Hanna Hillen Financial Services LLP ("We", “Us”) is committed to protecting and respecting your privacy. This Privacy
and Cookies Policy (“Policy”) (together with and any other documents referred to therein) sets out the basis on which
the personal data collected from you, or that you provide to Us will be processed by Us. Please read the following
carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the UK GDPR, General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018
(collectively the “Data Protection Laws”) the Data Controller is Hanna Hillen Financial Services LLP.
We are an authorised representative of the Best Practice IFA Group Limited (“Best Practice”), who assist Us with
various aspects of our compliance activity, including FCA compliance, AML checks and data protection. In order that
Best Practice can provide these services, We are required to send across personal data We have collected. More
information about how Best Practice will use your personal data can be found in their Privacy Notice at
YOUR PERSONAL INFORMATION
We collect and process some or all of the following types of information from you in the course of providing our
services and other information to you and your use of our website www.hanna-hillen.com “Website”
Information that you provide to us by any means, when you request information from us, or provide information to
us with the intention of enabling us to provide you with advice and/or ongoing servicing
The provision of your name, address and date of birth, as well as certain other personal data that We will notify you
of from time to time, is required from you to enable Us to advise you and to fulfil our regulatory and legal obligations.
We will inform you at the point of collecting information from you, whether you are required to provide the
information to Us.
The types of information that you are required to provide to us will vary depending on the products that they are
advising you about, but will usually include:
date of birth;
other information as required by your chosen product providers or as required by our regulators; and
information about your financial affairs, tax affairs, assets and liabilities;
and may also include special category personal data relating to:
If you contact Us, we may keep a record of that correspondence.
We may also ask you to complete surveys that We use for research purposes, although you do not have to
respond to them.
Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and
other communication data, and the resources that you access.
In order to provide financial planning services to you in accordance with this agreement, this may include but is not limited to giving you financial advice and making recommendations as to investments and financial products which are suitable for you. We do so by taking into account current financial markets and economic conditions, availability of products and the providers of those products, as well as a detailed analysis of your personal circumstances and financial requirements and objectives.
Where you have investments or other types of polices, we will obtain information on these either from you or, upon agreement from you, directly from the providers concerned. We will assess your Attitude to Risk and Capacity for loss and record this in our documentation. We will retain records of any investments or policies that you arrange through us.
Where we are providing an ongoing service we will update the information as part of our review process and note our records.
Information may be obtained from you face to face or through e-mail or completion of online documentation. As the information is required to enable us to provide our services, if you choose not to provide it we may not be able to continue to advise you.
Where we obtain your data otherwise than directly from you, you will have the same or equivalent rights to those set out in this Notice.
If you contact Us, We may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.
Information We Collect From Other Sources
We may request information on any existing plans and policies you may currently hold to assist us in research for
full financial review. We will also obtain personal data from other sources as follows:
Financial details on your policy(s) from Professional Introducers and Insurance Companies
USES MADE OF YOUR INFORMATION
Lawful basis for processing
We use information held about you for the following purposes:
To provide you with our services and to carry out our obligations arising from any contracts entered into
between you and Us, including:
To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you.
To operate, protect and improve Our services, Our business, and Our clients' experience.
To respond to any enquiries you submit to Us.
As part of Our efforts to keep Our services safe and secure.
Where we have a contract with you to provide our services, and where the processing of your data is necessary to perform such contract, we rely on “performance of a contract with the data subject” as the legal basis for the processing. In all other circumstances we rely on “legitimate interest” and our legitimate interests are improvement of our services and/or prevention or detection of fraud.
Where you provide us with special category data, this will be used solely with your consent to research and advise on one or more products to suit your needs and to assist you with applications for and management of such products, and to provide such special category data to Best Practice and third party providers so that they can carry out the services that they provide to Us.
To comply with our legal obligations as an authorised representative of an FCA regulated entity, including preparing and sending reports and submissions to Best Practice and/or regulatory authorities such as the FCA. “Compliance with a legal obligation” is the lawful basis on which we rely when we are carrying out regulated activities.
To ensure that content on the Website is presented in the most effective manner for you and for the device(s) you use to access and view the Website. In these circumstances we rely on “legitimate interest” and the legitimate interest is the improvement of our services.
In these circumstances we rely on “consent” to our use of non-essential cookies.
We also use your personal data where you have contacted Us via the Website, by e-mail or telephone or participated in any surveys. In these circumstances we rely on “legitimate interest” and the legitimate interest is responding to and contacting you regarding the enquiries you have made in relation to the services We offer.
