Cherry Tree Financial Ltd
Your Personal Data – what is it?
Personal Data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the Data Controller's possession or likely to come into such possession. The processing of Personal Data is governed by the General Data Protection Regulation 2016/679 (the "GDPR")* .
Who are we?
Cherry Tree Financial Limited is the Data Controller ("we", "us"). This means we decide how your Personal Data is processed and for what purposes.
How do we process your Personal Data?
We comply with our obligations under the GDPR by keeping Personal Data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting Personal Data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect Personal Data.
We use your Personal Data for the following purposes: -
1. To provide our advice and implementation service in respect of financial products, such as mortgages, life assurance, pensions and investments.
2. To keep in contact with our clients about products and services which we believe may be of value to the,
3. To inform people of our business and its activities
What is the legal basis for processing your Personal Data?
Article 6 Processing:
- Consent of the Data Subject; where we are marketing to the public. (needs to be an opt in method)
- Processing is necessary for the performance of a contract with the Data Subject or to take steps to enter into a contract; where we have been engaged to provide financial services.
Article 9 Processing
- Explicit consent of the Data Subject; where we wish to tell people about events, news, services
- Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity
Sharing your Personal Data
Your Personal Data will be treated as strictly confidential, and will be shared only with Cherry Tree Financial Limited and providers of financial service products, third-party data storage providers and legal or regulatory authorities if obliged to do so.
We keep your Personal Data for no longer than reasonably necessary and we only retain your data for servicing the financial services provided where agreed and in case of any legal claims and for regulatory purposes.
Your rights and your Personal Data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your Personal Data: -
- The right to request a copy of your Personal Data which we hold about you;
- The right to request that we correct any Personal Data if it is found to be inaccurate or out of date;
- The right to request your Personal Data is erased where it is no longer necessary for us to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that the Data Controller provide the Data Subject with his/her Personal Data and where possible, to transmit that data directly to another Data Controller;
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction is placed on further processing;
- The right to object to the processing of Personal Data;
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your Personal Data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact:
Cherry Tree Financial Limited, The Raylor Centre, James Street, York, YO10 3DW
Tel no: 01904 421092
You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own regulatory obligations.
If you have any concerns or complaints as to how we have handled Your Personal Data you may lodge a complaint with the UK's data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
*Note for Data Subject: At the time of writing, the new Data Protection Bill is being considered by Parliament. Once passed, it will incorporate GDPR and may make some amendments. Once it has been passed, it will become the law governing the collection and processing of Personal Data. However, for now we refer to GDPR as the relevant law.