Privacy Policy for Pillarstone Financial

At Pillarstone Financial, we are committed to protecting your privacy and handling your personal data with transparency and integrity. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our services, which include pension consultation, retirement planning, investment guidance for pension funds, inheritance tax planning, final salary scheme advice, and defined contribution planning. We operate in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

We may collect various types of personal information, depending on the nature of our engagement with you. This information is primarily collected when you seek our expert pension planning and advisory services.

• Personal Identifiers: This includes your name, address, date of birth, contact details (such as phone number and email address), and identification documents (e.g., passport or driving licence for verification purposes) as required by regulatory obligations.
• Financial Information: Details about your income, assets, liabilities, existing pension plans, investment history, financial goals, and other financial circumstances relevant to providing our advisory services. This may include sensitive financial data necessary for comprehensive financial planning.
• Employment Information: Details regarding your current and past employment, salary, and pension scheme details if relevant to your pension planning needs.
• Family Information: Information about your family status, dependents, and beneficiaries to assist with inheritance tax planning and other family-related financial considerations.
• Health Information: In limited circumstances, and only with your explicit consent, we may collect health information if it directly impacts your pension planning (e.g., for certain types of annuities or insurance products).
• Technical Data: When you access our online platform, we may automatically collect technical data such as IP addresses, browser type, operating system, and usage patterns. This helps us ensure the security and functionality of our site.

2. How We Use Your Information

We use the information we collect for various purposes, primarily to deliver our financial advisory services effectively and to meet our legal obligations.

• Providing Services: To offer tailored pension consultation, retirement planning, investment guidance, inheritance tax planning, final salary scheme advice, and defined contribution planning specific to your needs.
• Client Communication: To communicate with you regarding your service inquiries, appointments, updates on your plans, and other relevant information.
• Compliance and Regulatory Obligations: To comply with legal and regulatory requirements, including anti-money laundering (AML) and know-your-customer (KYC) regulations, and to respond to lawful requests from public authorities.
• Service Improvement: To analyse service usage and improve the quality and effectiveness of our offerings and online platform.
• Security: To protect our online platform and systems from fraud and unauthorised access.

3. Legal Basis for Processing

Our legal basis for collecting and using your personal information depends on the specific context in which we collect it. We will only process your personal data where:

• Performance of a Contract: The processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (e.g., providing pension advice).
• Legal Obligation: The processing is necessary for compliance with a legal obligation to which Pillarstone Financial is subject (e.g., financial regulations, tax laws).
• Legitimate Interests: The processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your data protection rights.
• Consent: You have given explicit consent for the processing of your personal data for one or more specific purposes (e.g., for processing special categories of data like health information). You have the right to withdraw your consent at any time.

4. Disclosure of Your Information

We may disclose your personal information to the following categories of recipients:

• Service Providers: Third-party service providers who perform services on our behalf, such as IT support, document management, and professional advisors (e.g., legal or accounting services). These providers are contractually obligated to protect your data and only use it for specified purposes.
• Regulatory and Law Enforcement Bodies: To comply with legal obligations, enforce our policies, or respond to lawful requests from government agencies, courts, or other regulatory bodies.
• Financial Institutions and Third Parties: With your consent or as required for our advisory services, such as pension providers, investment platforms, and insurance companies with whom you choose to engage through our guidance.

We will not sell or rent your personal data to third parties.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption: Using encryption technologies for data in transit and at rest where appropriate.
• Access Controls: Restricting access to personal data to only those employees, contractors, and third parties who have a legitimate need to know.
• Regular Audits: Conducting regular security assessments and vulnerability scans.
• Training: Providing data protection training to our personnel.

Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, this means retaining data for the duration of our engagement and a further period as required by regulatory bodies such as the Financial Conduct Authority (FCA).

7. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain conditions.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
• Right to Object: You have the right to object to our processing of your personal data under certain conditions.
• Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided in Section 9. We may ask you to verify your identity before responding to your request for security purposes.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We encourage you to review this policy periodically. Any changes will be posted on this page with an updated revision date.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Pillarstone Financial
387 Newington Causeway,
Floor 8,
London, England,
SE1 6DP,
GB

10. Complaints

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority in the UK, which is the Information Commissioner's Office (ICO). Their website is at https://ico.org.uk.