Privacy Policy
Introduction
Here at Origen, we’re committed to protecting and respecting your privacy. Looking after the personal information that we collect about individuals is our top priority. We want you to be confident that your information is in safe hands. So, we’ve developed this Privacy notice to explain how we use the personal information that we collect in relation to our retirement, investment and protection advice and services.
Most personal information we collect relates to the individuals who are provided with financial advice. However, in certain circumstances we may obtain some personal information about other individuals. For example for:
- your partner, in relation to your financial situation, or life cover;
- a beneficiary you nominate for your product;
- parents and/or grandparents of a minor for whom we advise a certain suitable product should be taken out;
- potential beneficiaries, in the event of a death, so we can determine who we should arrange providers to pay any funds to;
- any legal personal representatives (where applicable);
- anyone holding a lasting power of attorney or similar.
We’ll process their personal information in accordance with this Privacy notice.
Our data security policies mean that we hold all personal information securely and limit access to those who need to see it in line with our obligations under data protection law.
Contact details
If you have any questions about this notice or data protection, please contact our Data Protection Officer.
Write to: Data Protection Officer, Origen Financial Services, Second Floor, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN.
Email: compliance@origenfs.co.uk
If you’re contacting us by email please remember not to send any personal, financial or banking information because email isn’t a secure method of communication. If you decide to send information in this way, you’re doing so at your own risk as there’s no guarantee that any email sent by you to us will be received or remain private during transmission.
How we obtain the personal information
You or someone representing you, for example, your attorney, will provide us with personal information about you. Where you are a member of a Defined Benefit pension scheme and have been contacted regarding a pension liability management project, we’ll receive some information about you from the trustees of the pension scheme.
We may obtain information about you via forms, both paper-based and online, or by phone, email, social media tools or otherwise.
You can find additional information on the more common ways we capture your personal information below:
We may also obtain personal information from third party sources, such as:
- service providers who help us to maintain the integrity and accuracy of our data, for example:
- providing us with updated address details for customers who’ve moved house and not informed us, and
- detecting individuals who are deceased;
- parties you’ve instructed to act on your behalf, for example, a family member or solicitor who is acting under a power of attorney, as well as accountants, lawyers and other professional service firms that you’ve given authority to;
- regulators, such as the Information Commissioners Office (ICO), the Pensions Regulator (TPR), the Financial Conduct Authority (FCA) and the Financial Ombudsman Service (FOS);
- financial crime detection agencies, sanction lists and databases;
- government agencies and bodies, such as the courts, the Department for Work and Pensions (DWP), HM Revenue & Customs (HMRC) and the police.
The types of personal information that we collect
The type of personal information we process about you will depend on the type of service or interaction we have with you, but could include the following. This list is non-exhaustive:
We may also obtain personal information from third party sources, such as:
- service providers who help us to maintain the integrity and accuracy of our data, for example:
- providing us with updated address details for customers who’ve moved house and not informed us, and
- detecting individuals who are deceased;
- parties you’ve instructed to act on your behalf, for example, a family member or solicitor who is acting under a power of attorney, as well as accountants, lawyers and other professional service firms that you’ve given authority to;
- regulators, such as the Information Commissioners Office (ICO), the Pensions Regulator (TPR), the Financial Conduct Authority (FCA) and the Financial Ombudsman Service (FOS);
- financial crime detection agencies, sanction lists and databases;
- government agencies and bodies, such as the courts, the Department for Work and Pensions (DWP), HM Revenue & Customs (HMRC) and the police.
The types of personal information that we collect
The type of personal information we process about you will depend on the type of service or interaction we have with you, but could include the following. This list is non-exhaustive:
We may also obtain personal information from third party sources, such as:
- service providers who help us to maintain the integrity and accuracy of our data, for example:
- providing us with updated address details for customers who’ve moved house and not informed us, and
- detecting individuals who are deceased;
- parties you’ve instructed to act on your behalf, for example, a family member or solicitor who is acting under a power of attorney, as well as accountants, lawyers and other professional service firms that you’ve given authority to;
- regulators, such as the Information Commissioners Office (ICO), the Pensions Regulator (TPR), the Financial Conduct Authority (FCA) and the Financial Ombudsman Service (FOS);
- financial crime detection agencies, sanction lists and databases;
- government agencies and bodies, such as the courts, the Department for Work and Pensions (DWP), HM Revenue & Customs (HMRC) and the police.
