Who we are
This website is provided by Profile Pensions. Profile Pensions is a trading name of Financial Solutions Ltd ”), authorised and regulated by the Financial Conduct Authority (FCA Number: 596398, Company Number: 07731925).
Profile Pensions is part of a group which is made up of different legal entities, including:
MFM Investment Ltd, a company incorporated in England and Wales with company number 9088155 and registered office at 90-92 Pentonville Rd, London N1 9HS (“Moneyfarm”).
MFM Investment Ltd – Italian branch, registered office: Largo Carlo Felice, 26 – 09124 Cagliari together, the “Moneyfarm Group”.
This Privacy Policy is issued on behalf of the Moneyfarm Group. As such, any references to “Moneyfarm”, “Profile Pensions” “we”, “us” or “our” in this Privacy Policy are references to the relevant company (as named above) in the Moneyfarm Group which is responsible for processing your data.
Our commitment
We are committed to protecting your personal information and other data provided via this website. If we request information from you which could be identified (”personal data”), information of this type will only be used in accordance with this Privacy Policy. We will be the controller for your data when you purchase a product or service with us. We may also act as data processor, where you gained access to our products or services through another company.
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.
Our products and services are not designed to appeal to or not available to, persons under the age of 18. Therefore, we do not knowingly attempt to solicit or receive any information from anyone under the age of 18.
Lawful basis of processing
Under data protection laws, we must have legal bases in order to process your personal data. The legal bases on which we may process your data are:
Consent: where you have consented for us to process your personal data for one or more specific reasons
Performance of a contract: in order to perform a contract we have with you
Legal obligation: where processing of the data is required by law. We are also required by law to retain certain information of those that register to open an account with us and the data of customers beyond the date when they cease to be our customers
Legitimate interest: in order to carry on the purposes of our business. We also have a legitimate interest in preventing fraud and money laundering and to verify identity, in order to protect our business and our customers; in order to understand how people interact with our website; to provide communication which we think will be of interest to you; to determine the effectiveness of promotional campaigns and advertising
What information do we collect and how do we collect this information from you?
We may need to collect information about you and your computer to allow you to use some services, including:
Identity data: First name, middle name, last name, email, marital status, title, date of birth and gender.
Contact data: billing address and telephone numbers.
Financial data: bank account and payment card details.
Transaction data: details about payments to and from you and other details of products and services you have purchased from us.
Technical data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile data: your username and password, your interests, preferences, feedback and survey responses.
Usage data: information about how you use our website, products and services.
Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.
The information may be collected:
Directly when you register or log on to the website or when you choose to use an available service via our websites, including when you fill out forms, transfer any policies into our agency, upload any documentation, send us any communication by email, fax or post, make an enquiry, complete our fact find and risk profiling questionnaire or any other communication that we receive directly or indirectly from you.
As you browse our websites, including information relating to your browsing patterns and technical data about the equipment you are using to access the websites is automatically collected using cookies, server logs and other similar technologies.
Automatically: as you browse our websites certain information relating to your browsing patterns and technical data about the equipment you are using to access the website is automatically collected using cookies, server logs and other similar technologies. Please see our Cookie Policy for further information.
From third parties/public sources:
technical data may be obtained from the following parties:
analytics providers
advertising networks
search information providers
Contact, financial and transaction data may be obtained from providers of technical, payment, credit referencing, and delivery services based both inside and outside the EU.
Identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside and outside the EU.
We utilise third-party service providers to secure information related to financial crime, fraud, sanctions and Politically Exposed Persons.
What do we do with this information?
We may use your personal data for the following purposes:
to provide the requested services to you;
to monitor traffic patterns and usage of our websites to help to improve the website design and layout;
to record and store communications made via phone, Skype or website chat function;
to personalise your experience on our websites or communications/advertising;
to provide customer service, including to respond to your enquiries and fulfil any of your requests for information;
to send you important information regarding the services and/or other technical notices, updates, security alerts, and support and administrative messages; and
as we believe to be necessary or appropriate:
in order to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law;
to enforce or apply this Privacy Policy; and
to protect our legitimate rights, privacy, property or safety, and/or those of a third party and your rights do not override those interests.
