How we use your information
This page explains why we need to collect your personal details and what we do with them. It also sets out the legal basis on which we collect and use your information and outlines the rights you have under current data protection legislation.
NS&I customers should visit this page to find out more about how we handle their personal information.
Which of my details do you collect?
We may ask for your full name (title, forename(s) and surname), company name, job title, postal address, phone number, email address and FCA registration number.
We need this personal information so that we can provide you with the services that you have asked for. We also need some of this information to meet our legal obligation to check your identity and address, or to check your authority to act on behalf of your clients. If you don't provide it, then we won't be able to provide you with our accounts or services.
When do you collect these details?
We’ll collect them when you contact us by email, by phone, by submitting a form through our website, or by completing a form and posting it to us.
Using our website, emails, apps and social media
When you use our website or apps, we collect information such as the browser you are using and the date, time and your IP address (a label used to identify your device on the internet).
We may use social media, for example Twitter and LinkedIn, to communicate with you. We may also use posts on social media to find out how people view our products and services.
This website is intended for use by financial advisers only. Tools, such as calculators, do not store the information you enter. We may track the number of visitors to the website.
Providing details on behalf of someone else
When you give us details about someone else, for example when you act on behalf of a client or colleague, you must have their agreement to do so.
What do you do with my information?
We may use any information you give us about yourself and others to:
- manage accounts and investments of you or your clients;
- meet our legal obligation to check your identity and address, or to check your authority to act on behalf of your clients
- prevent and detect fraud or other crime;
- keep you up to date with information about your client’s accounts and investments;
- develop, test and improve our products, systems and services;
- invite you to take part in market research and surveys;
- carry out anonymised statistical analysis (we won’t be able to identify individuals when we do this);
- send you marketing messages about NS&I accounts, which may be tailored to your circumstances (unless you have opted out);
- run competitions, events and promotional activities.
When you call us, we may monitor or record your call for training or quality assurance.
Who do you share my details with?
We use selected organisations to help us deliver the service we provide to you. We may share your personal information with our service providers who provide data processing services to us, for example helping to administer your clients' accounts and investments, printing your clients' statements and sending them to you, and sending you emails about your clients' accounts. We only share the information that's necessary for them to provide their services.
We may also share your information with government bodies, law enforcement agencies, courts or other third parties to comply with our legal obligations or lawful disclosure requests, for example.
How long do you keep my information for?
We keep your personal information where we have an ongoing legitimate or lawful need to do so. When we no longer have a legitimate or lawful need to keep your personal information, we will delete it.
Do you send my information outside Europe?
We may sometimes send your information outside Europe to process transactions or correspondence. These countries may have data protection laws that are different to those in Europe, which may be less protective. In these cases we will ensure that your information is processed in line with data protection law in Europe.
For example, our operational partner carries out some processing for us in India. They have in place ‘Binding Corporate Rules’ (contractual obligations) which require them to process your information in line with European data protection law. If you want to see these rules, please contact us.
Keeping each other informed
We will give you information about your clients accounts where a signed Terms Of Business Agreement between NS&I and your advice firm, and a signed Letter of Authority from your client, have been received and are on file. You can find those documents online.
If we need to get in touch, we will call you, write to you by email or letter or send you a text message.
To make sure you can receive information and communications from us, please make sure you tell us whenever you change your name, address, phone number or email address. Giving us your most up to date details will also help protect your clients accounts by making sure any information we send you doesn’t fall into the wrong hands. You can update your details by contacting us.
In the event of a data breach that could lead to a high risk to your rights and freedoms, for example the risk of financial loss, we will let you know as soon as we reasonably can.
The legal background and your rights
Here we summarise the lawful basis on which we collect and use your information and outline the rights you have under current data protection legislation.
We are allowed to use your personal information for a range of reasons, called ‘lawful bases’. These are:
We need to collect and use your personal information to be able to provide you with information on your clients’ NS&I holdings. We use a ‘Terms Of Business Agreement’ for this purpose, which can be found at Obtaining client information.
We cannot provide the service if you don’t give us the information we ask for.
We may need to use your personal information to meet our legal obligations, for example if we need to check your identity, address, or to check your authority to act on behalf of your clients.
We have a legitimate interest in promoting our accounts and services. For this reason, we may use your personal details to, for example, send you marketing information about our own accounts or services that we think you may be interested in. We may also invite you to take part in research or surveys to help us improve the products and services that we offer. You can ask us to stop sending you marketing and/or research invitations at any time.
We only rely on consent as a lawful basis for using your personal information in a few limited circumstances.
There are times when we need to share information with other government bodies to allow them to meet their legal obligations, for example to prevent or detect fraud or other crime.
You have a range of data protection rights in relation to the information we hold about you. You can exercise any of these rights by contacting us. Note that not all of the rights are absolute – some of them depend on which lawful basis we are using to process your information.
Right of access
You can ask us to provide you with a copy of the information we hold about you by making a ‘Data Subject Access Request’. You can download and print a form or contact us with all information asked for on the form.
Right to data portability
Where we process your personal information by automated means for contractual purposes, or with your consent, you can ask us to provide the information we hold about you in a structured, machine readable format (for example a CSV file).
Right to rectification
If the information we hold about you is incorrect, out of date or incomplete, please let us know and we will put it right.
Right to restrict automated processing
If you think the information we hold about you isn’t accurate, you can ask us not to process it until we have corrected any errors or verified that the information is accurate.
Right to erasure
You can ask us to delete your personal information when:
- we no longer need it
- you have given us consent and you later withdraw it
- you have objected to us processing your information and we have no lawful basis to do so
- we are legally obliged to delete it
Right to object
Where we have a legitimate interest or a public interest in processing your personal information (see Lawful bases), you can object to this.
Right not to be subject to automated decision-making
Some of our processes are partly or wholly automated, but we don’t make decisions that have a significant or legal effect without human involvement. For example, we may check your evidence of identity electronically, but if this is unsuccessful we will write to you to ask for documentary evidence instead.
Right to lodge a complaint with a supervisory authority
If you have a complaint about the way we have used your information, please contact us first and we will do our best to put things right for you. If you’re not happy with our response, you can escalate your complaint to the Information Commissioner’s Office (ICO) – see the end of this page for their contact details.
Changes to how we use your information
From time to time we may update this privacy notice. You can see the latest version on this page or call us and we can send you a copy. If we make a significant change to how we use your information, we will let you know in advance. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances we will share it with other parties.
Always here to help you
Data protection questions or concerns?
NS&I is the data controller of the information we hold about you. If you have any questions or concerns about how we process your information, you can contact us using the details above or write to:
Data Protection Officer
1 Drummond Gate
Want to find out more?
You can find out more about data protection and the rights you have by contacting the independent Information Commissioner’s Office:
0303 123 1113