Client Privacy Notice

Privacy Notice and Consent

Our Privacy Notice explains how we use your personal data, describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.   

We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information and you can give consent for us to collect and process your personal information as described in this notice. 

Summary

Who we are
Legacy Wealth Management, of 15-17 Chichester Street, Belfast, BT1 4JB acts as controller for the personal information you provide to us.  

Your rights
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator. Contact details are shown here.  

• Gillian Rea – gillianr@legacywm.co.uk or write to us at the address shown above. 

• Information Commissioner: ico.org.uk/global/contact-us  

Your privacy rights are detailed more fully on the following pages.  

How we gather and use personal information
We need to obtain information about you, so that we can provide the financial advice you require. This information is normally obtained directly from clients in a face to face meeting. It may also be obtained by telephone, post or other means. We hold such information as Data Controllers in accordance with the applicable data protection legislation. 

We use this information to analyse your current and future financial needs so that we can ensure that any subsequent advice takes due account of, and is suitable to, your circumstances. We will not share your information with any other party except as indicated in this Privacy Statement or where required to do so by any statutory, governmental or regulatory body for legitimate purposes. 

Sharing and transferring personal information
Where necessary to the provision of our service, we may share your personal information with third parties. The categories of third party are listed later in this notice. We will confirm the actual third parties with whom we might/will share your information when we have identified the product/service providers that we recommend you use. This will usually be done in our suitability report in which we detail our recommendations to you. 

Until you have been informed of the actual third parties with whom we might share your information, and have not withdrawn your consent to that sharing, we will only share in a way that does not enable the third party to identify you. In the course of providing our services, it may be necessary for us to transfer your personal data to organisations located outside of the United Kingdom. Where such transfers occur, we will ensure that appropriate safeguards are in place to protect your personal data in accordance with UK data protection legislation. This includes ensuring that any recipient organisation is subject to legally binding obligations which provide a level of protection for your personal data that is not materially lower than that provided under UK data protection law. These safeguards may include the use of UK-approved International Data Transfer Agreements (IDTAs), the UK Addendum to EU Standard Contractual Clauses, or transfers to countries that have been deemed to provide an adequate level of data protection by the UK Government. We also undertake appropriate due diligence and, where required, risk assessments to ensure that your personal data remains secure, confidential and protected against unauthorised access, loss or misuse when transferred internationally. You can request further information about these safeguards, including copies where relevant, by contacting us using the details set out in this notice. 

Special Category Data
In certain circumstances, in order to provide you with appropriate financial advice, we may need to collect and process information that is classified as ‘special category’ personal data. This may include information relating to your health, for example where this is relevant to life assurance, pension, or protection advice. Where we process special category data, we will do so only where it is necessary for the provision of our services and in accordance with UK data protection law. We rely on consent only where appropriate. Your consent is given by signing this document where indicated on page 4. You have the right to withdraw your consent to the processing of special category data at any time. However, please note that this may affect our ability to provide certain aspects of our services to you. 

Keeping personal information
We keep your personal information securely for as long as we need to for the purpose of providing you with financial advice under the terms of our service/fee agreement (contract) or for as long as we are required to by relevant regulations. 

Legal basis for collecting/processing information
We rely on consent only where appropriate and do not make the provision of services conditional on consent where another lawful basis applies. Your consent is given by signing this document where indicated on page 4. Where you have given us consent, you have the right to withdraw it at any time. We will ask you to reaffirm your consent at least every two years. 

Complaints 
If you believe your rights in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 have been infringed, you have the right to complain to the Information Commissioner’s Office (ICO).

Full Privacy Notice 

Introduction 

We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information.  

Your Privacy Rights 

You have the right to see what personal information we hold about you and you can ask us to correct inaccuracies, delete or restrict personal information or ask for some of your personal information to be provided to someone else. You have the right to object to how we use your personal information. If you need to contact us in relation to any of your rights or wish to make a complaint about how we have used your personal information directly to us or to the Information Commissioner’s Office, you can use the contact details indicated on page 1 of this notice.   

  • Right to withdraw consent: Where you have given us your consent to use personal information, you can withdraw your consent at any time. 

  • Access to your personal information: You can request access to a copy of your personal information.  We will not normally charge for providing this information to you.  Your data may be shared with regulated third-party service providers, such as investment platforms or product providers, strictly under legal obligations and safeguards established in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.  We do not transfer your data outside the UK without implementing safeguards compliant with the Act. 

  • Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a commonly used electronic form. 

  • Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.  

  • Erasure: We do not use your personal data to train third-party AI models and ensure that any AI tools used operate within secure, controlled environments. Any third-party providers we use are subject to appropriate contractual and data protection safeguards. 

  • Right to object: We will only use your personal data for marketing purposes where we have a lawful basis to do so. You will always have the right to opt out of receiving marketing communications at any time. 

  • Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it. 