Fraud
We may carry out fraud prevention checks using fraud prevention databases. If false or inaccurate information is provided, and/or fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We may access and use the information recorded by fraud prevention agencies from other countries.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, also depending on whether or not you are considered to pose a fraud or money laundering risk.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services you have requested, or we may stop providing existing services to you.
Pre-populating information
In order to carry out your instructions, we may also pre-populate the forms of third party websites with the personal data you have supplied us with. This may be done manually or through secure and encrypted data transfers.
Retention of your data
We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal reasons. When calculating the appropriate retention period for your data we consider the nature and sensitivity of the data, the purposes for which we are processing the data and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.
For the following reasons, we may retain your data for up to 10 years after you stop being our customer:
to respond to a question or complaint, or to show whether we gave you fair treatment;
to study customer data as part of our own internal research;
to obey rules that apply to us about keeping records.
We may retain your personal data for longer than 10 years if that is required for legal, regulatory or technical reasons.
When we determine that personal data can no longer be retained (or where you request that we delete your data in accordance with your right to do so (please see below for more information), we ensure that this data is securely deleted, anonymised or destroyed.
However, please note that, in some circumstances we may decide to retain your personal data for research or statistical purposes and, in such circumstances, we will anonymise your data before retaining it.
Accuracy of your data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Security of your data
In order to protect your personal data, we have appropriate organisational and technical security measures. These measures include storing data on a dedicated and secure server with at least 256-bit encryption, restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure, and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if appropriate, will notify you and any applicable authority of such a breach.
In addition to the above, where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential and should not share your password with anyone. When setting a password you should make it as secure as possible and not use the same password for different purposes.
Data transfers and sharing your data with third parties
We will not disclose your personal data to third parties other than as described in this section unless it is otherwise legally permitted or required to do so.
We may share your data with other members of the Moneyfarm Group.
We may also need to pass your information to third party service providers which maintain, administer or develop the website on our behalf and the information will only be provided for such limited purposes and as detailed below. In addition, we may provide aggregate statistics about its customers, sales, traffic patterns and related website information to reputable third-parties, but these statistics will include no personally identifiable information.
We may transfer your personal data to third parties of the following types:
companies providing identity or financial validation services;
financial product providers;
payment services companies acting on your, or our behalf;
banks;
companies providing analytics services;
data, service and software providers;
companies collecting and publicising customer reviews;
marketing services companies;
HMRC;
regulatory and law enforcement bodies.
regulated Financial Services firms subject to market abuse regulations that require disclosure of their personnel’s investment activities
accounting firms subject to independence rules which restrict certain of their personnel from holding investments with audited financial institutions.
We do not sell your personal data to any third parties.
The security of your data is important to us and we will therefore, only transfer your data to such third parties if one or more of the following apply:
you have expressly consented to your data being shared with specific third parties;
the third party needs to access the personal data for the purposes of providing any contracted services to you;
the third party has agreed to comply with our instructions, required data security standards, policies, and procedures and put adequate security measures in place;
the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and
a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.
You acknowledge and agree that we may send your information outside of the European Economic Area for processing or use in accordance with this Privacy Policy. As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:
only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;
where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or
where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield.
For more information about how Google will use your personal data, please see Google's Privacy & Terms
Your rights
Your personal data is protected by legal rights, which include:
Right to rectification: you have the right to require us to correct any inaccuracies in your data.
Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.
Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example:
You contest the accuracy of the data and wish to have it corrected;
You object to processing but we are required to retain the data for reasons of public interest; or
Where you are remaining as a customer but do not wish to receive marketing communication.
Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed. Please be aware that this may prevent us from continuing to provide services to you.
Right of access: you have the right to request access to personal data that we may process about you.
Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data. This will not affect the legality of any processing prior to the date of such withdrawal.
If you would like to exercise any of the above rights, please:
put your request in writing and send it to us through your usual registered channel (e.g. registered email);
specify the right you wish to exercise.
For more information or to exercise your data protection rights please, please contact us.
Communications you may receive from us
Service communications
We may process your personal data to send you statements and other important information such as changes to our existing products that you consume if we have a contractual relationship with you. These are called service communications and you may receive them via/through email, phone, post and/or SMS. As service communications are crucial for us being able to deliver the service you signed up for, you will not be able to opt out from receiving them unless you stop using our service completely.
Direct marketing communications
We may process your personal data to send or display direct marketing communications to you, including news about the Moneyfarm Group, via/through email, phone, post, SMS, social media and search, display networks platforms. We will do so only if we have a legitimate interest or you have given us your consent to receiving such communications.
Where we rely on our legitimate interests, you can object to processing at any time by contacting us directly using contact details provided in the How to contact us section at the end of this policy. Alternatively, where we process your personal data for direct marketing purposes based on your consent, you can change and manage your marketing preferences, including withdrawing your consent, at any time within your online account or by contacting us directly using contact details mentioned before. Note that if you opt out of marketing communications, you may still see some marketing material, however it will not be tailored to you.
If, at any time, you would rather not receive such information, please contact us. All emails include links to unsubscribe options, to allow you to stop or tailor the emails you receive at any time.
If you ask not to receive such communications, we will still need to keep your personal data so that you can continue to use the website and so that we can deal with the administration and security of the website. We will still contact you by email or post for anything necessary for the administration of your membership and to comply with any legal or other important conditions; however, we will not then email you or contact you for promotional purposes without your subsequent consent.
We will also contact existing active customers when we think information or a new service is relevant to them. Don’t worry, you will continue to receive these relevant notifications even if you restrict marketing communications.
Personalised marketing communications on social media, search and display networks
We may share your registration details such as your first name, last name, email address, and postcode with third party social media, search and display networks platforms providers for the purpose of displaying tailored marketing communications to you and / or others who possess similar interests and characteristics as you. To find out more about the third parties we may work with, please see the next section below.
In particular, we may upload your registration details on to the third party platforms, who will then match that data with the data they collect and hold about their platform users in order to create custom and lookalike audiences for us. We may use these audiences for the following purposes:
To display tailored marketing communications to custom audiences
Custom audiences are specific groups of individuals. We may create custom audiences of our customers on social media, search and display networks platforms in order to display direct marketing communications in relation to the services they have signed up for. This includes excluding them from receiving communications that we believe they would not find relevant.
When we process your personal data for the above purpose, we rely on our legitimate interests. You can object to this processing at any time by contacting us directly using contact details provided under How to contact us section.
We may display additional marketing communications to you in relation to other services that we provide, but only if you have given your consent to receiving them. You can change and manage your marketing preferences, including withdrawing your consent, at any time within your online account or by contacting us directly using contact details mentioned before.
To display tailored marketing communications to lookalike audiences
Lookalike audiences are groups of individuals that are identified based on interests and characteristics of custom audiences. We may use lookalike audiences on social media, search and display networks platforms in order to display tailored marketing communications to individuals who possess similar interests and characteristics as our customers as we believe they are more likely to be interested in seeing them.
When we process your personal data for the above purpose, we rely on our legitimate interests. You can object to this processing at any time by contacting us directly using contact details provided under How to contact us section.
Note that, we do not have a direct relationship with individuals of lookalike audiences and we are not targeting them as individuals but rather audiences which possess specific interests and characteristics as our customers.
Third party social media, search and display networks platforms that we may use
For the purpose of displaying personalised direct marketing communications as described in the previous section above, we may work and share your personal data with third party social media, search and display networks platforms providers.
These third parties may process the data we provide to them in order to match it with the data they hold about their platform users. When they do so, they act as our data processors. However, when they perform subsequent data processing in order to display personalised marketing communications to custom and lookalike audiences based on the criteria we select, they may perform further data processing as independent or joint controllers. To find out more about the third parties we may work with and their data processing practices, please see the table below:
| Name of the third party | Name of the platform we may use | How the third party may use your data, when you sign up and use their services | How you can manage your ads personalisation settings within the platform |
|---|---|---|---|
| Facebook Ads | About the ads you see from Facebook | ||
| Instagram Ads | Ads on Instagram | ||
| Google Ads | Google Ads Settings | ||
| LinkedIn Ads | LinkedIn Ads Settings | ||
| Microsoft | Microsoft Advertisement | Ad Settings |
Additionally, where the third party participates in self-regulation programmes for Online Behavioral Advertising, you can opt out from the use of your data for interest based advertising by some or all participating companies through these sites:
Your Online Choices (established by the European Interactive Digital Advertising Alliance);
Your Ad Choices (established by the Digital Advertising Alliance).
