01422 377 737

toggle menu

Privacy Notice (business clients)

We take privacy very seriously and we ask that this privacy notice is read carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, the rights of individuals in relation to their personal data and on how to contact us and supervisory authorities in the event of a complaint.

We understand that a copy of this Privacy Notice will be made available to any employees who require this.  We are also able to provide a copy of this to employees at their request.

Who we are

Eastwood Financial Services Ltd collects, uses and is responsible for certain personal data about the employees of the corporate clients with whom we work. When we do so we are required to comply with data protection regulation (applicable data privacy and protection laws) and we are responsible as a data controller of that personal data for the purposes of those laws.

Data controller means a natural or legal person (such as a company) which determines the means and purposes of processing personal data.  We are your data controller as we determine how we will collect personal data, the scope of data which will be collected and the purposes for which it will be used in the course of us providing employer and employees with our services.

When we mention "EFS", "we", "us" or "our" we are referring to Eastwood Financial Services Ltd. 

We area company registered in England and Wales (company number 3649630) whose registered office is at Northumberland House, Northumberland Street, Huddersfield, HD1 1DT.

Eastwood Financial Services Ltd is authorised and regulated by the Financial Conduct Authority. Our Financial Services Register number is 188860.

We provide advisory and administration services to corporate clients in connection with workplace pension schemes, employee benefit schemes, private medical insurance schemes and insurance products such as key person, shareholder protection insurance and relevant life policies.  This Privacy Notice covers all of these services although not all of them will be applicable to all corporate clients. 

The services that we provide to employer and employees have been previously agreed and if any clarification is required, please contact us.

The personal data we collect and use

In the course of providing our services to employer and employees, we may collect the following personal data when either the employer or employee provides it to us:

  • Contact details (personal and at work, where necessary)
  • Date of birth, National Insurance Number, nationality, place of birth, country of residence and country of domicile
  • Details of spouses, children, dependants and/or beneficiaries under a policy (please see the additional notes on the next page)**
  • Details of employment status (current/historical) and income
  • Income and expenditure together with details on income tax and other taxation matters
  • Details of assets and liabilities
  • Details of any financial products, policies or planning that they may already have in place
  • Details of mortgages and other lending/debts 
  • Health & medical information
  • Lifestyle information
  • Details of any wills, powers of attorney or any other relevant legal arrangements they have made
  • Details of any other professional advisers that they may have
  • Identity information i.e. passport, driving licence, utility bills
  • Copy birth, marriage and death certificates
  • Details of any vulnerability

The level of data we collect will vary depending upon the type of scheme/policy and the service that we are carrying out for employer and/or employee. In any event, we will only collect the amount of data that we require for the purposes of providing our service. Should the employer or  employees require further information or clarification on any of the above, please contact us.  Our contact details are provided later in this notice.

**  Please Note:  where employees are providing information about another person we expect the employee to ensure that that person knows they are doing so and are content with their information being provided to us. They might find it helpful to show them this Privacy Notice and if they have any concerns please ask them to contact us in one of the ways described later in this Privacy Notice.

Information collected from other sources 

We may also obtain personal data from other sources in the course of providing our services. Where we obtain this information from another party it is their responsibility to make sure they explain that they will be sharing personal data with us and, where necessary, ask permission before sharing information with us.

The personal data we obtain from other sources may include details from product providers on policies/products that employees already hold with them or from identification and verification checking agencies i.e. Her Majesty’s Treasury financial sanctions list. 

How we use personal data

We will only use personal data when the law allows us to.  Most commonly, we will only use personal data in the following circumstances:

  1. Where we need to perform the contract we have entered into with employer/employees;
  2. Where we need to comply with a legal obligation;
  3. Where it is necessary for our legitimate interests (or those of a third party) and theinterests and fundamental rights of the individual do not override those interests

We may also use personal data in the following situations, which are likely to be rare:

  1. Where we need to protect an individual’s interests (or someone else’s interests):
  2. Where it is needed in the public interest (or for official purposes)

Special category data

Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These are known as ‘special categories of data’ and include data concerning health, racial or ethnic origin, genetic data and sexual orientation. Although we would not typically hold data relating to criminal convictions or offences, this is also subject to additional levels of protection.

We may process health information and lifestyle information when providing our services in relation to an employee benefit scheme, a private medical insurance scheme and/or any other products or areas of advice to which this information may be relevant i.e. key person, shareholder protection or relevant life insurance.

We will process this information either (i) for the purpose of advising on, arranging or administering a contract or (ii) for the establishment, exercise or defence of legal claims.

In the course of our activities relating to the prevention, detection and investigation of financial crime, we may process criminal conviction or offence information. Where we do so, in addition to the lawful basis for processing this information (outlined earlier), we will be processing it for the purpose of compliance with regulatory requirements relating to unlawful acts and dishonesty.


We may use the personal data we hold to help us identify, tailor and provide employees with details of products and services from us that may be of interest to them. We will only do so where we have a legitimate business reason to do this and will do so in accordance with any marketing preferences provided to us.

