Privacy

Legal Information

Privacy Notice

This Privacy Notice is laid out to inform you about how the Mattioli Woods Group may collect and process information that relates to you, how we aim to protect your information, your rights, and how you can exercise those with us. 

Mattioli Woods is committed to the principles of good information management, and we intend to go beyond basic legal requirements when it comes to processing your information. This is because we recognise and value the trust you place in us to handle your information in a lawful, fair, and transparent way. We are committed to assuring you that your privacy is protected with us.

Mattioli Woods regards ourselves as a “Data Controller” within current data protection legislation and regulation. A Data Controller has responsibilities and obligations and to ensure we remain in alignment with those duties, we have employed an Information Manager who will also undertake the role of Data Protection Officer as specified within the EU General Data Protection Regulation (GDPR).

You can contact us as Data Controller, or our Information Manager, as Data Protection Officer, at:

Information Manager
Business Operations
Mattioli Woods plc
MW House
1 Penman Way
Grove Park
Enderby
LEICESTER
LE19 1SY

Or via telephone: 0116 240 8700
Or via e-mail: privacy@mattioliwoods.com

This version was last updated on 11 May 2018 and historic versions can be obtained by contacting us.

[The data protection law in the UK will change on 25 May 2018. Although this Privacy Notice sets out most of your rights under the new laws, we may not yet be able to respond to some of your requests (for example, a request for the transfer of your personal data) until May 2018 as we are still working towards getting our systems ready for some of these changes.]

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). 

Types of personal data we collect

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  • “Identity Data”, which may comprise your first name, last name, marital status, age, date of birth, work location, job title, national insurance number, and gender.

  • “Financial Data”, which may comprise your bank account and billing details. This may also include your salary information or additional information about your financial wealth management or employee benefit requirements where we are setting up Employee Benefit services for you, or for your employer on your behalf (please see below for further details).

  • “Contact Data”, which may comprise your address, email address and telephone number.

  • “Transaction Data”, which may comprise details about payments to and from you and other details of products and services you have purchased from us.

  • “Technical Data”, which may comprise your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the device used to access our website. 

  • “Usage Data”, which may comprise information about how you use our website.

  • “Marketing and Communications Data”, which comprises your preferences in receiving marketing from us and third parties and your communication preferences. 

Special categories of personal data

We may on occasion need to collect certain sensitive information, or “Special Categories of Personal Data” (as it is termed under the GDPR) about you, and this may include details about your trade union membership or information about your health and genetic or biometric data. We will always be clear in explaining when we are asking you to give us this information, why we need this information, and the purposes for which we will use it. We will always obtain your explicit consent to use any Special Categories of Personal Data about you unless we are otherwise required or permitted to do so by law. 

Anonymous or Aggregated Data

We also collect, use and share “Aggregated Data” such as statistical or demographic data. Aggregated Data may be derived from your information but does not constitute “personal data” in law as it does not directly or indirectly reveal your identity. For example, we may aggregate (i.e. combine with information relating to others) your Usage Data to calculate the percentage of users accessing a specific feature of our website. However, if we combine or connect Aggregated Data with your information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be handled in accordance with this Privacy Notice.

Dependent upon the nature of your contact with Mattioli Woods, we may process different types of information about you and collect this information in different ways. We will only process your data where it is lawful to do so and we will only collect the minimum amount of information necessary to meet the purpose for which we intend to use that information, for example in order to provide you with the services we have been engaged for.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

When you telephone or write to us

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone and email or otherwise. Your employer may also give us your Identity, Contact and Financial Data where they are engaging our services on your behalf. For example, this includes personal data you provide when you (or, where appropriate, your employer on your behalf):

  • apply for our products or services;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey;
  • submit an enquiry to us; or
  • participate in our complaints handling procedures.

When you visit our website

As you interact with our website, we may automatically collect Usage Data and Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, as well as to provide information to owners of the websites. View our cookies information here.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

We use a third-party service, Google Analytics, to collect internet log information and the behaviour patterns of visitors to the website, in other words to monitor which parts of our website get visited. This information is processed in a way that does not identify you or anyone else. For further information on Google’s policies and practices, please visit www.google.com/policies/privacy/partners/.

