Please Note:Yorsipp Limited and Yorsipp (Trustees) Limited do not provide financial advice. This website is for information purposes only and should not be construed as advice or as an invitation to buy, sell or enter into any transaction. Please seek the appropriate advice from a regulated financial advisor. Yorsipp uses cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. For more information, please Click Here .

Privacy Policy

Privacy & Fair Processing Notice for Yorsipp

 The Yorsipp Group is made up of different legal entities, details of which are as follows:

  • Yorsipp (Trustees) Limited;
  • Yorsipp Limited;
  • Yorssas Limited; and
  • Yorssas (Trustees) Limited.

This privacy notice is issued on behalf of each of the abovementioned entities, so when we use the terms “Yorsipp”, "we", "us" or "our" in this privacy notice, we are referring to the relevant entity responsible for processing your data. We will let you know which entity will be the controller for your data when you contract with us.

We strive to protect the privacy of all personally identifiable information collected during the course of our activities and it is important for you to know how we process your data. We will process your personal information under the terms of this policy and in accordance with any agreement with you. 

We are a “data controller” in terms under data protection laws (including from 25 May 2018, the EU General Data Protection Regulation 2016 and the Data Protection Act 2018) (“Data Protection Laws”).

We need to process personal data relating to SIPP and SSAS Members; SSAS Trustees; SIPP and SSAS death benefit beneficiaries and potential SIPP and SSAS beneficiaries; and suppliers and professional advisers in order to function effectively as a business, ensure good governance, for audit purposes, to perform our business and to enable us to meet our legal obligations.

Personal data is processed for commercial, administrative, statutory and marketing/promotion purposes (subject to applicable laws). All such personal data is collected and held in accordance with all applicable Data Protection Laws.

What personal information will we use?

This section includes all the ways we may use your personal information, and which of the reasons we rely on to do so. This is where we tell you what our legitimate interests are.

undefined

Failure to Provide Personal Data

In some cases we may need to collect your personal data by law, or in order to perform our side of a contract we have entered into with you or with a view to entering into such a contract, or in our legitimate interests or in the legitimate interests of our members and any beneficiaries. If you fail to provide the requested data, we may not be able to perform under the contract we have with you, or to enter into the contract with you or way may be prevented from achieving our legitimate interests (such as engaging with you). In such circumstances, we may have to cancel the contract, or be unable to conclude the contract, which means we would not be able to provide the product or service to you. If that is the case, we will notify you of that at the time. 

Where do we obtain your information?

In most cases we will obtain this information from you directly, usually at the application stage, at subsequent investment stages, when benefits are paid and on an ongoing basis. We may also receive identity and anti-money laundering checks, for example via the Creditsafe system.

Processing Conditions

We process the personal data referred to above for the purposes of any contract or potential contract with SIPP and SSAS Members, SSAS Trustees, SIPP and SSAS death benefit beneficiaries and potential SIPP and SSAS beneficiaries, suppliers and professional advisers; or for our legitimate interests in order to function effectively as a business, to ensure good governance, for audit purposes, to perform our business activities; and to enable us to meet our legal obligations that we may be subject to. We also process personal information for the purposes of the legitimate interests of our members and beneficiaries.

Who do we share your information with?

The information you provide to us may be accessed by our staff, our auditors, our professional advisors and carefully selected third parties in the course of providing services to us under suitable obligations of confidentiality. 

In particular, we may share your information with the following entities:

  • Delta Financial Systems Limited – provider of SIPP and SSAS administration systems. Where you are a member, trustee or beneficiary of ours, your details may be shared with Delta Financial Systems Limited.
  • Creditsafe Business Solutions Limited – provider of anti-money laundering and credit checks. Where you are a member or trustee of ours, your details may be shared with Creditsafe Business Solutions Limited.
  • GetBusy UK Limited – electronic filing system. Where you are a member, trustee, beneficiary, professional adviser or supplier of ours, your details may be shared with GetBusy UK Limited.
  • Jelf Insurance Brokers Limited – PI broker. Where you are member, trustee, beneficiary, professional adviser or supplier of ours, your details may be shared with Jelf Insurance Brokers Limited.
  • Origo Services Limited – provider of the Origo Options Transfers automated pension transfer service. Where you are a SIPP member or SIPP beneficiary, your details may be shared with Origo Services Limited.
  • The Royal Bank of Scotland – account provider for SIPP members. Where you are a SIPP member of ours, your details may be shared with the Royal Bank of Scotland.
  • Financial, legal, investment and other professional advisers. When required, your details may be shared with our financial, legal, investment and other professional advisers.
  • Regulators (including the Financial Conduct Authority, the Financial Ombudsman Service, the Financial Services Compensation Scheme) - When required, your details may be shared with any applicable regulators.
  • Tracing services – for tracing individuals that we have no address for or have lost contact with. Where you are a member, trustee or beneficiary your details may be shared with Government or private tracing agencies.
  • Banks (including the Royal Bank of Scotland for SIPP and SSAS trustee accounts; other banks for SSAS accounts)
  • HMRC – for tax and reporting purposes.

Security

We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.

Please be aware that unfortunately the transmission of information via the internet or by email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to us and any transmission is at your own risk.

The period for which the personal data will be processed

We will retain personal data securely and only in line with how long it is necessary to keep for the purposes or for a legitimate and lawful reason.

Our typical retention periods are as follows:

Personal Data Held Within:

Retention Period:

Paperwork and contracts with members, trustees and beneficiaries

20 years from the end of the relationship or contract unless there is a legislative or regulatory requirement to hold this for longer, or where we will potentially need this in future in connection with a complaint or claim against us.

Contractors/suppliers/professional advisers

20 years from the end of the relationship or contract unless there is a legislative or regulatory requirement to hold this for longer, or where we will potentially need this in future in connection with a complaint or claim against us.

Some personal data may be retained for longer where it is in our legitimate interest to do so, such as to protect and defend our legal rights; or for research, archiving or statistical purposes. Individuals can request that other information relating to them be erased and we will deal with such requests in accordance with the law.

Transfers outside the European Economic Area

We will not send personal data to countries outside the European Economic Area (‘EEA’)unless specifically requested by a member, trustee or beneficiary or where the transfer is required as a result of our contract with the person concerned. However, carefully selected third parties that we contract with (such as our marketing communications provider, Mailchimp), may send personal data to countries outside the European Economic Area (‘EEA’). If and when this occurs, there will be protections in place to ensure the recipient protects the data to the same standard as the EEA. The protections include: 

  • transferring to a non-EEA country with privacy laws that give the same protection as the EEA.
  • putting in place a contract with the recipient that means they must protect personal data to the same standards as the EEA.
  • transfer personal data to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for personal data sent between the US and EU countries which makes sure standards are similar to what is used within the EEA.

Data subject’s rights

As an individual, you have the following rights as a data subject under applicable Data Protection Laws in relation to the processing of your personal data:

  • The right to request from us access to information held about you - (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • The right to request that inaccurate data held about you is rectified - this enables you to have any incomplete or inaccurate information we hold about you corrected.
  • The right to request the erasure of personal data - this enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • The right to restriction of processing - this enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • The right to object to processing - objection to processing of your personal information can occur where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes; and
  • The right to data portability.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Privacy Manager, in writing (details below).

Where we process your personal data based upon your consent, you have the right to withdraw your consent at any time.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Privacy Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

For more information and guidance about any of these rights please go to the website of the Information Commissioner’s Office at https://ico.org.uk/

Complaints

If you think there is an issue in the way in which we handle your personal data, you have a right to raise a complaint with the Information Commissioner’s Office. Their website contains details of how to make a complaint. However, we ask that you contact us in the first instance to give us an opportunity to resolve the matter.

Changes to this Privacy & Fair Processing Notice

We keep our Privacy & Fair Processing Notice under regular review and reserve the right to update and amend it. This notice was last updated on 31 July 2018.

Further information

For further information about the proposed data sharing set out in this notice, or about any aspect of the processing of your personal data, please contact our Data Privacy Manager:

Kenneth Henderson

Data Privacy Manager

Yorsipp Ltd

Eadie House

74 Kirkintilloch Road

Bishopbriggs

G64 2AH

compliance@yorsipp.com

 

Stay Informed

Enter your email to be kept up-to-date with key insights and industry developments.