Privacy Policy

About us 

Profile Pensions is a trading name of Profile Financial Solutions Ltd  (“we”, “our” and “us”), authorised and regulated by the Financial Conduct Authority (FCA Number: 596398, Company Number: 07731925). To find out more about our company and the services we provide, please visit our About us page. 

About our Privacy Policy

This Privacy Policy is prepared to provide you with more information about how Profile Pensions may process your data, when you use our services, and your data protection rights in relation to this data.

In respect to your personal data, Profile Financial Solutions Ltd is the data controller and we are committed to ensuring that we process it in accordance with the applicable data protection laws and regulations including Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).

Please read this Privacy Policy carefully and if you have any further questions, contact us using the details provided in the How to contact us section at the end of this policy.

Data we collect

In order to be able to provide our services to you we may obtain your data from various sources. In particular: 

  • Directly from you, when you sign up to our services and complete our fact find and risk profile questionnaire. Depending on your interaction with us, we may obtain additional information through our customer surveys, phone calls, emails and letters, social media platforms or any other means of communication that you use to interact with us. Equally, we may obtain additional information about you including your personal data through cookies and similar technologies that we use on our website (for more information, please refer to our Cookies Policy).

  • Indirectly from you, when authorised third parties share your personal data with us. For example, companies that introduce you to us, financial advisers, insurers, retailers, comparison websites, social media platforms, fraud prevention agencies, other financial services companies, public information sources, agents, suppliers, sub-contractors and advisers, market researchers, firms we use to help us to run accounts and services, specialist companies who advise us on ways to develop and improve our business, government and law enforcement agencies and third party data suppliers we may use for marketing purposes. Your personal data may also be shared with us by companies that provide identity verification and anti-money laundering services to us.

Types of personal data we process

Depending on your interactions with us, the types of personal data we process may include: 

  • your first name and last name, date of birth, National Insurance number and contact details (including your postal address, email address and telephone number);

  • your residential address and history of where you have lived;

  • your social relationships including family, friends and other relationships;

  • financial data including your financial position;

  • socio-demographic data including details about your employment, nationality, education and where you fit into general social or income groupings;

  • transactional data such as details about payments you make into, and withdrawals from your pension;

  • contractual data such as details about the services we provide to you and the products we arrange for you;

  • technical data about the devices you use to access our services such as online identifiers including IP addresses and cookie identifiers, browser information, geographical location;

  • behavioural and usage data such as details about how you use our services and the products we arrange for you as well as how you interact with our marketing campaigns; 

  • other data that we obtain from your documents or their copies that are shared with us such as from your passport, drivers licence or birth certificate;

  • publicly available data that is openly available about you on the internet and in public registers such as Electoral Register;

  • data about any consents, permissions or preferences you give us including how you want us to contact you;

  • any other personal data that you directly or indirectly provide to us in relation to the services we provide and /or marketing campaigns we run and you interact with. 

We may also process special categories of personal data that require additional protection such as:

  • data about your health and personal circumstances that you provide as part of signing up to our services and completing our fact find questionnaire. When we process this data, we process it only in order to provide you services in line with vulnerable customers guidelines.

Information security and retention

We are committed to take reasonable technical, procedural and organisational measures to keep your personal data secure. 

We retain your personal data for no longer than is necessary for the purposes it was collected for. In particular, we will keep your personal data for as long as you are a customer of Profile Pensions.

For the following reasons, we may retain your data for up to 10 years after you stop being our customer:

  • to respond to a question or complaint, or to show whether we gave you fair treatment;

  • to study customer data as part of our own internal research;

  • to obey rules that apply to us about keeping records.

We may retain your personal data for longer than 10 years if that is required for legal, regulatory or technical reasons.

International data transfers

Profile Pensions is based in the United Kingdom. However, in order for us to be able to provide you with our services and perform other data processing activities as described in this policy, your personal data may be transferred and processed outside the UK. 

We will only transfer your personal data to third countries if the transfer is covered by adequacy regulations, is an exemption, or we have other appropriate safeguard such as Standard Contractual Clauses in place with the receiving party.

Who we may share your personal information with

We may share your personal information with third parties so that we can provide you with our services, arrange products for you, run, improve and grow our business, and obey rules that apply to us. The types of third parties that we may share your personal information with include:

  • authorities (official bodies) such as central and local government, HM Revenue & Customs, regulators and other tax authorities, UK Financial Services Compensation Scheme and Law enforcement and fraud prevention agencies;

  • organisations that help combat fraud and other financial crime such as registered Fraud Prevention Agencies (FPAs), other agencies and bodies acting for the same purpose, industry databases used for this purpose and insurers.

  • financial services product providers, such as pension providers;

  • third party companies we work with to provide services to you and to run our business including agents, suppliers (including an outsourced IT service provider), sub-contractors and advisers, other financial services companies (to help prevent, detect and prosecute unlawful acts and fraudulent behaviour), independent financial advisors, price comparison websites and similar companies;

  • third party companies we use to help grow and improve our business including organisations that introduce you to us such as price comparison websites, market researchers, advisers who help us to come up with new ways of doing business such as a legal firm, IT supplier or consultancy, third parties that provide analytics and advertising services and third party data suppliers. 

We do not sell your personal data to any third parties.

Lawful Processing

We may gather and process your data including your personal data for the following purposes:

  • to serve you as a customer and provide the services you have requested from us;

  • to provide you with information and support in relation to the services we provide to you;

  • to manage and administer our business and operations;

  • to improve our services and products including use of data for analytical purposes;

  • to manage security risk and crime prevention;

  • to perform marketing activities in order to grow and improve our business; 

  • to personalise your user experience;

  • to comply with our legal and regulatory obligations.

We will only process your personal data if we have an appropriate legal basis to do so. In particular, we may collect, use, share or otherwise process your personal data if either applies:

  • it is necessary for the performance of a contract we have with you or in order to take steps at your request prior entering into a contract. For example, if we have a contractual relationship with you, we may process your personal data in order to:

    • provide and manage the services you have requested;

    • contact you in relation to the services you have requested;

    • fulfil other contractual obligations.

  • it is necessary for compliance with our legal obligations. For example, we may process your personal data in order to:

    • efficiently investigate complaints and reach the right outcome;

    • disclose your personal data to legal authorities, where it is required by law; 

    • undertake vetting to comply with fraud prevention and anti-money laundering legislation.

  • you have given your consent to the processing of your personal data for specific purposes. For example, you may have given your consent in order for us to be able to:

    • send you personalised marketing communications; 

    • process special categories of your personal data so that we could provide you services in line with vulnerable customers guidelines;

    • use optional cookies and similar technologies on our website.

  • we have identified a legitimate interest that does not override your own interests or your fundamental rights and freedoms. For example, we may process your personal data in order to:

    • verify your identity before we provide services to you and discuss your personal information with you;

    • verify your eligibility for our promotional offers such as our refer a friend programme;

    • perform data matching on third party social media, search or display networks platforms as described further in this policy.

Communications you may receive from us

Service communications

We may process your personal data to send you statements and other important information such as changes to our existing products that you consume if we have a contractual relationship with you. These are called service communications and you may receive them via/through email, phone, post and/or SMS. As service communications are crucial for us being able to deliver the service you signed up for, you will not be able to opt out from receiving them unless you stop using our service completely.

Direct marketing communications

We may process your personal data to send or display direct marketing communications to you via/through email, phone, post, SMS, social media and search, display networks platforms. We will do so only if we have a legitimate interest or you have given us your consent to receiving such communications. 

Where we rely on our legitimate interests, you can object to processing at any time by contacting us directly using contact details provided in the How to contact us section at the end of this policy. Alternatively, where we process your personal data for direct marketing purposes based on your consent, you can change and manage your marketing preferences, including withdrawing your consent, at any time within your Profile Pensions online account or by contacting us directly using contact details mentioned before. Note that if you opt out of marketing communications, you may still see some marketing material, however it will not be tailored to you.

Personalised marketing communications on social media, search and display networks

We may share your registration details such as your first name, last name, email address, and postcode with third party social media, search and display networks platforms providers for the purpose of displaying tailored marketing communications to you and / or others who possess similar interests and characteristics as you.  To find out more about the third parties we may work with, please see the next section below. 

