Our contact details
Name: The Fry Group
Name of Data Protection Officer for The Fry Group: Aidan Bailey
Head Office Address: Crescent House, Crescent Road, Worthing, West Sussex, BN11 1RN, UK.
Head Office Phone Number: +44 (0)1903 231545
All data protection is overseen by our Head Office, situated in Worthing, UK. However, we are governed and abide by local data protection rules in all of our local offices’ jurisdictions.
This Privacy Notice is issued under the ‘right to be informed’, so that we are clear and transparent with all who engage with our company or group of companies regarding our processing of data.
How does Data Protection apply to The Fry Group?
We are proud to be a global presence, and each jurisdiction that we operate in has different requirements for processing your personal data. We are governed by and follow the rules of the following data protection regulations and its regulators:
|UK||General Data Protection Regulations (GDPR)||Information Commissioners Office (ICO)|
|Belgium||General Data Protection Regulations (GDPR)||Autorité de Protection des Données (APD)|
|Dubai||Data Protection Law DIFC Law No. 5 of 2020||Commissioner of Data Protection (DIFC)|
|Hong Kong||Personal Data (Privacy) Ordinance (PDPO) (Cap. 486)||Privacy Commissioner for Personal Data (PCPD) Hong Kong|
|Singapore||Personal Data Protection Act 2012||Personal Data Protection Commission (PDPC) Singapore|
The type of information we have:
We currently collect and process the following information, where necessary:
- Date of Birth
- Residential address
- Email address
- Telephone number
- Details about and information relating to your investments, finances and any other assets that you hold.
- Details about your income, expenditure, and taxes.
- Information about your circumstances and lifestyle.
- Details about your company or business.
- Copies of identity verification documents (such as passports, driving licence, utility bill, etc, including those with photographs).
- Cookies through our website, to track visit use and compile anonymous statistical reports on website activity.
We may also need to process ‘sensitive data’, such as information about your health or any previous criminal convictions. Where it is necessary for us to record this information, we will only do so with your explicit consent. For more information about ‘consent’ please read the section ‘Why do we have this information?’.
Sometimes, we may need to process data about, or on behalf of, a child. In these instances, we ensure that we stick to our high standard for processing data, as well as taking extra precautions. For further information, please refer to our specific policy ‘Privacy Notice for Children’s Data’, which can be provided upon request in either electronic or paper format.
How we get this information:
Most of the personal information we process is provided to us directly by you, for one of the following reasons:
- We require the information to ensure that we can provide you with any contracted services, as agreed to in our Service Charters and/or Terms of Engagement.
- We are required to by law, to meet certain regulations or legal requirements e.g. Anti-Money Laundering, local tax office reporting, etc.
- You wish to attend or have attended one of our seminars or webinars.
- You have given us express consent to record certain information, as is relevant to your required services.
We also receive personal information indirectly, from the following sources in the following scenarios:
- We may receive data about you from another person if it is relevant. For example, a client may tell us their child’s name and age if they wish for investments to be earmarked for them, or a client might tell us information about their family so that we can recommend a suitable protection product.
- Our Estates team may ask for information about family members, friends, or acquaintances in order to prepare your Will or Power of Attorney documents.
- You may have appointed someone to act on your behalf, or to provide information to us on your behalf e.g. an Attorney or given signed and written authority to a spouse.
- We may receive data from a provider when we take over or become the servicing agent on a product that you have with them.
- We may receive information from government, regulatory bodies or other professional agencies (such as tax offices, etc).
If a client chooses to share information about another person (the data subject), it is deemed that they have consent from the data subject to share this information. In these instances, it is the client that is responsible for sharing this information, and it is not The Fry Groups responsibility to ensure that this data is accurate or to obtain consent from the data subject.
Why do we have this information?
Under data protection regulation, the lawful bases we rely on for processing this information are always one of the following:
Your consent. Some information (known a ‘sensitive data’) we can only process with your explicit consent. At The Fry Group, we will always ask for your express consent to do so for any health data or details relating to criminal convictions. You can withdraw your consent at any time by contacting your executive, or the data protection officer on the contact details given in this document.
We have a contractual obligation. This is so that we can provide you with the services that you have agreed to when engaging with us for business. These terms can be found in our Service Charters or Terms of Engagement.
We have a legal obligation. For example, reporting to regulatory bodies, local authorities, or governments. We may also need to retain your data if we believe that we may need to rely on it to defend ourselves in any future legal disputes.
We have a legitimate interest. This is when it is either in our, or your, best interests to do so, and is often on a case-by-case basis. We will only rely on this basis when we believe there is minimal or no impact on you.
What we do with the information we have:
We use the information that you have given us in order to:
- Set up and provide ongoing servicing of investment products with third-party companies or providers on your behalf.
- Write and register/set up a Will, Power of Attorney or Trust on your behalf.
