At PenTech, we understand that we have a responsibility to protect and respect privacy and look after personal data.
This Privacy Notice explains what personal data we collect, how we use that personal data, reasons we may need to disclose that personal data to others and how we store the personal data securely.
For clarity, PenTech may be both data controller and data processor of personal data under certain circumstances.
We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.
PenTech Limited and its subsidiary company PenTech (Channel Islands) Limited ('PenTech') are providers of pension technical support and administration services. PenTech Limited is based in the Isle of Man and its registered office is 3 Athol Street, Douglas, Isle of Man, IM1 1LD and has a company number 124444C. PenTech (Channel Islands) Limited is based in Guernsey and its registered office is PO Box 279, St Peter Port House, Sausmarez Street, St Peter Port, Guernsey, Channel Islands, GY1 4LQ and has a company number 54277.
The Data Protection Officer for PenTech Limited and PenTech (Channel Islands) Limited can be contacted via firstname.lastname@example.org.
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing personal data includes, but is not limited to, a consent or performance of a contract.
Personal Data is collected via two methods -
i) As a registered user on a web based service portal, data is collected which allows PenTech to know who we are conducting business with.
ii) We may receive information about private individuals from a registered user (such as an Independent Financial Adviser - 'IFA') who they have engaged to provide financial advice. Please note that it is the registered user's responsibility to comply with its data protection obligations in terms of sharing their client's data with us.
As a registered user using a web based service, the information we collect from regulated advisers relates to who they are accepting instructions from, the company they work for or with and their contact information. In addition, data such as their IP address and device-specific information is also collected.
If an adviser uses our web based service in order to gain technical support relevant to their client's circumstances, the personal data that we may collect will be relevant to that client and most commonly will include key data such as their clients' name, date of birth, current pension provider, pension fund value, retirement dates. In addition further relevant information may be requested to support that request.
We use information about data subject in the following ways:
We will keep the registered users' clients' personal data for the duration of the period of the required instruction for support and we shall retain that data only for as long as necessary in accordance with applicable laws.
On the closure of an advisers' account, we may keep that data for up to 7 years after the registered user has cancelled its services with us. We may not be able to delete data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure the adviser that personal data shall only be used for these purposes stated herein.
For the avoidance of doubt, we do not and never shall sell personal data to third parties for marketing or advertising purposes.
We work closely with a number of third parties such as, Actuaries, Accountants and Lawyers. As such, data may be made available to them if a specific and a clearly defined business need is identified to do so. However, we will only ever share information that is necessary to provide the service and we have specific contracts in place, which ensure that personal data is secure and will not be used for any marketing purposes.
Similarly, we may share personal data if we are under a duty to disclose in order to comply with any legal obligation or to protect the rights, property, or safety of PenTech, our clients, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we take steps to ensure that all applicable privacy rights continue to be protected.
In preventing the use or processing of personal data, it may delay or prevent us from fulfilling our contractual obligations. It may also mean that we shall be unable to provide our services or process the cancellation of the service to the adviser.
The registered users' client has the right to object to our use of their personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as their clients' right to be forgotten. There are legal and accountancy reasons why we will need to keep data, although advisers must inform us if they feel we are retaining or using that personal data incorrectly.
Our Privacy Notice shall be made clear at the point of collection of personal data.
The adviser's client has the right to access the information we hold. The adviser should email their clients request to email@example.com so that we can obtain the information for the adviser.
Our cookies policy is available to view here https://www.pentech.im/cookie-notice.php
PenTech may provide links to third party sites. Since we do not control those websites, we encourage advisers to review the privacy policies of these third party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.
We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate.
All information the adviser provides to us is stored on our secured servers within the EEA. From time to time, that information may be transferred to and stored in a country outside the EEA in relation to provision of the services. The laws in these countries may not provide the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data. By providing data to us, the registered users' client has agreed to this transfer and storage. However, we will ensure that reasonable steps are taken to protect data in accordance with this privacy notice.
As the transmission of information via the internet is not completely secure, we cannot guarantee the security of data transmitted to our site and any transmission is at the adviser's client's own risk. Once we have received information, we will use strict procedures and security features to try to prevent unauthorised access.
Any sensitive data is encrypted and protected.
Where we have provided (or where one has been chosen) a password which enables the adviser to access certain parts of our website, the authorised users' are responsible for keeping that password confidential and we ask the adviser not to share a password with anyone.
We agree to take reasonable measures to protect all data in accordance with applicable laws and in accordance with the Terms and Conditions of our service the adviser may be using.
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Please e-mail any questions or comments you have about privacy to us at firstname.lastname@example.org
The adviser has the right to make a complaint about how we process personal data to the Information Commissioner:
Isle of Man Information Commissioner,
P.O. Box 69,
Isle of Man,