abrdn plc and its subsidiaries are committed to safeguarding any personal information shared with us. We take privacy seriously and as a consumer of one or more of our digital, financial planning and advice or discretionary fund management services you can be assured that we will only ever collect and use your personal information where it is necessary, fair and lawful to do so in line with the privacy & data protection laws applicable to our business operations.
FAO Data Protection Officer
1 George Street
Information we collect and use
Information about you that we collect and use includes:
- Information about who you are and to verify your identity e.g. your name, date of birth and contact details, password for the open banking app ‘Choices’
- Information connected to your product or service with us e.g. your bank account details, email address, income expenditure, disposable income
- Information about your contact with us e.g. meetings, phone calls, emails / letters
- Information about your priorities and goals e.g. savings goals / retirement planning
- Information that is automatically collected via cookies or other similar tracking technologies when you visit one of our websites, access our online tools or use our open banking app e.g. username, IP address, Device ID
- Information if you visit one of our offices e.g. visual images collected via closed circuit television (CCTV)
- Information connected to other people associated with you e.g. name, date of birth, income & expenditure in relation to individuals named on joint bank accounts
- Information classified as special category data ['sensitive' personal information] e.g. relating to your health, gender of partner.Where we collect and use sensitive personal information, as defined by data protection laws, this information will only be collected and used where it's needed to provide the product or service you have requested or to comply with our legal obligations, and where we have also obtained your explicit consent to process such information.
Where we collect your information
We will collect your personal information directly from you, from a variety of sources, including:
- Data you enter on our open banking app and from analysis of your bank account [obtained via the open banking permissions granted to our partner, IDCO; required as part of registering for the app to provide you with tailored messages to support your needs and goals]
- An application form for a product or service with us e.g. Stocks and Shares ISA
- Phone conversations with us
- Emails or letters you send to us
- Registering for one of our events e.g. retirement or financial planning and advice roadshows
- Participating in research surveys to help us understand you better and improve our products and services
- Our online services such as websites, social media and mobile device applications ('Apps')
- If you are an existing customer of our products and services, we may also collect personal information from those records to understand you better and ensure any communication with you takes these into account
- If you have a financial adviser or a discretionary investment manager the information we collect and use will most likely have been provided by them on your behalf
We may also collect personal information on you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly
Why we collect and use your information
We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only if are able to satisfy one of the lawful processing conditions set out in the data protection laws. This will be the case where:
- It’s necessary to provide the product or service you have requested e.g. if you wish to invest in our Stocks and Shares ISA, we will need to collect and use personal information from you including your name, address, date of birth, national insurance number and bank account details; or, if you require us to provide you with financial planning and advice we may also need some special category information relating to your health and lifestyle to provide a plan tailored to your specific goals and needs
- It’s necessary for us to meet our legal or regulatory obligations e.g. to send you important information including any changes to a product’s or app’s legal Terms and Conditions or for the detection and prevention of fraud
- You have given us your permission [consent] to use your information e.g. to send you information about similar products and services offered by other subsidiaries of abrdn plc and / or selected third parties who we have chosen to work with which we believe may be of interest and benefit to you.You can withdraw your consent at any time via the unsubscribe link on these emails or by contacting DPOffice@abrdn.com
- It’s in our legitimate interests to process your information to better understand you and your needs so we can:
- send you in-app notifications, where you have the open banking app, to make you aware of other relevant products and services available from us or our 3rd party partners;
- deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product or investment
- further improve our products and services including the development of new functionality for our digital investing services
- conduct research and collate management information to understand which individuals purchase our products and services
Where the processing is in our legitimate interests, we will always conduct an assessment to ensure that this use of your personal information is not excessive or unnecessary or otherwise more intrusive than it needs to be.
We sometimes use systems to make automated decisions based on personal information we have - or are allowed to collect and use from others – about you. These automated decisions can affect the services or features we offer you now or in the future. We use automated decisions to tailor the functionality and products within the open banking app, for example, to support your financial priorities and needs by placing you in groups with similar individuals to make decisions about the services we may offer to help meet your and other customers’ needs.