- Complete and submit a tax return for you or your business.
- Fulfil any other services for which you have requested or entered into a contract with us for.
- Provide you with specific updates on your investments, products, or accounts.
- Provide you with general sector and market updates.
- Send specific marketing that we believe will be of interest to you.
- Comply with regulatory or legal requirements, such as reporting to local tax or money laundering services.
|Reason for Processing||Lawful Basis for Processing||Third Party Recipient Linked to that activity|
|To provide you with intermediary services for financial products.||To fulfil a contractual obligation||Product providers|
|To apply for quotes and products on your behalf.||To fulfil a contractual obligation||Product providers|
|To submit tax returns on your behalf||To fulfil a contractual obligation||Government or local authorities.|
|To produce and register wills and power of attorney documents on your behalf.||To fulfil a contractual obligation||Government or local authorities.|
|To establish trusts and other legal entities on your behalf.||To fulfil a contractual obligation||Providers and Trust Companies.|
|Setting up company formations.||To fulfil a contractual obligation||Government or local authorities.|
|To send marketing communication to you.||Consent||None.|
We may be required to share your information with third parties, such as (but limited to) different providers of financial and investment products, local tax offices and agencies as well as governments and regulatory bodies (for legal reporting) and will only ever do so to either fulfil a contractual obligation or to meet a legal requirement. We have contracts in place with our data processors and this means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct. They will not share your personal information with any organisation that does not have a legitimate need to process your data.
We will never sell your data to third parties or for marketing purposes.
How we store your information
Your information is securely stored electronically on our servers that are located in the UK. Our back-up servers are also located in the UK. We do not back up to any cloud storages.
In the UK we store paper files securely in our offices, and also in a secured warehouse where they are reviewed regularly to see if we are required to retain them, or if they can be safely and securely destroyed. For all other offices, our paper files are stored securely in our offices.
We are also subject to regulatory requirements to retain your data for specified minimum periods. These are, for example:
- Three years for mortgage business and insurance business.
- Five years for investment business and self-assessment tax returns.
- Forty years for any records in Belgium
- Indefinitely for pension transfers and opt-outs
These are minimum periods, during which we have a legal obligation to retain your records.
We also reserve the right to retain data for longer than this due to the possibility that it may be required to defend a future claim against us. With the exception of any estate planning services, advice or investments, we won’t retain your personal data for longer than past the time of your death.
We will then dispose of your data by deleting it from our systems (if electronic) or safely disposing of paper files by sending the documents to a third-party secure shredding company who will then confirm disposal.
As we are a group of companies, it may be necessary under the above-mentioned lawful bases for any member of one of the Fry Group of companies to access and/or process your data. Your data will remain protected under the specific company to which you gave this information, but to fulfil our contractual and legal obligations, this data may (from time to time) be accessed by any employee of The Fry Group. All employees are held to the same high standard of data protection, so you can be assured that your data will be treated with the same care and precision no matter where in the world you are.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. However, if the request is excessive or will require a substantial amount of work, we are allowed to request a small fee to cover this. If you make a request, we have one month to respond to you. Please note that under different lawful bases, not all rights will apply. However, we will gladly discuss this with you, and explain any reasons why we may not be able to meet your expectations and we will work with you to make sure that you are happy. Please contact us at firstname.lastname@example.org if you wish to make a request.
How to contact us
We have a specified Data Protection Officer of The Fry Group, Aidan Bailey. If you have any specific concerns about your data or this Privacy Notice, please contact him directly via:
Telephone: +44 (0)1903 231545
Or you can write to him at any of our office addresses.
How to complain
If you are unhappy with how we have used your data, please do contact us first to see if we can resolve the issue. However, you always have the right to complain directly to your local data protection authority, and to contact them for any further information on the regulations in the countries that we operate in. If you wish to do this, please contact the applicable authority, as listed below.
If you are a client of any of our UK offices, you can contact the ICO:
Information Commissioner’s Office,
Telephone number: +44 (0)303 123 1113
If you are a client of our Belgium office, you can contact the Autorité de Protection des données:
Address: Autorité de Protection des données
Rue de la Presse 35
Telephone: +32 (0) 2 274 48 00
If you are a client of our Dubai office, you can also contact the DIFC:
Address: DIFC Commissioner of Data Protection
PO Box 74777
Telephone: +971 (0)4 362 2222
If you are a client of our Hong Kong office, you can contact the Privacy Commissioner for Personal Data, Hong Kong:
Address: Privacy Commissioner for Personal Data
Room 1303, 13/F, Sunlight Tower
248 Queen’s Road East
Telephone: +852 2827 2827
If you are a client of our Singapore office, you can contact the Personal Data Protection Commission:
Address: Personal Data Protection Commission
10 Pasir Panjang Road
#03-01 Mapletree Business City
Telephone: +65 6377 3131