Forvis Mazars Financial Planning Limited Privacy Statement
Why we process Personal Data
Forvis Mazars Financial Planning Limited processes Personal Data for the following reasons:
- To provide financial planning services to our clients
- To provide personal tax advice and compliance services, wealth and investment planning to our clients, we collect information from our clients directly, financial product providers selected by our clients, third party agencies, HMRC, and social media.
- We ask for detailed information from our clients so we can provide tailored and bespoke advice to meet our clients’ financial objectives. We require this information to perform our contract with you. If you do not provide us with sufficient information or withdraw your consent, we may be unable to deliver our services and will make this clear to you.
- We may share your information with your third-party financial product providers (for example, investment funds or pension schemes).
- To meet our legal or regulatory requirements
- Certain statutory obligations apply to Forvis Mazars Financial Planning Limited’s work which require us to process personal data. For example, we are required to record calls if we are providing advice, and we must record client vulnerability.
- In some circumstances, we may be required to provide your information to third parties such as our regulators and supervisory authorities, or law enforcement authorities and agencies. Where such obligations arise, we will, insofar as it is possible without breaching any other duty we owe, inform our clients.
- Forvis Mazars Financial Planning Limited completes checks on clients prior to providing services to ensure we do not have any conflicts that would interfere with our independence as auditors. These checks will take into consideration the financial interests, relationships, and publicly available information of our clients’ directors, shareholders and other third parties associated with the client. We will collect data from individuals directly or from the clients and will review this information with information we gather from third party data sources. We also exchange information with other firms of the Forvis Mazars global network to maintain our independence.
- Under anti-money laundering legislation, we are required to verify the identity of our clients’ directors and other associated individuals (including the beneficial owners of organisations and trusts) prior to commencing our services. To comply with this legal requirement, we use Smart Search and credit reference agencies (including Experian, Equifax, Transunion, and Dow Jones) who check the details supplied during our client onboarding process against information to which they have access. The credit reference agencies may keep a record of the information we provide them and disclose it (and the fact that a search was made) to its other customers, including for the purposes of assessing the risk of giving credit and occasionally to prevent fraud, money laundering and to trace debtors.
- To manage our business operations and run our firm
- We process personal data for data management activities (such as back up, storage, and destruction of data when it is no longer needed), managing our IT systems (including security monitoring), and business continuity purposes; these activities may include all personal data we handle.
- We also process limited personal data for billing, general administration, and client management.
- To facilitate our business operations, we may use artificial intelligence that may process personal data.
- We have identified the necessity for our legitimate interests as our lawful basis for these processing activities.
- To improve, promote or develop our business and services
- Quality and monitoring checks are conducted to ensure we provide a high standard of service.
- Activities promoting our services include direct marketing which individuals may opt-out of at any time. Opt-out can be achieved by responding using the unsubscribe options contained within the information you have received or by emailing our Data Protection Officer at privacy@mazars.co.uk.
- Some of our marketing emails may contain web beacons, web bugs, cookies or other similar technologies which enable us to understand whether an individual opens, reads, or deletes the message and any interaction an individual makes with links contained therein. When an individual clicks on a link in a marketing email they receive from us we may also use cookies to log what pages that individual views, in accordance with our cookies policy.
- When we create reports to assess our performance and for benchmarking purposes we may need to process limited personal data.
- We carry out profiling for the purposes of marketing, developing our business and understanding the needs of our clients. To facilitate this, we collect data from our website, our social media sites which may in turn collect data from your personal social media accounts; and Zoom (or other such facility) in the event you register for and attend an event we have organised. We do not use profiling technologies for any credit or other automated decision taking processes.
- We also use personal data in pursuit of the legitimate interests of third parties, including our clients and our suppliers. Those interests include delivering our services and facilitating service improvements in the software we utilise and other ancillary services.
- We have identified the necessity for our legitimate interests as our lawful basis for these processing activities.
Types of Personal Data Processed
The types of personal data processed will vary depending on the data we require to deliver the requested service(s) to our clients and in accordance with our engagement terms. Most of the time, we collect personal data directly from the individuals. However, sometimes our clients will provide us information about their spouses or dependents.
We process the personal data of our clients, clients’ spouses, clients’ children or dependents, and other people associated with our client.
The types of personal data we process will vary depending on the services we are providing to our clients, our regulatory obligations, and our legitimate interests.
