Data Protection Agreement

All information held and processed by NorthStar is covered by and subject to the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

In order to provide our financial planning and advice services to you, we are required to collect and process certain personal data. The primary lawful bases for this processing are contractual necessity (processing is necessary to provide the services you have engaged us to deliver) and legitimate interests (processing is necessary for the effective operation of our business, including regulatory compliance, record-keeping and the administration of your financial arrangements). Where we process your data for marketing or other optional purposes, we will seek your explicit consent separately. Your data will be used for the sole purpose of providing financial advice, administration and management.

'Processing' includes obtaining, recording or holding information or data, transferring it to other companies associated with us, such as product providers, the Financial Conduct Authority (FCA) or any other statutory, governmental or regulatory body for legitimate purposes, including, where relevant, to solicitors and/or other debt collection agencies for debt collection purposes and carrying out operations on the information or data.

When processing your data, we always abide by the following key principles:

• Your data will be lawfully and fairly processed in a transparent manner.
• Your data is collected on the grounds of explicit and legitimate purposes only.
• We will only ask for your data when necessary, explain if data will be shared and how long it will be kept.
• Your data will be accurate, kept up to date and erased, without delay, should your data no longer be required for the purposes to be processed.
• Your data will only be retained as long as necessary in accordance with our data retention policy (see below).
• Your data will be secure.

In order to provide our services to you, we may share your personal data with the following categories of third parties:

• Relevant pension, investment, insurance and fund management providers used to administer your financial products.
• Financial planning and forecasting software providers used to model and analyse your financial position.
• Back-office administration systems used to manage client records and service delivery.
• Anti-money laundering and identity verification providers used to meet our regulatory obligations.
• Regulatory bodies including the Financial Conduct Authority (FCA), HM Revenue & Customs (HMRC), and the Financial Ombudsman Service (FOS), where required by law or regulation.
• Professional advisers such as solicitors, accountants, or other specialists where you have authorised us to liaise on your behalf.
• Artificial Intelligence (AI)-assisted software tools used to support document drafting, analysis, research, and meeting transcription as part of our service delivery (see below).

 

This list is not exhaustive. From time to time, we may share your data with other categories of third parties where this is necessary to provide our services to you or to meet our legal and regulatory obligations. We will only share data that is necessary for the specific purpose and will ensure appropriate safeguards are in place with each recipient. We will never sell your personal data to third parties.

We may use AI-assisted software tools to support certain aspects of our service delivery. This may include document drafting, analysis, research, and the transcription of meetings to produce meeting notes, action points and follow-up communications.

Where such tools are used, client data is anonymised or minimised before processing where practicable. All AI-generated outputs are reviewed by a qualified financial planner before being issued or acted upon. These tools are subject to data processing agreements with the relevant providers and are governed by our internal data handling procedures. No automated decisions are made about you or your financial arrangements using AI tools. A qualified financial planner is always responsible for reviewing, approving and taking accountability for all advice and communications.

In order to provide services to you, we may be required to pass your personal information to parties located outside of the United Kingdom, including countries that do not have data protection laws equivalent to those in the UK. Where this is the case, we will ensure appropriate safeguards are in place to protect the privacy and security of your information, including the use of Standard Contractual Clauses, UK adequacy regulations, or other mechanisms approved under UK GDPR.

The information provided to us may contain sensitive personal data (as covered by the GDPR and the Data Protection Act 2018), including information that relates to your physical or mental health or condition; the committing or alleged committing of any offence by you; any proceedings for an offence committed or alleged to have been committed by you, including the outcome or sentence in such proceedings.

NorthStar and any company associated with us treat all personal data and sensitive personal data as confidential and will not process it other than for a legitimate purpose associated with the service we provide to you. Steps will be taken to ensure that the information is accurate, kept up to date, and not kept for longer than is necessary. All third-party providers with whom we share your data are subject to appropriate data processing agreements or equivalent contractual safeguards.

Your data will be retained in accordance with FCA regulatory requirements and our data retention policy. As a minimum, we will retain your records for at least five years after the end of our business relationship with you. For pension and retirement advice, records may be retained for significantly longer (potentially the lifetime of the product) given the long-term nature of these arrangements. We will not retain your data for longer than is necessary for the purposes for which it was collected, and data that is no longer required will be securely deleted or destroyed. Measures will be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction, or damage to the data.

Subject to certain exceptions, you are entitled to have access to your personal and sensitive personal data that is held by us.  You will not be charged by us to supply your data; however, we do reserve the right to apply a ‘reasonable fee’ where requests are deemed excessive. We will respond to your request as soon as possible and within the maximum time frame of one month.

You are entitled to a number of key rights in relation to your data. These are:

• The right to be informed.
• The right of access.
• The right to rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• Rights to automated decision-making and profiling.

 

Please ask us for an explanation of these data rights should you wish to have more information.

You have the right to opt out of any marketing or other communications at any time. Should you wish to opt out or discuss your communication and marketing rights, please contact:

The Data Controller, NorthStar Wealth Management Group Ltd, Ocean Village Innovation Centre, Ocean Way, Southampton, Hampshire, SO14 3JZ.

Alternatively, you may opt out using the ‘unsubscribe’ link provided in all email marketing communications.

Where we process your data on the basis of your consent (for example, for marketing communications), you have the right to withdraw that consent at any time. Please note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal, and it does not affect processing that is carried out on other lawful bases such as contractual necessity or legitimate interests. Should you wish to withdraw consent, please contact:

The Data Controller, NorthStar Wealth Management Group Ltd, Ocean Village Innovation Centre, Ocean Way, Southampton, Hampshire, SO14 3JZ.

Should you believe your data has been wrongfully processed, stored or handled, you have the right to make a complaint with the Information Commissioner’s Office (ICO). Full details can be found at https://ico.org.uk/make-a-complaint/.

We reserve the right to make changes to this agreement at any time. You will be notified in writing with at least 14 days’ notice of any changes to our data protection terms. Any updated terms communicated to you will supersede this original agreement.

By signing this agreement, you understand and consent to the terms contained within it. You agree that the terms of this agreement will come into effect from the date of issue. For your own benefit and protection, you should read this agreement carefully before signing. If you do not understand any part of this agreement, please contact us for further information. This agreement should be read in conjunction with our Client Agreement, which sets out the basis on which we will conduct business with you and covers our regulatory status, how we operate, the services we provide, our fees and other important information.

I confirm that I have read this agreement and accept the terms contained within it.

Please sign below using your mouse or touch-enabled device: