Privacy Policy
UAE – PRIVACY POLICY
This Privacy Notice explains how we process your personal information, what type of information we hold, how we receive it and from who. This notice also explains who we may share your information with and details your rights under data protection legislation and how to use them.
This Privacy Notice should be read together with our Cookie Policy.
We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identified as such.
UPDATES TO THIS PRIVACY POLICY
This Privacy Notice may be amended by us at any time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will notify you about material changes by prominently posting a notice on our website. Please check this page periodically to review this Privacy Notice so that you will always know what information we collect, how we use it, and with whom we share it.
It was last updated in January 2025.
WHO DOES THIS PRIVACY POLICY RELATE TO?
This Privacy Notice relates to the following types of individuals, where we hold your personal information:
- Individuals who are clients, including prospective clients who have received a quote for a product from SPF, former clients who have previously held a policy via SPF, and client representatives, for example those with power of attorney;
- Our business/corporate clients and their employees, including prospective and former clients and client representatives;
- Visitors to our websites;
- Individuals who contact us with a query, concern or complaint;
- Individuals who respond to job vacancies
- Individuals named on our policies, such as named drivers, joint policy holders, guarantors, or beneficiaries;
- Individuals who request information from us or permit us to contact them for marketing purposes;
- There are other types of individuals who this privacy notice does not relate to, for example SPF employees and sub-contractors (including prospective and former employees and sub-contractors), employees of our current, former or prospective business partners and service suppliers, and members of the press.
If you are one of these individuals and would like further information on how we collect, use and store your data, please contact us. Our contact details are shown in the “HOW YOU CAN CONTACT US” section of this notice.
HOW YOU CAN CONTACT US
We take data privacy seriously and your opinion matters to us. If you have any questions about this policy or how we use your information you can contact our Data Protection Manager, speak to your adviser or contact SPF at privacy@spf.co.uk.
OUR DATA PROTECTION MANAGER
SPF’s Data Protection Manager is Stephen Clarke and he can be contacted in the following ways:
Email: privacy@spf.co.uk
Telephone: 020 7330 8500
In Writing: SPF Private Clients Ltd, 33 Gracechurch Street, London, EC3V 0BT
WHAT INFORMATION WE COLLECT AND HOW WE USE IT
We collect your information and use it in different ways depending on your relationship with us and how you have interacted with us. This can include information we share with or receive from other third parties.
THE LAWFUL WAYS WE USE YOUR DATA
We use your information for the following lawful reasons:
- To enter into or perform a contract; for example, to provide you with a quotation or illustration, to start, change or cancel a policy, to answer any queries you may have, or action your requests.
- To comply with a legal obligation; for example preventing money laundering and other financial crimes.
- For our legitimate business interests; for example, to detect and prevent fraud, money laundering and other financial crimes, monitor and improve our business and our products and services, demonstrate compliance with applicable laws and regulations, handle legal claims, respond to other types of complaint not previously mentioned, and some marketing activities. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to this kind of use. For more information, visit the “YOUR DATA RIGHTS” section of this notice.
With your consent; for example, when you ask us to provide you with information or permit us to contact you for marketing purposes. You can withdraw your consent at any time, for more information please visit the “YOUR DATA RIGHTS” section of this notice.
To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
SPECIAL CATEGORY DARA
The processing of special category data, such as health data, requires an additional legal basis to the grounds set out above. This additional legal basis will typically be:
- Your explicit consent;
- The establishment, exercise or defence by us or third parties of legal claims
Where necessary, documentation that you need to complete to provide that information will include a provision where you can indicate that consent. You may withdraw your consent to such processing at any time, however you should be aware that if you choose to do so we may be unable to continue to provide our services to you (and it may not be possible for your policy to continue). This may also mean that your policy will need to be cancelled. If you choose to withdraw your consent we will tell you more about the possible consequences, including that we may no longer be able to act as your broker of record or place or administer your policy and that you may have difficulties finding other cover.
WHEN WE COLLECT YOUR PERSONAL DATA
We collect personal data from you when:
- You approach SPF for advice on a financial services product
- You contact us to request information or to make a complaint;
- You visit our website or the websites of other Howden UK & Ireland companies;
- You visit one of our stands and give us your information, for example at a show or trade fair;
- You have given permission to other companies to share your information with us;
- You have made your information publicly available, and we have a legitimate reason to review it.
- We also collect your information from other third-party sources where we have legal grounds to do so. These include anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.
