Oregan Financial Services Ltd t/a Blackthorn Capital (“the Company”) is committed to protecting and respecting your privacy. The Company wishes to be transparent on how your data is processed and demonstrate to you that the Company is accountable with the General Data Protection Regulation (“GDPR”) in relation to, not only processing your data, but ensuring that you understand your rights as a client.
It is the intention of this privacy statement to explain to you the information practices of the Company in relation to the information the Company collects about you.
For the purposes of the GDPR the data controller is:
• Oregan Financial Services t/a Blackthorn Capital
• Contact Details: 202 Q House, Furze Road, Sandyford, Dublin 18
01 293 7200
In all instances ‘the Company’ is Oregan Financial Services Ltd t/a Blackthorn Capital.
Please read this Statement carefully as this sets out the basis on which any personal data the Company collects from you, or that you provide to us, will be processed by the Company.
As a Financial Advisory firm, Oregan Financial Services Ltd t/a Blackthorn Capital (‘the Company’) is authorised by the Central Bank of Ireland to provide financial advice on a ‘fair analysis of the market’ basis. The Company provides financial advice to consumers, which includes advice in relation to Investments, Pensions (Pre & Post Retirement) and Life & Serious Illness Cover. The Company is authorised to receive and transmit orders to Product Producers in relation to shares in companies or bonds that are listed on a stock exchange, Prize Bonds, Units or Shares in undertakings for Collective Investment Schemes including Unit Trusts and UCITS, Tracker Bonds, Insurance Policies and Personal Retirement Savings Accounts.
Data which is Processed:
The Company will hold:
§ Identity verification documentation, including your contact information;
§ Financial details/financial circumstances;
§ Marital status;
§ Information about your policies provided by others e.g. Life Assurance Company, Pensioneer Trustees, Employer, Fund Managers, Solicitor or Bank;
§ Information for which you have given consent to the Company to use; and
§ Information on your health which you have provided to us for the purpose of applying for a risk related contract.
The Company will collect the following information:
§ Provided by you
§ Provided by a Third Party Company such as a Life Assurance Company, Pensioneer Trustee, Employer, Fund Manager, Solicitor or Bank.
Why is data processed?
Legal basis – The Company uses your data as a necessary step in relation to a contract of insurance to which you have entered into or because you have requested this to be carried out on your behalf so that you can enter into a contract. It is also used when the Company is providing Financial Advice and services to you as well as to comply with legal responsibilities and Central Bank regulations, such as compliance with its “Know your Client” obligations as set out by the Consumer Protection Code 2012. It may also be used for legitimate interests such as managing the business, providing service information, conducting marketing activities, training and quality assurance and strategic planning.
The Company is committed to ensuring that the information the Company collects and uses is appropriate for this purpose and does not constitute an invasion of your privacy. Your data is only used where you have agreed or explicitly consented to the use of your data in a specific way. This consent can be withdrawn at any time.
How will the Company use data?
The Company will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). The Company will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Where special categories of personal data (e.g. health, religious beliefs, racial, ethnic origin etc.) are collected – the Company will ensure that your explicit consent has been obtained.
With whom is data shared?
The Company may pass your personal data to third-party service providers contracted to the Company (eg Life Assurance Company) in the course of dealing with you. Any third parties with whom data is shared are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with GDPR procedures.
Personal sensitive data will only be shared with third parties when the Company has obtained your explicit consent, unless the Company is legally required to do otherwise.
In the event that the Company transfers your personal data to a third party or outside the EU, the Company, as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
In providing services, the Company may share your information with:
§ Your Authorised representatives;
§ Third parties with whom: (i) the Company needs to share your information to facilitate transactions you have requested, and (ii) you request the Company to share your information;
§ Service providers who provide the Company with support services;
§ Statutory and regulatory bodies and law enforcement authorities, receivers, liquidators, examiners, Pension fund administrators, trustees of collective investment undertakings and Pensioneer trustees insurers/re-insurers, Healthcare professionals and medical consultants;
Data Subjects Rights
The Company will facilitate your rights in line with its data protection policy and the subject access request procedure. This is available on request.
Your rights as a data subject
At any point while the Company is in possession of or processing your personal data, you, the data subject, have the following rights:
§ Right of access – you have the right to request a copy of the information that the Company holds about you.
§ Right of rectification – you have a right to correct data that the Company holds about you that is inaccurate or incomplete.
§ Right to be forgotten – in certain circumstances you can ask for the data the Company holds about you to be erased from our records.
§ Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
§ Right of portability – you have the right to have the data the Company holds about you transferred to another organisation.
§ Right to object – you have the right to object to certain types of processing such as direct marketing. You may withdraw consent at any time where processing is based on consent.
§ Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
§ Right to judicial review: in the event that the Company refuses your request under rights of access, the Company will provide you with a reason as to why it is refused.
Additional information the Company are providing you with to ensure the Company are transparent and fair with our processing:
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which it was obtained. How long the Company holds your data for is subject to legislation and regulatory rules that the Company adheres to which is set by authorities such as the Central Bank of Ireland.
In the event that you wish to make a complaint about how your personal data is being processed by the Company or how your complaint has been handled, you have the right to lodge a complaint directly with the Company or another supervisory authority.
If you request a copy of the information that the Company holds about you and if the Company is unable to deal with your request fully within a calendar month (due to the complexity or number of requests) the Company may extend this period by a further two calendar months and shall explain the reason why. If you make your request electronically, the Company will try to provide you with the relevant information electronically. You also have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at: Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231 Fax: +353 57 868 4757 E-mail: email@example.com Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois. 11.
Failure to provide further information
If the Company requires your data for a contract and you cannot provide this data the consequences of this could mean that the Company may not be able to:
§ Provide requested services to you
§ Continue to provide or renew existing products or services
§ Assess suitability
§ Recommend a product or service provided by the Company
Security of Customer Data
The Company has put security measures in place to protect the security of your personal data and special categories of personal data. Third parties will only process your data on the Company’s instructions and where they have agreed to treat the information confidentially and to keep it secure. The Company has put in place appropriate security measures to prevent your personal data being accessed in an unauthorised way. Your personal data is held on a secure computer and manual files shall not be processed for any other purpose than those set out in this Privacy Statement. The server and cloud services the Company uses to store this information is accessible to authorised staff only and are protected appropriately.
Profiling – Automatic decision making
The Company uses profiling in conducting its business of which the main categories are:
§ Risk profiling
§ Profiling for marketing purposes
§ Establishing affordability and providing quotations for financial services products
To establish a customer’s attitude to investment risk (relates to pensions and investments) the Company have automated calculators which calculate our client’s attitude to various levels of risk having answered a series of questions.
Profiling for marketing purposes:
When the Company seeks to contact you about other services, as outlined above the Company may run automated queries on our computerised data base to establish the suitability of proposed products or services to your needs.
Establishing affordability and providing quotations for financial services products:
Automated systems are used by the Company to provide quotations and Pension reporting for insurance and pension contracts.
If the Company intends to further process your personal data for a purpose other than for which the data was collected, the Company will provide this information prior to processing this data.
Your privacy is important to us. If you have any comments or questions regarding this statement, please contact us on (01) 293 7200 or firstname.lastname@example.org