Forvis Mazars Financial Planning Limited is the Data Controller for the personal data you provide to us.
Types of Personal Data Processed
The types of personal data processed will vary depending on the data we require to deliver the requested service(s) to our clients and in accordance with our engagement terms. Most of the time, we collect personal data directly from the individuals. However, sometimes our clients will provide us information about their spouses or dependents.
We process the personal data of our clients, clients’ spouses, clients’ children or dependents, and other people associated with our client.
The types of personal data we process will vary depending on the services we are providing to our clients, our regulatory obligations, and our legitimate interests.
| Category | Examples (not an exhaustive list) |
| Demographic | Name, address, date of birth, telephone number, email address, marital status |
| Financial | Bank details, salary information, tax liabilities, other pay deductions, payments to others |
| Employment | Employer, job title, employment contact details, employment history |
| Social | Achievements, social media information, education |
| Special category | Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, sexual orientation |
If we process Special Category Personal Data, we will seek consent where possible or ensure we have identified another lawful basis to process such data. Where we have relied on consent to process your Special Category Personal Data, you may withdraw your consent from processing at any time.
Duration of Processing
Forvis Mazars Financial Planning Limited will process personal data for as long as we are required to do so for the purposes for which we collected it (including where we have a legal or regulatory obligation to retain it). Sometimes we may need to retain information longer if we are required by a regulatory authority or if we need to establish, exercise or defend our legal rights.
Recipients of your Personal Data
Forvis Mazars Financial Planning Limited relies on a number of suppliers in order for us to provide our services and to operate our business (for example, our use of third-party IT solutions). Our need to rely upon suppliers may vary depending upon the services we are delivering to our clients. Most of our suppliers will not engage directly with personal data, but sometimes they may need to access personal data to assist us (for example, when providing technical assistance). When suppliers process personal data on our behalf, we require them to provide at least the same level of protection for personal data as we do.
International Data Processing
We may transfer personal data outside of the United Kingdom or European Economic Area (EEA). We ensure we have taken appropriate measures to protect personal data and to comply with the data protection laws of the United Kingdom and EEA.
International data processing may occur in the following circumstances:
- Forvis Mazars Financial Planning Limited uses subsidiaries of Forvis Mazars LLP, other member firms of the Forvis Mazars Group (including subsidiaries of Forvis Mazars Group SC) or the Forvis Mazars Global network for some processing activities. When we use the services of other firms in the Forvis Mazars Global network, data may be stored or accessed from outside of the United Kingdom.
- Some of our suppliers may need to transfer data outside of the United Kingdom for the provision of services.
- Forvis Mazars Financial Planning Limited employees and partners may need to work from outside the United Kingdom occasionally and may have access to personal data when working abroad. When our people need to work abroad, we ensure appropriate security measures are in place to protect personal data.
Your Data Protection Rights
Individuals have various rights in relation to their personal data called Data Subject Rights. Individuals may:
- Request access to the personal data we hold about them;
- Ask us to correct any data which is inaccurate;
- Request to have their personal data deleted;
- Put in place restrictions on our processing of their data;
- Ask us to transfer their data to another controller.
Forvis Mazars Financial Planning Limited will handle all data subject rights requests in accordance with the data protection laws. Requests should be submitted to our Data Protection Officer (privacy@mazars.co.uk).
If you are dissatisfied with the way we have handled your personal data, you may contact the privacy team at privacy@mazars.co.uk. If we are unable to resolve the matter for you, you may take your complaint to the Information Commissioner’s Office. Further details can be found via their website at www.ico.org.uk.
Data Security
Forvis Mazars Financial Planning Limited has technological and organisational controls, including policies and procedures, in place to protect personal data from loss, misuse, alteration or unintentional destruction. Our staff have been trained to maintain the confidentiality of such information.
For more information on our security controls, please see Our Security Approach.
Our controls are put in place by Forvis Mazars LLP on our behalf and apply to their direct subsidiaries.
Changes to this Statement
We recommend you check this statement on a regular basis to ensure you remain happy with the activities we carry out in respect of processing personal data.
Should we make significant changes to the way we process data, we will draw your attention to the relevant part(s) of this statement through email and or other appropriate communications as part of our engagement activities with you.
Any changes to our ‘Website’ privacy notice shall be managed in accordance with the terms stated thereunder.
Last updated: July 2024
FOR ANY ENQUIRIES, PLEASE CONTACT: PRIVACY@MAZARS.CO.UK