We use cookies (small text files stored in your web browser) and other techniques to monitor how you use our website. For more information on what these are and how to opt out of these, please read our Cookie Policy.
WHAT INFORMATION WE USE AND HOLD ABOUT YOU
Depending on your relationship with us, we may hold the following types of information about you:
- Identity and contact data: for example, your name, date of birth, postal address, telephone number and e-mail address.
- Location data: for example, your postal or IP address, the location of any property.
- Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.
- Internet data: for example, information collected by cookies and other online technologies such as Google Analytics, as you use our website or contact us by online methods.
You can find more information about the information we collect using cookies and other technologies in our Cookies Notice, available here.
- Information we obtain from other sources; including anti-fraud and other financial crime prevention agencies.
- Complaint data: for example, what the complaint was, how we investigated it and how we resolved it.
Some of our processes combine different sets of information we hold. This can include combining different data sets we have about you, or combining your information with that of other individuals.
SENSITIVE PERSONAL DATA (SPECIAL CATEGORY DATA)
Some of the information we collect about you may be sensitive, for example data relating to your health and any medical conditions, race or ethnicity, or data relating to criminal convictions. We only collect this information where it is relevant to do so, such as:
- When it is relevant to the type of mortgage you are enquiring about, have purchased, previously held or that you have been named on;
- Where it is relevant to a complaint or issue you have raised with us.
- Certain types of information are known as “special categories”, and receive additional protection due to their sensitivity, for example information that reveals your race or ethnicity, your political views or your religious beliefs. We only use these types of data with your explicit consent.
WHO WE SHARE YOUR INFORMATION WITH
Where applicable, we share your personal information with the following types of third parties when we have a valid reason to do so:
- Other companies in Howden UK & Ireland and/or the wider Howden Group;
- Fraud prevention agencies;
- Law enforcement, government bodies, regulatory organisations, courts and public authorities.
- Solicitors (who may be legal representatives for you, us or a third party claimant) and other professional services firms (including our auditors)
- Potential purchasers of our businesses.
- Service Providers who help manage our IT and back office systems, or who provide platforms and portals for administering policies and member details;
- A third party where disclosure is required to comply with legal or regulatory requirements;
- Personal representatives appointed by you to act on your behalf, or those appointed to represent a third-party claimant.
These parties may also need to process your personal data in the performance of their contract with us. Your personal information may be transferred electronically (e.g. by email or over the internet) and we, or any relevant third party, may contact you in future by what we believe to be the most appropriate means of communication at the time (e.g. telephone/ email /letter etc.).
Our websites may also share information with Google via the use of internet cookies, where you have agreed to this. You can find out more information about how Google uses data collected by cookies on Google’s Privacy & Terms site.
TRANFERRING DATA TO FRAUD PREVENTION AGENCIES
Lenders will undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require them to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used by lenders to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details and device identifiers including IP address.
Lenders and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Lenders will process your personal data on the basis that they have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect their business and to comply with laws that apply to them. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
CONSEQUENCES OF PROCESSING
If lenders, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, they may refuse to provide the services or financing you have requested.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
DATA TRANSFERS
Your data will be held by our parent company, SPF Private Clients Ltd, which is located in the United Kingdom. The storage and security of this data will comply with the United Kingdom’s Data Protection Act 2018 which is equivalent to the EU’s General Data Protection Regulations (GDPR). If you would like to receive any further information regarding this please contact us.
RETAINING AND DESTROYING DATA
We retain information about you and the products you purchase to meet a number of legal requirements, as well as our own legitimate business interests. For the period we retain your information, it is held securely by us or by third-party service suppliers contracted to store it on our behalf.
You can request further information about our retention periods and the data sets that they apply to by contacting us on the details shown in the “HOW YOU CAN CONTACT US” section of this notice.
We are also subject to legislative requirements to retain your data for specified minimum periods. We reserve the right to retain data for longer where we believe it’s in our legitimate interests to do so. In any case, we will not keep your personal data for longer than seven years after our relationship with you has ended.
In some circumstances we may retain your personal data for longer periods of time, for instance;
Where we are required to do so in accordance with legal, tax or accounting requirements;
So that we have an accurate record of your dealings with us in the event of any complaints or challenges;
If we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
Please note that where you unsubscribe or opt out from a marketing communication, we need to keep a record of your email address to ensure we do not send you marketing emails in the future.
SECURITY OF DATA
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our site, and our social media pages may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage.
The transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition, we recommend that you take the following security measures to enhance your online safety:
- When creating a password, we recommend use at least 12 characters with a combination of letters and numbers.
- Keep your passwords private.
- Remember, anyone who knows your password may access your account.
- Avoid using the same password for multiple online accounts.
- We will never ask you to confirm any account or credit card details via email. If you receive an email asking you to do so, please ignore it and do not respond and report it to us.
Our site, and social media pages may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites, so we encourage you to read their privacy policies. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.
MARKETING
We intend to add you to our marketing database and will send you information on other products and services SPF can offer or assist you with.
If you would rather not receive this information or market commentary please contact privacy@spf.co.uk.
Please note, if you are an existing customer and you opt out of receiving marketing communications SPF will still contact you prior to the end of your mortgage or in line with any agreed service offering. This is to ensure your financial product remains suitable.
If you (whether an individual or business customer) wish to be removed from our direct marketing list and do not wish to receive any further information from us (opt-out) you can inform us of this by clicking on the link at the bottom of each e-mail communication you receive from us.
YOUR DATA RIGHTS
Data protection law gives you rights relating to your personal information. This section gives you an overview of these and how they relate to the information you give us.
YOUR RIGHT TO ACCESS
You have a right to request copies of the personal information we hold on you, along with meaningful information on how it is used and who we share it with.
This right always applies, but there are some instances where we may not be able to provide you with all the information we hold. For example, we may not be able to provide you with your personal data where doing so could have an adverse impact on one or more of the following:
The privacy, rights or freedoms of other individuals;
The prevention and detection of crime, including financial crimes such as insurance fraud and money laundering;
Legal professional privilege, or;
Negotiations with the individual(s) concerned.
The above list is illustrative only and is not exhaustive, but it does give the most-common scenarios that arise in connection with financial services products.
In order to furnish you with a copy of your personal data that we hold we may need to verify your identify.
Normally, we will tell you if we are unable to provide you with some or all of your personal data and explain why when we respond to your request, unless the relevant laws or regulations prevent us from doing so.
YOUR RIGHT TO RECTIFICATION
If information we hold is inaccurate or incomplete, and this has an impact on the way we are using your data, you have the right to have any inaccuracies corrected and for any incomplete data to be completed.
If you ask us to rectify your information, we will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.
Depending on the type of personal data you believe is inaccurate, we may ask you for further proof to ensure that the personal data is being corrected properly. If we are satisfied that the personal data is inaccurate, we will make the necessary changes.
YOUR RIGHT TO ERASURE (THE RIGHT TO “BE FORGOTTEN”)
You have the right to request that your personal information is erased in certain circumstances, for example if the data is no longer needed for the purpose(s) it was originally collected for. This right does not apply where we have to comply with a legal obligation or where we need personal data for the establishment, exercise or defense of legal claims.
If you ask us to erase your information, we will either confirm to you that this has been done, or if we are unable to delete it, let you know why and also inform you how long we will hold it for. For more information, see the “RETAINING AND DESTROYING DATA” section of this notice.
In addition, if you opt out of marketing communications or have previously opted out of marketing communications, we have to keep a record, of such opt out to ensure that we don’t contact you in the future.
YOUR RIGHT TO RESTRICT PROCESSING
You can ask us to restrict the use of your information in certain circumstances.
If you ask us to restrict your information, we will either confirm to you that this has been done, or if we are unable to restrict it, we will inform you why.
YOUR RIGHT TO OBJECT TO DIRECT MARKETING
You can always object to receiving direct marketing from us.
If you do so, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future.
YOUR RIGHT TO CHALLENGE OUR LEGITIMATE INTERESTS
You can challenge the use of your personal data where we use a legitimate business interest as a lawful basis to process your information. You can find more information on when we use this lawful basis in the “LAWFUL WAYS WE USE YOUR DATA” section of this notice.
If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
YOUR RIGHT TO OBJECT
You can object to us using your information for statistical purposes in some instances.
If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
YOUR RIGHT TO DATA PORTABILITY
In certain circumstances, you have the right to request that your information be compiled into a common, machine readable format and either provided directly to you or sent by us to a third-party you nominate.
If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why.
YOUR RIGHT TO COMPLAIN
If you are unhappy with how we have used your data or if you believe we have failed to fulfil your data rights, you have the right to complain to us, and can contact us to raise your concerns using the details shown in the “HOW YOU CAN CONTACT US” section of this notice.
EXERCISING YOUR DATA RIGHTS
You can exercise any of your data rights by contacting us using the information in the “HOW YOU CAN CONTACT US” section of this notice and telling us which right (or rights) you would like to exercise.