When we speak with you about your investment and insurance requirements, we do so on the basis that both parties are entering a contract for the supply of services. We have the right to use your personal data in order to perform that contract, and to arrange the products or services that you require.
Alternatively, either in the course of initial discussions with you or when the contract between us has come to an end, we have the right to use your personal data provided it is in our legitimate business interest to do so and your rights are not affected. For example, we may need to respond to requests from product providers, insurance providers or third party service providers, compliance providers relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.
We will use your personal data to comply with regulatory obligations imposed by the Financial Conduct
Authority in regard to the relevant ‘Know Your Client’ obligations. In addition, to comply with the Regulator’s requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken, customer histories, or for any other wider compliance with any legal or regulatory obligation to which we might be subject.
To respond to any legitimate legal requests for information about you for example to the Regulatory authority, HMRC, or pursuant to an order of any court or tribunal having relevant jurisdiction, or as required by law for the purposes of but not limited to combatting fraud, money-laundering and criminal activities.
To carry out our legitimate business and professional management responsibilities which include, but are not limited to providing you with suitable advice, ensuring your portfolio and financial products continue to be suitable for you, adhere to anti money laundering requirements and investigating and resolving complaints.
We may also rely on your consent as provided when you sign up to using our Services as the lawful basis on which we collect and use your personal data.
The basis upon which we will process certain parts of Your Personal Data
Where you ask us to assist you with for example your insurance needs, in particular life insurance, we may ask you information about your, your health (special data). We will record and use this special data to make enquiries of insurance providers in relation to insurance products that may meet your needs and to provide you with advice regarding the suitability of any product that may be available to you.
Information on Special Category Data must be capable of being exchanged freely between insurance intermediaries such as our Firm, and insurance providers, to enable customers to secure the important insurance protection that their needs may require from time to time.
Purposes of processing
We use information held about you in the following ways:
To provide you with our services.
To ensure that content on the Website is presented in the most effective manner for you and for the device(s) you use to access and view the Website;
To provide you with information and offers that you request from us or which we feel may interest you.
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.
Who has access to your information?
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
From time to time your Personal Data will be shared with:
Investment, insurance and other financial service product providers.
Third parties to assist us in the delivery of our services to you e.g. to assist us with your enquiry or applications, or who are able to support your needs as identified. These third parties may include but are not limited to, our Compliance advisers, paraplanning support providers, product specialists, investment firms, third party research/ analysis firms, estate agents, providers of legal, accountancy, IT and other back office support services.
In each case, your Personal Data will only be shared for the purposes set out in this privacy notice, e.g. to progress your or our investment, insurance and other enquires and/or to provide you with our professional services or to comply with any legal, regulatory or other legislative requirement.
Please note that this sharing of Your Personal Data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this Privacy Notice.
In addition to the above uses we may use your information to notify you about goods or services which may be of
interest to you. Where we do this, we will contact you by electronic means (e-mail or SMS) only if you have consented
to such communication. If you do not want Us to use your data in this way please either (i) tick the relevant box
situated on your service charter on which We collect your data; (ii) unsubscribe from our electronic communications
using the method indicated in the relevant communication; or (iii) inform Us at any time by contacting Us at the
contact details set out below.
DISCLOSURE OF YOUR INFORMATION
We routinely disclose your personal data to third parties as follows:
We pass your information to Best Practice, who provide us with various compliance services. Best Practice is a separate data controller, and details of what they do with your data can be found here: https://www.bestpractice.co.uk/best-practice/privacy-policy.
We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (e.g. to host our servers).
We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our
ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where
We may also disclose your personal data to third parties:
in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our client agreement/service charter; or
to protect Our rights, property, or safety or that of our affiliated entities and our users and any third party we interact with to provide the Website; or
in relation to selected third parties only, only to the extent that you have consented to such selected third parties notifying you about certain goods or services, which may be if interest to you.
Other than as set out above, and save insofar as is necessary in order for us to carry out our obligations arising from
any contracts entered into between you and us, we will not share your data with third parties unless we have
procured your express consent to do so.
STORING YOUR PERSONAL DATA
We take appropriate measures to ensure that any personal data are kept secure, including security measures to
prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to
your personal data to those who have a genuine business need to know it. Those processing your information will
do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any
applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our
best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any
transmission is at your own risk. Once we have received your information, we will use strict procedures and security
features to try to prevent unauthorised access.
