We believe that looking after client data is not just a regulatory requirement but one that is part of our business culture. We want to remain transparent in the use of personal data to our clients, while meeting data security standards.
About this privacy notice
For the purposes of data protection law, we are a data controller in respect of your personal data. Morgan Lloyd (Morgan Lloyd Administration Ltd) is responsible for ensuring that it uses your personal data in compliance with data protection laws, specifically in relation to the General Data Protection Regulations (GDPR) 2018.
This privacy notice applies if you are a client, a prospective client, an intermediary or a client of an intermediary. The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice.
Personal data that we collect about you
We may collect and process the following personal data about you:
Information that you provide to us or one of our affiliates. This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:
Name, address, e-mail address, telephone number, national insurance number, financial information, identification records and authentication data.
Information we collect or generate about you. This may include (by way of a non-exhaustive list):
A file with your contact history to be used to ensure that we manage the services which we have provided to you and you are satisfied with these;
Through our cloud security services, traffic and security reports that include information on the internet usage of the organisation's computer users, thorough services such as Google Analytics (e.g. what websites were visited by each user, any documents downloaded, security incidents, prevention measures taken by the gateway, etc.).
When you visit the Morgan Lloyd Website, cookies are used to collect technical information about the services that you use, and how you use them.
We will receive information from agents, dealers, brokers and introducers including your personal details, contact details and relevant asset or policy details for the purposes of entering in to and administering your agreement with us.
Uses of your personal data
Your personal data may be stored and processed by Morgan Lloyd in the following ways and for the following purposes:
Your data is used to provide financial services to you. The data is used for regulatory purposes to ensure the suitability of financial products and services for you. In some cases, these services are provided by a third party. Your data may also be used for marketing purposes, so that we may tell you about products and services you may be interested in, as well as to invite you to exclusive client events, based on your explicit consent options.
We are entitled to use your personal data in these ways because:
- We need to do so in order to perform our contractual obligations with you;
- We have obtained your consent;
- We have legal and regulatory obligations that we have to discharge;
- We may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
- The use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as:
- Allowing us to effectively and efficiently manage and administer the operation of our business;
- Maintaining compliance with internal policies and procedures;
- Enabling quick and easy access to information on Eden Park Services;
- Offering optimal, up-to-date security solutions for mobile devices and IT systems.
Disclosure of your information to third parties
We will take steps to ensure that the personal data is accessed only by the personnel of such affiliates that have a need to do so for the purposes described in this notice.
We may also share your personal data outside of Morgan Lloyd and our affiliates:
- With our business partners. For example, this could include our partners who provide you or your company or your organisation with services alongside or related to, those provided by Morgan Lloyd. Personal data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
- If we sell all or part of our business or assets. In which case we may disclose your personal data to the prospective buyer for due diligence purposes;
- If we are acquired by a third party. In which case personal data held by us about you will be disclosed to the third party buyer;
- To third party agents or contractors (for example, the providers of our electronic data storage services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and
- To the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.
The personal data that we collect from you will not be transferred to or stored at a destination outside the European Economic Area (“EEA”).
Retention of personal data
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data, including Intellectual property preservation and complaint handling
We do not want to keep data longer than necessary and do have an automated process to ensure we regularly delete data, based on our retention rules.
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
- The right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you, through a Subject Access Request;
- The right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
- The right to request that we rectify your personal data if it is inaccurate or incomplete;
- The right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- The right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
- The right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the contact us section of this website or:
You can find out more information about your rights by contacting the Information Commissioner's Office, or by searching their website at https://ico.org.uk/.