing information’, typically through a privacy notice. It emphasises the need for transparency over how you use personal data.
You have the right to receive a copy of your personal information that we hold about you, subject to certain exemptions.
You have the right to ask us to correct personal information that we hold about you where it is incorrect or incomplete.
You have the right to ask that your personal information be deleted in certain circumstances subject to there being no other compelling reason to continue processing.
You have the right to suspend the use of your personal data where you believe your data to be incorrect and/or should you believe our firm has no lawful basis of processing your information.
You have the right to obtain your personal information in a structured commonly used format in order for that information to be passed to a third party of your choice, where it is technically feasible.
You have the right to object to your personal information being used where you believe our firm do not have grounds to process your information.
Safeguards are in place to ensure that you are not risk when processing your data without human intervention.
Most significantly, it provides the right of access to that data. It also provides the right to seek compensation through the courts for damage and distress suffered by reason of inaccuracy or the unauthorised destruction or wrongful disclosure of data.
Any person has the right of access to any personal data QED Financial Associates Ltd hold about them either on computer or in a structured manual file. To exercise this right, they should put their request in writing to the Data Protection Officer, there is no charge for this request however, a ‘reasonable fee’ may be liable should the data requests be deemed excessive.
QED Financial Associates Ltd is obliged to respond to such requests within one month of receipt of the request and the appropriate fee. Therefore, it is essential that such a request is recognised by all members of staff and is passed expeditiously to the Data Protection Officer to deal with.
The Data Protection Officer will record all such requests and ask all departmental heads to search their computer and manual files for data concerning the applicant. Altering or deleting information AFTER such a request has been made AND in order the prevent disclosure of the information is a criminal offence. However, this does not prevent any change to the data which would be made in the normal course of business.
In relation to security, the Data Controller must take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data and set out specific considerations for ensuring security.
QED Financial Associates Ltd adopts a risk based approach in assessing and understanding the risks, and uses physical, technical and procedural means to achieve appropriate security measures. We take into account technological developments and associated costs to achieve a level of security appropriate to the nature of our information and the harm which may result from its loss or disclosure.
Members of staff will keep confidential that information which is provided to QED Financial Associates Ltd to conduct its business and may only disclose it when authorised to do so. QED Financial Associates Ltd provides training to staff to enable them to understand and carry out their responsibilities in respect of security.
Members of staff are responsible for ensuring that:
Unauthorised disclosure is a disciplinary matter and may be considered gross misconduct. If in any doubt, consult the Data Protection Officer.
QED Financial Associates Ltd is responsible for ensuring computer hardware is securely disposed of, in such a way that personal and/or confidential data is impossible to retrieve from it.
Those persons and organisations who process personal data on behalf of QED Financial Associates Ltd (but who are not employees of QED Financial Associates Ltd are classed as ‘data processors’ by the Act. There is a legal obligation for QED Financial Associates Ltd to have a written contract with them in relation to the security of the data whilst in their custody. Such contracts are arranged, monitored and maintained by the Data Protection Officer who is also responsible for ensuring the security procedures are inspected.
QED Financial Associates Ltd does not currently transfer any data outside the EEA.
A failure to comply with the provisions of the Act may render QED Financial Associates Ltd, and/or in certain circumstances, the individuals involved, liable to prosecution. This could also give rise to civil liabilities, enforcement action by the Information Commissioner and loss of reputation.
In particular, personal data held by QED Financial Associates Ltd will not be accessed, by any person, for any personal reason or for other than a QED Financial Associates Ltd business purpose. Such conduct constitutes a criminal offence.
All staff who record and/or process personal data in any form are encouraged to familiarise themselves with the general aspects of data protection contained in this policy and procedure.
Any breach of this policy may result in disciplinary proceedings.
(only one of these conditions is required)
(only one of these conditions is required)
Financial Conduct Authority. FCA number 587216.QED Financial Associates Ltd is authorised and regulated by the
www.financial-ombudsman.org.uk The guidance and/or advice contained in this website is subject to UK regulatory regime and is therefore restricted to consumers based in the UK.Should you be unhappy with the service that you receive from QED Financial Associates Ltd and we are unable to resolve this to your satisfaction you can contact the Financial Ombudsman at