The types of personal information that we collect
The type of personal information we process about you will depend on the type of service or interaction we have with you, but could include the following. This list is non-exhaustive:
Please see additional information below on some of the uses.
Profiling and data analysis
We may use some of your data to conduct profiling and data analysis to build, train and audit models and algorithms that help us to:
- understand our customers better to enable us to develop products and services that most appropriately meet their needs;
- ensure we present the most appropriate content to customers, and
- identify instances where customers may require additional support.
We use various data types to conduct profiling and analysis and with all activities involving your information, we’ll only do this where the law allows us to.
Our analysis isn’t used to make any decisions about you directly but combined with data relating to other customers etc to enable us to make improvements to our processes and services.
Marketing consent and updating your preferences
How we will keep in touch if you are not an Origen client
If you are not a client of Origen Financial Services, we will only contact you with information about the services we offer if you have provided specific consent for us to do so.Â
Within every communication you receive from us, you will be provided with the option to unsubscribe from these communications. You can do this at any time by writing to Origen Financial Services, Second Floor, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN, emailing us at clientservices@origenfs.co.uk or calling us on 0344 209 3925.
Calls are charged at your phone company’s basic rate. All calls are recorded for business purposes.
How we will keep in touch if you are an Origen client
Once you become a client and have received a service from Origen Financial Services, the information held about you may be used to contact you from time to time by post, e-mail, text messaging (SMS) or telephone in order to inform you of other relevant services which we offer.Â
The lawful basis under Data Protection legislation used to process this information is called legitimate interest. This means that Origen will not be collecting your consent to stay in touch with other relevant services we may offer. Instead Origen will conduct balance tests to ensure your rights as an individual under the UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 are respected.Â
Within every communication you receive from Origen, you will be provided the option to unsubscribe from these communications. You can do this at any time by writing to Origen Financial Services, Second Floor, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN, emailing us at clientservices@origenfs.co.uk or calling us on 0344 209 3925. Calls are charged at your phone company’s basic rate. All calls are recorded for business purposes.
We won’t sell your personal information to other organisations for a marketing purpose.
Even where you opt out of marketing, we’ll still send you servicing communications and documentation relating to your product of which we have a regulatory responsibility to provide to you. You may also see generic advertising displayed on our website.
Cookies and similar technologies
We may use cookies and other similar tracking technologies on our websites and apps.
Our lawful bases for using personal information
Data privacy laws state that we can only process personal information if it is legal to do so. For the processing to be legal, we must have a suitable lawful basis.
This section details our lawful bases for the various uses of both personal information and sensitive personal information. Â
Personal information
Depending on the specific purpose, we rely on one or more of the following lawful basis:
- to facilitate our fulfilment of a contract we have with you.
- in order to comply with a legal obligation on us.
- we have your consent.
- where it’s in Origen’s legitimate interests.
Legitimate interests
Where we have a business reason for using personal information in a certain way, this is known as being in our ‘legitimate interests’. If we seek to rely on legitimate interests, we are required by law to conduct a balancing test to make sure that our interests don’t override your rights and freedoms.
The outcome of this test determines whether we can rely on legitimate interests as our lawful basis and use the personal information for certain purposes as set out in this privacy notice. If the balance isn’t met, we can’t process your data in the way we had proposed.
Where we do rely on legitimate interests, it’s because we believe our interests will be to the wider benefit of our customers and will normally relate to at least one of the following purposes:
- to assess, develop and improve our advice and services.
- to enable us to understand our customers’ needs.
- to help us to improve our customer engagement.
- to make sure we’re treating our customers fairly.
- to ensure the integrity and functionality of our IT systems.
- to help keep our records up to date.
- to make sure we’re efficient in how we fulfil our legal and contractual obligations.
Lawful basis for our processing of personal information
Lawful basis for our processing of sensitive personal informationÂ
As mentioned previously, there will be occasions where we’ll hold and process information which is defined as ‘sensitive’ or ‘special’. Data privacy laws only allow us to use this type of information if we can rely on a further lawful basis, in addition to the one’s shown above.