In addition, where employees have provided their consent, we may provide them with details of products and services of third parties where they may be of interest.

Employees can opt out of receiving marketing communications at any time. If any employee wishes to amend their marketing preferences they should contact us: 

By phone:        01422 377737

By email:        office@eastwoodfinancial.co.uk

By post:           Pennine House, Lowfields Close, Lowfields Business Park, Elland, HX5 9DA

Whether information has to be provided, and if so why

We will advise if providing some personal data is optional, including if we ask for consent to process it. In all other cases, personal data is required in order for us to provide our services.

How long personal data will be kept 

We will hold personal data for differing periods of time depending upon the reason we have for processing it but will only retain this for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.  To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means and the applicable legal requirements. 

In some circumstances, we may anonymise personal data so that it can no longer be associated with an individual, in which case we may use such further information without further notice. 

Transfer of your information out of the EEA

We will not transfer personal data outside of the European Economic Area or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Legal rights

There are legal rights under data protection regulation in relation to personal data. These are set out under the below headings:

  • To access personal data
  • To correct / erase personal data
  • To restrict how we use personal data
  • To object to how we use personal data
  • To ask us to transfer personal data to another organisation
  • To object to automated decisions
  • To find out more about how we use personal data

We may ask for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information or change details where we know we are dealing with the right individual.

We will not ask for a fee, unless we think the request is unfounded, repetitive or excessive.  Where a fee is necessary, we will inform of this before proceeding with a request.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or several requests have been made.  We will always advise if we think a response will take longer than one month. To speed up our response, we may ask for more detail about what the individual wants or is concerned about. 

We may not always be able to fully address a request, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way. 

To access personal data

An employee can ask us to confirm whether or not we have and are using their personal data. They can also ask to get a copy of their personal data from us and for information on how we process it.

To rectify / erase personal data

An employee can ask that we rectify any information about them which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.

An employee can ask that we erase their personal data if they think we no longer need to use it for the purpose we collected it from either them or their employer.

An employee can also ask that we erase their personal data if they have either withdrawn their consent to us using their information (if we originally asked for consent to use their information), or exercised their right to object to further legitimate use of their information, or where we have used it unlawfully or where we are subject to a legal obligation to erase their personal data.

We may not always be able to comply with a request, for example where we need to keep using personal data in order to comply with our legal obligation or where we need to use personal data to establish, exercise or defend legal claims. 

To restrict our use of personal data

An employee can ask that we restrict our use of their personal data in certain circumstances, for example 

  • where they think the information is inaccurate and we need to verify it;
  • where our use of their personal data is not lawful but they do not want us to erase it;
  • where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
  • where they have objected to our use of their personal data but we still need to verify if we have overriding grounds to use it.

We can continue to use personal data following a request for restriction where we have consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

To object to use of personal data

An employee can object to any use of their personal data which we have justified on the basis of our legitimate interest, if they believe their fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If they raise an objection, we may continue to use the personal data if we can demonstrate that we have compelling legitimate interests to use the information.

To request a transfer of personal data

An employee can ask us to provide their personal data to them in a structured, commonly used, machine-readable format, or they can ask to have it transferred directly to another data controller (e.g. another company).

They may only exercise this right where we use their personal data in order to perform a contract with them, or where we have asked for their consent to use their personal data. This right does not apply to any personal data which we hold or process outside automated means.

To contest decisions based on automatic decision making

If we made a decision about an individual based solely by automated means (i.e. with no human intervention), and the decision made by us produces a legal effect concerning them, or significantly affects them, the individual may have the right to contest that decision, express their point of view and ask for a human review. These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in our decision making processes to protect their rights and freedoms.

Contact us for more information

If an employee is not satisfied with the level of information provided in this Privacy Notice, they can ask us about what personal data we have about them, what we use their information for, who we disclose their information to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights they have, how they can make a complaint, where we got their data from and whether we have carried out any automated decision making using their personal data.

If an employee would like to exercise any of the above rights, they should:

  • email or write to Karen Wynard, our Managing Director at karen@eastwoodfinancial.co.ukor Eastwood Financial Services Ltd, Pennine House, Lowfields Close, Lowfields Business Park, Elland, HX5 9DA;
  • let us have enough information to identify them, e.g. name, address, date of birth;
  • let us have proof of their identity and address (driving licence or passport and a recent utility or credit card bill); and
  • let us know the information to which their request relates

Keeping personal data secure

We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to personal data to those who have a genuine business need to know it. Those processing information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify employer/employee and any applicable regulator of a suspected data security breach where we are legally required to do so.

Our supervisory authority

If an employee is not happy with the way we are handling their information, they have a right to lodge a complaint with the Information Commissioners Office. It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk).

We ask that attempts are made to resolve any issues with us before the ICO.

How to contact us

Employees should contact Karen Wynard, our Managing Director if they have any questions about this Privacy Notice or the information we hold about them.

If they wish to contact Karen Wynard, they should get in touch using the contact details provided earlier in this notice.