In particular, we may upload your registration details on to the third party platforms, who will then match that data with the data they collect and hold about their platform users in order to create custom and lookalike audiences for us. We may use these audiences for the following purposes:

  • To display tailored marketing communications to custom audiences

Custom audiences are specific groups of individuals. We may create custom audiences of our customers on social media, search and display networks platforms in order to display direct marketing communications in relation to the services they have signed up for. This includes excluding them from receiving communications that we believe they would not find relevant. 

When we process your personal data for the above purpose, we rely on our legitimate interests. You can object to this processing at any time by contacting us directly using contact details provided under How to contact us section.

We may display additional marketing communications to you in relation to other services that we provide, but only if you have given your consent to receiving them. You can change and manage your marketing preferences, including withdrawing your consent, at any time within your Profile Pensions online account or by contacting us directly using contact details mentioned before.

  • To display tailored marketing communications to lookalike audiences

Lookalike audiences are groups of individuals that are identified based on interests and characteristics of custom audiences. We may use lookalike audiences on social media, search and display networks platforms in order to display tailored marketing communications to individuals who possess similar interests and characteristics as our customers as we believe they are more likely to be interested in seeing them.

When we process your personal data for the above purpose, we rely on our legitimate interests. You can object to this processing at any time by contacting us directly using contact details provided under How to contact us section.

Note that, Profile Pensions do not have a direct relationship with individuals of lookalike audiences and we are not targeting them as individuals but rather audiences which possess specific interests and characteristics as our customers.

Third party social media, search and display networks platforms that we may use

For the purpose of displaying personalised direct marketing communications as described in the previous section above, we may work and share your personal data with third party social media, search and display networks platforms providers.

These third parties may process the data we provide to them in order to match it with the data they hold about their platform users. When they do so, they act as our data processors. However, when they perform subsequent data processing in order to display personalised marketing communications to custom and lookalike audiences based on the criteria we select, they may perform further data processing as independent or joint controllers.  To find out more about the third parties we may work with and their data processing practices, please see the table below:

           
Name of the third party Name of the platform we may use How the third party may use your data, when you sign up and use their services How you can manage your ads personalisation settings within the platform
Facebook Facebook Ads About the ads you see from Facebook
Instagram Ads Ads on Instagram
Google Google Ads Google Ads Settings
LinkedIn LinkedIn Ads LinkedIn Ads Settings
Microsoft Microsoft Advertisement Ad Settings

Additionally, where the third party participates in self-regulation programmes for Online Behavioral Advertising, you can opt out from the use of your data for interest based advertising by some or all participating companies through these sites:

Use of third party data suppliers 

In order to grow and develop our business, we may use your personal data when engaging with third party data suppliers for the purpose of creating target audiences and excluding you from receiving communications from us that we believe you would not find relevant or you have previously opted out from on our website or in our communications with you. When we share your personal data with third parties for this purpose, we rely on our legitimate interests that do not override your own interests, fundamental rights and freedoms. 

Promotional offers 

You may be eligible for our refer a friend programme, which we run to reward our existing customers and encourage new customer acquisition. To take advantage of this you have to specifically opt in to the programme.

With that said, we may process your first name, surname, and email address for the purpose of running the programme based on our legitimate interests. In particular, we may share your personal data with a third party service provider, Mention Me Ltd, to identify eligibility of individuals to earn a reward. 

Cookies and similar technologies

Our website uses cookies and similar technologies such as web beacons (also known as web bugs, pixel tags or clear GIFs) to enable our website to function properly, improve your user experience, provide personalised content and effectively run our marketing campaigns on this and on other websites.  

The exact information stored or collected using these technologies will vary depending on their purpose. For example, we may use  cookies and similar technologies to collect information about your activity across multiple websites in order to enable us to tailor and target our marketing communications in a way that is timely and relevant to you. We may also use these technologies to identify how you interact with our website and our advertisements on this and other websites, the links you click on and the third party websites from which you arrive at our website. Doing so allows us to measure the performance and effectiveness of our marketing campaigns.

When you visit our website you have the ability to accept or decline these technologies, except where those are strictly necessary for ensuring that our website works as expected. To find out more about what cookies and similar technologies we may use and how you can set and manage your preferences, please refer to our Cookies Policy

Technical information we collect automatically when you use our online services

To ensure the availability of our online services we may automatically collect information about your device that you use to access our online services. In particular, we may collect information about your IP address and user agent, which further allows us to derive information about the browser and device that you use. This information is used for security and error debugging purposes only. However, in combination with other data, it might enable us to indirectly identify you as an individual.

Embedded content

Our website contains embedded content hosted by a third party service provider, Mention Me. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. We use the embedded content in order to run a refer a friend programme. As a result of that, Mention Me may set additional cookies on your computer or use similar technologies in order to enable you to participate in the programme. For more information, please refer to our Cookies policy as well as Mention Me’s Privacy and Cookies policies.

Links to other websites 

Our website may contain links to other websites hosted and managed by other organisations. Once you click on these links and leave our site, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites. This policy applies only to our website and does not govern and control any other websites.

Your rights

Under data protection legislation, you have rights including: 

  • Right to be informedYou have the right to be informed about the collection and use of your personal data. This Privacy Policy describes how we may use your personal data. We will update this policy upon any changes in processing to ensure the information provided is accurate.

  • Right of accessYou have the right to ask us for copies of your personal information (submit a Data Subject Access Request (DSAR)).

  • Right to rectificationYou have the right to ask us to rectify your personal information that you believe is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Right to erasureYou have the right to ask us to delete your personal information in certain circumstances. There may be legal or other reasons we may need to retain or use your data, which therefore we may not be able to delete.

  • Right to restriction of processingYou have the right to ask us to restrict the processing of your personal information in certain circumstances. This means that it can only be used for certain purposes, such as legal claims or to exercise legal rights. Exercising the right may affect our ability to provide you with the service. If this is so, we will tell you, when you exercise this right.

  • Right to data portabilityIn certain circumstances, you have the right to receive your personal data you have provided to us in a structured, commonly used and machine-readable format as well as the right to ask that we transfer your personal information you gave us to another organisation. If for legitimate reasons, we cannot fulfil your request of data portability, we will tell you, when you exercise this right.

  • Right to objectYou have the right to object to the processing of your personal information in certain circumstances.   There may be legal or other reasons we may need to keep processing your data.

  • Right to withdraw your consent Where you have provided us with your consent to process your personal data, you have the right to withdraw the consent at any time. Please note that if you withdraw your consent, we may not be able to provide our services to you.

  • Rights in relation to automated decision making and profiling

You have the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

You are not required to pay any charge for exercising your rights. If you wish to exercise any of your rights or you have any further questions, please contact us by email at [email protected] , or by using alternative contact details provided under How to contact us section.

How to complain

If you have any concerns about our use of your personal data you can make a complaint to us at [email protected].

You can also complain to the UK’s independent data protection regulator, Information Commissioner’s Office (ICO), if you are unhappy with how we have used your data or the outcome of a complaint you submitted to us.

If you wish to submit a complaint to ICO, you can contact them by phone at 0303 123 1113 or by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. For additional information on how to make a complaint, please visit ICO's website.

How to contact us

If you have any questions about any of the topics set out in this Privacy Policy, or you wish to receive more details about how we use your personal information, you can contact us:

  • by phone at 01772 804 404*; 

  • by email at:

    • [email protected] (for generic queries) or

    • [email protected] (for data protection specific queries);

    • by post at Profile Pensions, Norwest Court, Guildhall Street, Preston, PR1 3NU.

* Note that all calls will be monitored and recorded. Lines operate:

  • from 9.00 am to 8.00 pm – Monday to Thursday;

  • from 9.00 am to 5.00 pm – Friday;

  • closed – Saturday and Sunday.

Changes to this policy 

We keep this policy under regular review to make sure it is up to date and the information provided is accurate. Therefore please check this policy occasionally and if you have any further questions, please contact us using contact details provided above.

In case of any significant changes in the policy, we may explicitly inform you using other means of communication such as email, phone or post or other that we may find appropriate.

This policy was last updated on the 14th of October 2021.