  • Right to object to automated decision-making: We may use automated tools to assess your financial suitability or risk profile. These tools support, but do not replace, our professional judgement. You have the right to object to solely automated decisions and request human involvement. 

  • Right to know who accesses your data: We may use your personal data for internal compliance monitoring, quality assurance, and regulatory audit purposes, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.  This use is subject to strict internal access controls. 

Legal basis for collecting/processing information 

Where we rely on your consent to process personal information, this will be clearly identified, and you have the right to withdraw that consent at any time. Your consent is given by signing this document where indicated on page 4. 

Where you have given us consent, you have the right to withdraw it at any time. We will ask you to reaffirm your consent at least every two years. 

What kinds of personal information we use

We use information relating to your personal situation and financial position.  

How we gather your personal information

We obtain personal information: 

  • directly from you, usually in a face to face meeting but potentially also by telephone or other means; 

  • from other organisations such as investment/pension/insurance providers, where you have provided authority for them to share information relating to your existing plans; 

  • from your professional advisers, where you have provided authority for them to share information. 

  • We may also obtain some personal information from recording calls or meetings or by making contemporaneous notes of calls or meetings. 

How we use your personal information

We hold your personal information as Data Controllers in accordance with the applicable data protection legislation. We use this information to analyse your current and future financial needs so that we can ensure that any subsequent advice takes due account of, and is suitable to, your circumstances. We will not share your information with any other party except as indicated in this Privacy Statement or where required to do so by any statutory, governmental or regulatory body for legitimate purposes.

Sharing and transferring personal information 

Where necessary to the provision of our service, we may share your personal information with third parties. The categories of third party are listed below.  

  • Insurance Providers 

  • Pension Providers 

  • Annuity providers 

  • Investment Providers 

  • Investment Platforms 

  • Providers of pension transfer comparison reports 

  • Compliance Advisers 

  • Legal Advisers 

  • Back Office Systems Providers 

  • Third Party Software Providers 

We will confirm the actual third parties with whom we will share your information when we have identified the product/service providers that we recommend you use. This will usually be done in our suitability report in which we will detail our recommendations to you. 

Until you have been informed of the actual third parties with whom we will share your information, and have not withdrawn your consent to that sharing, we will only share in a way that does not enable the third party to identify you.

Use of Artificial Intelligence (AI)

We may use Artificial Intelligence (AI) or machine learning technologies in certain aspects of our services or operations. Where this is the case, we do so in accordance with data protection legislation, and only where appropriate safeguards are in place.  

1.AI Assisted Document or Communication Drafting

We may use AI tools to assist in the drafting of communications or documentation (such as suitability reports or internal compliance templates). These tools may analyse structured information to improve clarity, accuracy, or efficiency. No automated decisions are made, and all outputs are reviewed and approved by a human adviser or compliance officer before being issued. 

2. AI Driven Business Analysis or Insights

We may use AI-powered analytics to identify business trends, client preferences, or improve internal operations.  These tools process anonymised or aggregated data to ensure individuals are not identified. All outcomes are interpreted and actioned by human decision makers. 

3. Client Risk Profiling / Suitability Tools

Where AI or algorithmic tools support the assessment of investment risk profiles or financial suitability, they are used as part of a wider, human led advice process. We do not use fully automated systems to make decisions that would have a significant effect on you without human involvement. 

4. AI in Fraud Detection or Security

AI systems may be used to monitor systems or transactions for suspicious patterns that could indicate fraud or cybersecurity threats. These systems operate in real-time and may trigger alerts for manual investigation. 

5. AI in Customer Service (e.g. Chatbots or Virtual Assistants)

We may use AI-enabled chatbots or digital assistants to respond to routine queries. You will be informed when you're interacting with such a system, and you will always have the option to speak with a human. 

6. Automated Decision-Making

We do not carry out any fully automated decision making that produces legal or similarly significant effects without human involvement.  If this position were to change, you would be notified and provided with your rights under data protection law. 

We do not use your personal data to train third-party AI models and ensure that any AI tools used operate within secure, controlled environments. Any third-party providers we use are subject to appropriate contractual and data protection safeguards. 

We do not permit the use of external publicly available AI tools to process client-identifiable personal data unless appropriate due diligence and data protection safeguards have been applied. 

Your Rights

You have the right to request further information about how we use your personal data, including any use of automated systems or profiling.  You also have the right to object to certain types of processing, including profiling, and to request human intervention if a decision has been made solely by automated means. 

Keeping personal information  

We keep your personal information securely for as long as we need to for the purpose of providing you with financial advice under the terms of our service/fee agreement (contract) or for as long as we are required to by relevant regulations. 
 

Consent to process personal information  

By signing this consent, you agree that we can process, both manually and by electronic means, your personal data for the purposes of providing advice, administration and management in relation to your financial affairs, now and until your consent is withdrawn.  

You can withdraw your consent at any time by contacting us at the address shown on page 1 of this Privacy Notice.