We will also collect and use statistical and aggregated data to understand, for example, the total number of customers for a particular product or service or how customers are using our open banking app features and functionality to support further development of the app and continually improve user experience.
Note - If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with some of our services
Where your information is processed
The majority of your information is processed in the UK or European Economic Area (EEA).
However, some of your information may be processed by us or the third parties we work with in countries outside of the UK or the EEA, including countries such as the United States.
Where your information is being processed outside of the UK or the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK or EEA Data Protection Laws e.g. we will put in place legal agreements with third parties and abrdn affiliates with ongoing oversight to ensure they meet these obligations.
Who we may share your information with
We will be required to share your information with selected 3rd parties and other subsidiaries of abrdn plc for the reasons outlined in ‘Why we collect and use your information’.
We will share your information with:
- Other parts of abrdn plc who support us in the provision of the products and services agreed with you
- The specialist 3rd parties we have selected to support delivery of our open banking app ‘Choices’:
- OKTA – delivering the secure functionality for the app to support effective authentication of your details when signing in to verify your identity
- IDCO – delivering the open banking functionality necessary to provide a secure connection to your nominated bank account and necessary insight into your finances to understand income & expenditure and available disposable income to save to meet your priorities and goals
- Various technology companies; software suppliers; or companies who can help us in our contact with you, for example an internet service provider
- Credit and identity check agencies for ID verification and credit reference checks
- Your adviser or discretionary investment manager where this is required as part of the product or service you have agreed with us
- Our regulators; including the Financial Conduct Authority (FCA and the Information Commissioner's Office for the UK (the ICO)
- Law enforcement and other appointed agencies who support us (or where they request the information) in the prevention and detection of crime
- HM Revenue & Customs (HMRC) for the processing of tax relief on ISA payments (where relevant) or the prevention of detection of tax avoidance
Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations. An example of this is that Internal and external audit and specialist third party consultants conduct regular, independent assurance and benchmarking exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. . Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information whether it is being processed by us or a third party acting on our behalf.
Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.
We also use internal and external audit and specialist third party consultants to conduct regular, independent assurance and benchmarking exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
How long we keep your information
To provide you with the product or service agreed and to fulfil our legal and regulatory obligations, we will keep your personal information and copies of records we create (e.g. calls with us) while you are a [prospective] customer or client of ours.
Even when you no longer have a relationship with us, we are required to keep information for different legal and regulatory reasons. The length of time will vary and we regularly review our retention periods to make sure they comply with all laws and regulations.
Your individual rights and how to exercise them
You have a number of rights under Data protection laws which may be exercised in certain circumstances.
Right to be informed about how and why we are processing your personal information
You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with - we do this in our Privacy Notice and privacy notices.
Right of access to personal information relating to you
You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR) by contacting the Data Protection Officer (see How to Contact Us section).
Right to request rectification of inaccurate or incomplete personal information
If your personal information is inaccurate or incomplete, you can request that it is corrected.
Right to request erasure of your personal information
You can ask for your information to be deleted or removed if there is not a compelling reason for abrdn to continue to have it.
Right to restrict processing of your personal information
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information - but only to ensure we don't use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.
Right to object to processing of your personal information
You can object to abrdn processing your personal information where: it's based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.
Right to not be subject to automated decision making including profiling
You have the right to ask abrdn to:
- Give you information about its processing of your personal information
- Request human intervention or challenge a decision where processing is done solely by automated processes
- Carry out regular checks to make sure that our automated decision making and profiling processes are working as they should.
More information can be found on your rights here https://ico.org.uk/for-the-public/
How to make a complaint
Please contact us at:
FAO Data Protection Officer
1 George Street,
While we hope that we can resolve any complaints for you, you do have the option complain to the ICO (whether or not you have exhausted our complaints procedure). Their contact details are as follows:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF