Privacy Policy

Introduction

Brightmelt Habitat Limited is committed to protecting the privacy and security of your personal information. This policy explains how we collect, use, and safeguard information you provide when using our services or visiting our website.

We are registered with the Information Commissioner's Office under registration number ZA473829 and comply with the Data Protection Act 2018 and UK General Data Protection Regulation.

Information We Collect

When you enquire about or use our services, we collect several categories of information necessary to provide retirement planning advice:

Personal identification information including your name, date of birth, contact details, and National Insurance number. We require this to verify your identity and communicate with you effectively.

Financial information including details of your pension arrangements, investment holdings, employment history, income, and assets. This information is essential for providing appropriate retirement planning advice.

Health information where relevant to pension planning decisions, particularly for pension transfer analysis where life expectancy affects recommendations.

Technical information about your visit to our website, including IP address, browser type, and pages viewed. This helps us improve website functionality and user experience.

How We Use Your Information

We process your personal information for specific, legitimate purposes related to providing financial advice and managing our business relationship with you.

Provision of services forms our primary reason for processing your data. We analyse your financial situation, prepare recommendations, implement agreed strategies, and provide ongoing support. This processing is necessary to fulfil our contract with you.

Regulatory compliance requires us to maintain records of advice given, conduct suitability assessments, and report certain information to the Financial Conduct Authority. These obligations arise from legal requirements we must satisfy.

Communication includes responding to enquiries, arranging meetings, providing updates about your pension arrangements, and occasionally informing you about service changes that may affect you.

Business administration covers maintaining client records, managing appointments, processing payments, and conducting internal quality reviews to ensure we maintain professional standards.

Legal Basis for Processing

We rely on several legal bases for processing your personal information depending on the specific purpose.

Contractual necessity applies when processing is required to deliver the services you've engaged us to provide. We cannot provide retirement planning advice without collecting and analysing relevant financial information.

Legal obligations require us to maintain certain records and conduct specific checks. Financial services regulations impose various requirements we must meet regardless of consent.

Legitimate interests cover activities reasonably expected when engaging a financial adviser, such as internal quality reviews or defending against potential complaints. We balance these interests against your rights and only proceed when we determine our interests don't override your privacy.

Explicit consent is obtained when we process sensitive information such as health data for pension transfer analysis. You can withdraw this consent, though doing so may limit our ability to provide certain services.

Information Sharing

We share your information only when necessary for providing our services or meeting legal obligations. We do not sell or rent personal information to third parties.

Pension providers and investment platforms receive information when implementing recommendations. We provide only the details they require to establish accounts or process transfers.

Professional advisers including solicitors or accountants may receive relevant information if you're using their services alongside ours for comprehensive planning.

Service providers who support our operations, such as document storage services or IT support, may access information under strict confidentiality agreements and data processing terms.

Regulatory authorities receive information when legally required, including the Financial Conduct Authority, HM Revenue & Customs, or law enforcement agencies responding to lawful requests.

All third parties receiving your information are required to maintain appropriate security measures and use the information only for specified purposes.

Data Security

We implement robust security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction.

Physical security at our office includes controlled access, secure storage of paper records, and clear desk policies. Only authorised staff can access client files, and we maintain logs of file access.

Electronic security involves encrypted data transmission, password-protected systems, regular security updates, and restricted system access based on role requirements. Our IT infrastructure is maintained by qualified professionals and subject to regular security assessments.

Staff training ensures all team members understand their data protection responsibilities and follow established procedures for handling sensitive information.

While we take extensive precautions, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but commit to maintaining security standards that meet industry best practices.

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy or to meet legal requirements.

Client records including advice documents and supporting information are retained for a minimum of six years after our relationship ends. This reflects Financial Conduct Authority requirements and the potential for complaints or claims within this timeframe.

Financial transaction records are retained for seven years to satisfy tax and accounting obligations.

Once retention periods expire, we securely destroy information using approved methods including shredding of paper records and secure deletion of electronic files.

Some anonymised information may be retained indefinitely for statistical analysis and business development purposes, but this cannot identify you personally.

Your Rights

UK data protection law grants you several rights regarding your personal information.

Access rights allow you to request copies of the personal information we hold about you. We provide this free of charge within one month, though complex requests may take longer.

Correction rights enable you to request amendments to inaccurate or incomplete information. We'll update our records promptly and notify relevant third parties where appropriate.

Erasure rights permit you to request deletion of your information in certain circumstances, though this right is limited where we have legal obligations to retain records.

Restriction rights allow you to request we limit how we use your information, for example while we investigate accuracy concerns you've raised.

Objection rights enable you to challenge processing based on legitimate interests. We'll cease processing unless we demonstrate compelling grounds that override your interests.

Portability rights let you request personal information you provided in a structured, commonly used format for transfer to another service provider.

To exercise any rights, contact our Data Protection Officer using the details provided below. We may need to verify your identity before responding to requests.

Cookies and Website Technology

Our website uses cookies and similar technologies to enhance functionality and understand how visitors use the site. Our separate Cookies Policy provides detailed information about the specific cookies we use and how to control them.

Essential cookies are necessary for the website to function and cannot be disabled. These include cookies that enable navigation and access to secure areas.

Analytics cookies help us understand visitor behaviour, allowing us to improve website design and content. These cookies are used only with your consent.

Changes to This Policy

We review this privacy policy periodically and update it to reflect changes in our practices or legal requirements. The date at the top of this policy indicates when it was last revised.

Significant changes will be communicated to existing clients via email. We encourage you to review this policy when visiting our website to stay informed about how we protect your information.

Contact Information

For questions about this privacy policy or how we handle your personal information, please contact:

Data Protection Officer
Brightmelt Habitat Limited
42 Threadneedle Street
London EC2R 8AY
Email: [email protected]

If you're dissatisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.