The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers
and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy
Please check these policies before you submit any personal data to these websites.
Keeping your personal data up to date
If your personal details change, you may update them by accessing this data through the Wealth Platform Portal, or
by contacting us using the contact details below. If you have any questions about how we use data collected which
relates to you, please contact us by sending a request by email to the contact details below.
We will endeavour to update your personal data within seven working days of any new or updated personal data
being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as
How long we keep your personal data
We will hold personal data (e.g. name, address, date of birth and contact details) in line with our regulatory and legal obligations as set out by our regulator – currently a minimum of 5 years for investment business and indefinitely for occupational pension transfer or opt-out business.
If you contact us as a prospective customer by any method e.g. face to face meeting, using our e-mail address or via our website contact form requesting general information about our services, we will hold that personal data you choose to provide such as, but not limited to, your name, address, e-mail address, for 12 months from our last point of contact.
Data such as IP Addresses, traffic data, location data, weblogs and other communication data will be retained for 26 months.
Where we store your personal data
All of the information that we hold about you is stored on our secure servers within the EEA.
The data that We collect from you may be transferred to, and stored at, a destination outside the European Economic
Area ("EEA"). By submitting your personal data, you agree to this transfer, storing or processing. We will take all
steps reasonably necessary to ensure that your data is held securely and in accordance with this Policy. Countries
outside the EEA do not have the same data protection laws as the United Kingdom and EEA and We have therefore
ensured that any of our suppliers who may transfer your personal data outside the EEA has put in place appropriate
measures to protect your data, either by being a member of the US-EU Privacy Shield, or by entering into a European
Commission approved contract (as permitted under Article 46(5) of the General Data Protection Regulation).
If you would like further information, please contact Us or the Compliance Director at Best Practice (see ‘Contact’
below). We will not otherwise transfer your personal data outside of the United Kingdom or EEA or to any
organisation (or subordinate bodies) governed by public international law or which is set up under any agreement
between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge.
In summary, those include rights to:
access to your personal data and to certain other supplementary information that this Policy is already designed to address
require us to correct any mistakes in your information which we hold
require the erasure of personal data concerning you in certain situations
receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal data concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal data
otherwise restrict our processing of your personal data in certain circumstances
claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance
from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection
If you would like to exercise any of those rights, please:
• email, call or write to us or our Compliance Director at Best Practice IFA Group Limited (see the contact
section below for details)
• let us have enough information to identify you (e.g. Account Number, User Name, Registration details)
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility
or credit card bill), and
• let us know the information to which your request relates (including any account or reference numbers, if
you have them)
HOW TO COMPLAIN
We hope that we or our Compliance Director can resolve any query or concern you raise about our use of your
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in
particular in the European Union (or European Economic Area) state where you work, normally live or where any
alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information
Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
We reserve the right to modify this Policy at any time. Any changes we may make to our Policy in the future will be
notified and made available to you using the Website. Your continued use of the services and the Website shall be
We may collect information about your mobile phone, computer or other device from which you access the Website
including where available your IP address, operating system and browser type, for systems administration and to
report aggregate information to third parties affiliates. This is statistical data about our users’ browsing actions and
patterns, and does not identify any individual. We may, however, use such information in conjunction with the data
we have about you in order to track your usage of our services.
good experience when you browse our Website and also allows us to improve the Website. By using our Website
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if
you agree. Cookies contain information that is transferred to your computer's hard drive.
The cookies we use include:
“Analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
“Strictly necessary” cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.
“Functionality” cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
“Targeting” cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed to our affiliate’s websites. We will use this information to make our Website, offers emailed to you and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Cookies used and their expiry time:
_ga Google Analytics Used to distinguish users - 2 Years
_gid Google Analytics Used to distinguish users - 24 hours
_gat Google Analytics Used to throttle request rate. If Google Analyticsis deployed via Google Tag Manager, this cookie will be named - 30 days
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some
cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be
able to access all or parts of the Website. Unless you have adjusted your browser setting so that it will refuse
cookies, our system will issue cookies as soon as you visit our Website.
All questions, comments and requests regarding this Privacy and Cookies Policy should be addressed to
firstname.lastname@example.org OR write to us at 85-87 Hill Street, Newry, Co Down, BT34 1DG. Or alternatively please
contact our Compliance Director at Best Practice IFA Group Ltd, Broadlands Business Campus, Langhurstwood Road,
Horsham, West Sussex, RH12 4QP, telephone number 01403 334455, or via email at email@example.com