Use of third party data suppliers
In order to grow and develop our business, we may use your personal data when engaging with third party data suppliers for the purpose of creating target audiences and excluding you from receiving communications from us that we believe you would not find relevant or you have previously opted out from on our website or in our communications with you. When we share your personal data with third parties for this purpose, we rely on our legitimate interests that do not override your own interests, fundamental rights and freedoms.
Promotional offers
You may be eligible for our refer a friend programme, which we run to reward our existing customers and encourage new customer acquisition. To take advantage of this you have to specifically opt in to the programme.
With that said, we may process your first name, surname, and email address for the purpose of running the programme based on our legitimate interests. In particular, we may share your personal data with a third party service provider, Mention Me Ltd, to identify eligibility of individuals to earn a reward.
From time-to-time we may request information from users for the purposes of running contests or competitions. Participation in these contests or competitions is completely voluntary and you, therefore, can choose whether or not to disclose this information for this purpose.
Cookies
For more information about the cookies we use, please see our Cookies Policy.
Cookies and similar technologies
Our website uses cookies and similar technologies such as web beacons (also known as web bugs, pixel tags or clear GIFs) to enable our website to function properly, improve your user experience, provide personalised content and effectively run our marketing campaigns on this and on other websites.
The exact information stored or collected using these technologies will vary depending on their purpose. For example, we may use cookies and similar technologies to collect information about your activity across multiple websites in order to enable us to tailor and target our marketing communications in a way that is timely and relevant to you. We may also use these technologies to identify how you interact with our website and our advertisements on this and other websites, the links you click on and the third party websites from which you arrive at our website. Doing so allows us to measure the performance and effectiveness of our marketing campaigns.
When you visit our website you have the ability to accept or decline these technologies, except where those are strictly necessary for ensuring that our website works as expected. To find out more about what cookies and similar technologies we may use and how you can set and manage your preferences, please refer to our Cookies Policy.
Technical information we collect automatically when you use our online services
To ensure the availability of our online services we may automatically collect information about your device that you use to access our online services. In particular, we may collect information about your IP address and user agent, which further allows us to derive information about the browser and device that you use. This information is used for security and error debugging purposes only. However, in combination with other data, it might enable us to indirectly identify you as an individual.
Embedded content
Our website contains embedded content hosted by a third party service provider, Mention Me. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. We use the embedded content in order to run a refer a friend programme. As a result of that, Mention Me may set additional cookies on your computer or use similar technologies in order to enable you to participate in the programme. For more information, please refer to our Cookies policy as well as Mention Me’s Privacy and Cookies policies.
Changes to the Privacy Policy
No changes to this Privacy Policy are valid or have any effect unless agreed by us in writing. We reserve the right to vary this Privacy Policy from time to time. Our updated terms will be displayed on our websites. It is your responsibility to check this Privacy Policy from time to time to verify such variations.
Links to other websites
Our websites may contain links to and from other third party websites of interest (advertisers and affiliates). However, once you leave this website, be aware that we do not have any control over such websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites and such websites are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy applicable to the website in question.
Contact us
You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO).
We have appointed a data protection officer (DPO) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this Privacy Policy and handling requests in relation the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPO using the details set out below.
by phone at 01772 804 404*;
by email at:
[email protected] (for generic queries) or
dataprotecti[email protected] (for data protection specific queries);
by post at Profile Pensions, Norwest Court, Guildhall Street, Preston, PR1 3NU.
* Note that all calls will be monitored and recorded. Lines operate:
from 9.00 am to 8.00 pm – Monday to Thursday;
from 9.00 am to 5.00 pm – Friday;
closed – Saturday and Sunday.
Complaints
If you believe at any time that we have not handled your data in accordance with this Policy you should contact the Data Protection Officer. You may also contact the Information Commissioner’s Office (ICO) who supervise the protection of data by companies within the UK.
Last updated 3rd October 2023