Our website also contains a search engine that you can use to find information you require. Any use of this search engine is logged, albeit anonymously, and no user specific identifiable information is captured. Information that is captured is used to improve the search functionality and website navigation.

When you contact us via social media or e-mail

When you contact us via social media outlets, you are using applications that are outside of the control of Mattioli Woods. We cannot guarantee the security of any communication made using social media and we advise that should you have any concerns, you look at the Privacy Notices that these applications publish.

When you contact us via e-mail, we use an industry-standard tool called Transport Layer Security (TLS) to encrypt and protect e-mail traffic. If your e-mail service does not support TLS, you should be aware that any e-mails we send or receive may not be protected in transit.

We also monitor e-mails and attachments sent to us for identification of any viruses or malicious software.

Third-party websites

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website that you visit.

When your employer contacts us regarding our employee benefits services

As part of an exchange of information between your employer and ourselves prior to any agreement we may need to obtain some information about you, for example, age, salary information and work location, we will always request this data be anonymised.

Should your employer wish to offer an Employee Benefit scheme, they may contact Mattioli Woods to find out more about the services we can offer. As part of an exchange of information between your employer and ourselves prior to any agreement taking place, we may need to obtain some information about you, in particular certain Identity Data and Financial Data, in order to respond to this enquiry. This may include, for example, your age, salary information and work location. However, where possible, we will always request that any information we receive about you from your employer is anonymised, and will only collect the minimum amount of information about you which is necessary to respond fully to any such enquiry.

If your employer enters into a contract with Mattioli Woods to provide Employee Benefit services, we will need to collect further personal information in respect of all employees in order to fulfil the terms of that contract, however this will always be limited to the minimum amount of information we require to provide those services.

When personal data is transferred between Mattioli Woods and your employer for any reason, we follow a strict process and have procedures in place to ensure that your data is protected and kept secure at all times.

When you provide us with your business card

We encourage the exchange of business contact details as it enables yourselves and Mattioli Woods to maintain healthy business communications. When you provide us with your business card details, we will ask for express permission via e-mail to send you future marketing e-mails. Only upon receipt of your consent will we be able to subscribe you to our marketing database.

When you visit our premises

Our premises may operate CCTV systems for the purpose of prevention and detection of crime and protection of assets. Recordings may be taken in the reception areas and communal areas of our premises and will only be retained in accordance with our retention schedule. Signage will be displayed to ensure you are aware that recordings may be taking place. You can be assured that we will not record any meetings, confidential conversations, or any aspect of business dealings.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, in particular where we are taking steps to enter into or are fulfilling the terms of a contract we have with your employer in order to provide you with some kind of benefit in the course of your employment.
  • Where we need to comply with a legal or regulatory obligation

“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

We have set out in the Annex to this Privacy Notice, a description of all the ways we intend to use any personal data, and which of the legal bases we intend to rely on in order to do so. We have also identified what our legitimate interests are where appropriate. You can obtain further information about how we assess our legitimate interests against any potential impact on you in relation to specific activities by contacting us. 

We may also use and disclose your personal information for the following purposes:

  • Where we want to send you, or permit others to send you, marketing if you have given us your express opt-in consent to do so (we will make sure that you are able to make an informed decision around that consent by being open and transparent with you about the specific purposes for which we intend to use your information). You can opt-out of receiving marketing at any time by contacting us (or the relevant third party).
  • In some circumstances, there may be a legal obligation placed upon us to process information and share it with third parties, for example for law enforcement purposes. Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

We will not process any of your information as part of any automated decision making, in other words should we use your information to assist us in making any decisions, for example offering you a service, we will treat you and your information with respect and dignity and not use a machine to make decisions for us.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We will ensure that your information is not subsequently shared further by these third parties without our agreement. We shall not share your personal data with any third parties for marketing purposes without your express consent. 

We shall however, share your personal data with third parties, for the following reasons:

  • To meet any agreed contractual arrangements we have with you, or your employer on your behalf, we may share your information with other service providers that we use to perform that contractual service. Examples of service providers include hosting services, suppliers and sub-contractors. We may also need to share your personal data with third party software or IT support providers for the purpose of system administration, data security, data storage, back up, disaster recovery and IT support.
  • We may share your personal data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
  • We reserve the right to disclose or share your personal data in order to comply with any legal or regulatory requirements, enforce our terms and conditions (or any agreement we enter into with you), or to protect the rights, property, or safety of our business and other website users. We may also share your personal data with our professional advisers including lawyers, bankers, auditors and insurers based who provide consultancy, banking, legal, insurance and accounting services.

International transfers

Where possible we aim to ensure that any third party with whom we share personal data is based within the United Kingdom or the European Economic Area (EEA). In some instances, as part of our agreed contractual relationship with you, or your employer on your behalf, we may undertake an international transfer of information to a third party outside of the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection that it receives in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where we use providers based in the US, we may transfer personal data to them if they are part of the Privacy Shield Network, which requires the provision of a level of protection acceptable to the European Commission of personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

We will only retain your personal data for as long as necessary to fulfil the purposes we originally collected it for. We may also retain your personal data for the purposes of satisfying any legal, accounting, or reporting requirements.

We are committed to being transparent about the management of our information, and this includes ensuring that we do not continue to hold any information about you for longer than is necessary.

As part of our commitment towards continual improvement and ensuring your trust in us, Mattioli Woods is currently undergoing a review of retention periods of all types of information that we hold, whether that involves information that can identify someone or not. Once this review has been completed we intend to publish our agreed and lawful retention periods on this page, so we recommend that you regularly review this page to check for any updates.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (for example anti-virus solutions and electronic monitoring applications, policies, procedures, employee vetting and training). In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Please note that the transmission of information via the internet is not completely secure. Although we shall do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we shall use effective safeguarding procedures and security features to try to prevent any unauthorised access to your personal data.

At Mattioli Woods, we want to work with you to ensure that we deliver an excellent service to you, and we recognise that you should feel and remain confident that you are in control of how we use your information at all times.

Within the scope of the applicable legislation and regulations governing the management of your information, we embrace and fully support your legal rights, and the exercising of these rights. The following paragraphs describe those rights to you in more detail, and provide you with information as to how to exercise them.

Some of these rights include a legal obligation on Mattioli Woods to respond to any request made without delay and in most cases within a calendar month. As Mattioli Woods recognises the importance the rights you have regarding your personal information, we will always aim to process and respond to any request submitted under this section as soon as possible, and in any event within one calendar month, irrespective of whether or not this is a legal requirement.

You can submit any request to us under this section by contacting the Information Manager via one of the contact addresses provided in the Who are we? section at the start of this Privacy Notice.

Your right to be informed about the information we collect and process that can identify you

You have a right to be informed of what information is collected about you by Mattioli Woods, and for what purpose. This Privacy Notice is intended to give you information you may require in order to better understand what information is processed and why.

Should you require any further clarification or information please contact the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice.

Your right of access to your information

You have a right to access your information that you have provided us with, or any other information we hold about you. Unless we consider the request to be exceptional or excessive (and we will communicate further with you should we consider this to be the case), then this service will be free.

You can exercise this right by contacting the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice.

Your right to make changes to the information we hold.

If you believe the information that Mattioli Woods holds about you requires updating, for example you have a new contact address, or believe that any information we hold is currently inaccurate, then you have a right to have changes made to it. This right is sometimes referred to as your right to rectification.

If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.

You may be contacted by your direct contact, Consultant or Client Relationship Manager within Mattioli Woods from time to time to confirm the accuracy of records and information we hold. You will be able to respond to them directly to ensure your information is correct. You may also contact them at any stage yourself to request records are updated to reflect any changes in your circumstances.

In addition to this you can exercise this right by contacting the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice.

Your right to have your information removed or deleted.

If you believe Mattioli Woods should no longer be holding information about you, or you no longer wish Mattioli Woods to process your information then you have a right to request that your information be deleted. This right is sometimes referred to as your right to erasure, or your right “to be forgotten”.

Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

You can exercise this right by contacting the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice.

Your right to request that we temporarily restrict the processing of your information.

Should you wish, you have a right to request that we place a temporary halt to any processing of your information, rather than requesting that we delete your information. You may wish to exercise this right, for example, should you be involved in any dispute or legal proceedings regarding the processing of your information, or in connection with a contractual arrangement.

You can exercise this right by contacting the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice.

Your right to have us transfer your information elsewhere in a readily available format.

This right allows you to obtain and re-use your personal information for your own purposes, to move it easily from one IT service to another in a secure manner. Alternatively, we can transmit such data directly to another organisation. This right assists you to take advantage of other applications or services that can use this information to offer you a service. This right is sometimes referred to as the right to data portability.

You can exercise this right by contacting the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice.

Your right to object to the processing of your information.

Should you no longer wish to have dealings with Mattioli Woods, for example you have been receiving marketing type communications from us, and you no longer wish to be in receipt of these then you have a right to ask that we stop doing this. If you have previously given us your consent to process your information and we have relied upon this consent to contact you then you can withdraw this consent at any time. This right is sometimes referred to as "the right to object".

You can exercise this right by contacting the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice. If you wish to withdraw your consent to us contacting you for marketing purposes, you can also request this by e-mailing us at marketing@mattioliwoods.com.

Your right to have any automated decision made about you reviewed.

If you believe that Mattioli Woods have made a business decision regarding you that has been based entirely upon an automated process, for example profiling of your circumstances prior to offering of any services, then you have a right to ask for that decision to be reviewed.

Please note that we do not make any decisions without human intervention, but believe that we should still be transparent and inform you of this right, even though we do not believe you will need to exercise it with us.

You can exercise this right by contacting the Information Manager at the contact address provided in the Who are we? section at the start of this Privacy Notice.

We would like to work with you to understand how we can provide a better service to you in the exercise of your rights, and in our processing and use of your information. We understand the importance of your privacy and want you to feel that you can entrust us with your valuable information.

Should you be dissatisfied with how we have responded to you when you have tried to exercise your information rights with us then we would ask that you initially contact us to express your dissatisfaction and ask that we conduct an internal review of how we have responded. You can contact us at:

Client Experience Partner
Business Operations
Mattioli Woods plc
MW House
1 Penman Way
Grove Park
Enderby
LEICESTER
LE19 1SY

or via telephone: 0116 240 8700
or via e-mail: compliance@mattioliwoods.com

Right to lodge a complaint with the Information Commissioner’s Office

You also have a right to lodge a complaint directly with an independent “supervisory body” should you wish. The supervisory body can act upon your behalf and investigate to ensure that your rights have not been compromised. Within the United Kingdom the supervisory body is the Information Commissioner’s Office (ICO), and they can be contacted directly at:

Customer Contact
Information Commissioner’s Office
Wycliffe House
Water Lane
WILMSLOW
SK9 5AF

or via telephone: 0303 123 1113
or via their website: www.ico.org.uk/concerns

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest

To register you as a new client or to register you on a scheme we have set up for your employer.

(a) Identity

(b) Contact

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to fulfil the terms of a contract with your employer they have entered into on your behalf)

To manage our relationship with you which will include:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(c) Notifying you about changes to our terms or privacy policy

(a) Identity

(b) Contact

(c) Financial

(d) Transactional

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to recover debts due to us/keep our records updated)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance,support, reporting and hosting of data)  

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical 

Necessary for our legitimate interests (to study how clients use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, client relationships and experiences

(a) Technical

(b) Usage 

Necessary for our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile 

Necessary for our legitimate interests (to develop our products/services and grow our business)


This Privacy Notice was last updated on 14 May 2018
A word from our clients...

"I was impressed by the proactive approach of Mattioli Woods, which enabled me to optimise my pension funds."

"I would like to thank you for the excellent service you have provided over the last few years."


"We are extremely impressed with your organisation and have been absolutely delighted with the way you have looked after us."

"As always, you’re ahead of the game. Thank you for your efficiency and professionalism!"


"With Mattioli Woods we achieved more in one meeting than we did in three years with a previous provider."