Depending on the specific purpose, we rely on one of the following lawful bases:
- for reasons of substantial public interest which includes insurance purposes comprising:
- the ability to provide suitable advice – for example, using health information to be able to determine the most suitable annuity product;
- the ability to detect and investigate fraudulent claims – for example, using criminal records data to help to prevent and detect unlawful acts, and
- for the establishment, exercise or defence of legal claims – for example, using health or criminal records as required to establish, exercise or defend legal claims;
- it’s necessary to protect the vital interests of you or another party – for example, where an individual is either physically or legally incapable of giving consent.
Sharing your personal information
Our service providers
We’ll share personal information with selected service providers that carry out certain functions on our behalf. These include companies that provide services such as:
- technology services, including IT administration and support, software vendors, testing and production support, platform providers.
- management of both inbound and outbound communications and scanning of correspondence.
- providers of marketing, research or advertising services.
- banking and payroll services.
- tracing of customers who we’ve lost contact with, identifying customers who have deceased etc.
For those organisations that are carrying out services on our behalf, we’ll only share information where we have a lawful basis for doing so, as described above. We’ll only share with them the appropriate level of personal information necessary to enable them to carry out the service. We contractually require all our service providers:
- to keep the information safe and protected at all times, and
- to only act on our explicit instructions and not use the data for their own purposes, unless it has been suitably anonymised so it’s no longer personal information.
Other parties we may share data with
It’s often necessary for us to share personal information with other third parties where we have a lawful basis to do so, such as:
- regulatory bodies such as the Information Commissioners Office (ICO), Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), HMRC, Financial Ombudsman Service (FOS) and the Pensions Regulator.
- product providers who administer your product.
- your employer (this could be both past and present) and any party that provides services to your employer relating to the governance, administration and/or evaluation of their pension scheme, including providing advice to their members. Information, such as statistics, may be provided to your employer regarding the scheme’s efficiency, for example, to evaluate pension savings.
- trustees or administrators of a trust or pension scheme to facilitate the administration of the trust/scheme.
- other parts of the Aegon Group.
- organisations such as credit management companies, solicitors, accountants etc who are acting on your behalf.
- credit reference agencies.
- sanction-checking providers, financial crime detection agencies, financial services organisations and other parties who assist with fraud investigations and/or maintain fraud detection databases. • Financial or Pensions Ombudsman, where you’ve asked them to investigate a matter with us.
- government agencies, such as the police and courts, who may request information relating to you – we’ll release data if there’s a lawful reason to do so.
- general practitioners and other medical professionals in relation to advice we are providing. For example, obtaining medical reports to send on to product providers for the purposes of arranging and underwriting of certain products.
Additional data sharing obligations
Except for the above, we won’t disclose your personal information to any third parties, except:
- to the extent that we’re required to do so by law;
- when protecting your interests or the interests of others or for reasons of substantial public interest;
- in connection with any legal proceedings (including prospective legal proceedings);
- in order to establish or defend our legal rights;
- if we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer; or
- Â if we, or substantially all of our assets are acquired by a third party, we may disclose your personal information to that third party in connection with the acquisition.
Financial crime prevention
We may disclose your information to credit, fraud and financial crime prevention agencies to enable us to verify your identity and make decisions regarding the service Origen will provide. This will be undertaken during the initial process and on an ongoing basis. Our enquiries or searches may be recorded and these agencies may supply us with financial and/or other personal information.
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud, money laundering, tax evasion and terrorist financing.
We and other organisations may access and use the information recorded by credit, fraud, and financial crime agencies from other countries.
Automated decision making
Origen will not make automated decision making during its service to you.
Retention
We keep personal information for as long as is reasonably required for the purposes in which it was collected. Under certain circumstances, we may have to retain your personal information for longer. This is to make sure that we meet our legal, regulatory and accounting needs as set out by regulatory bodies such as the FCA and others.  Â
In some limited circumstances, we’re required to keep some specific information for longer, for example, pension transfer information. We’ll also retain files if we have reason to believe there’s the possibility of litigation.
We have in place and maintain a retention schedule and regularly review our obligations to make sure we don’t keep personal information longer than we’re legally obliged to.Â
Your rights
You have several rights under data protection laws – you’ll find details of each of these below.
If you chose to exercise any of your rights with regards to your personal information, to make sure that we’re dealing with you, we may ask for evidence of identity. Where you have authorised a third party to act on your behalf, we’ll conduct the necessary checks to make sure the appropriate authorisations have been received. This is to make sure that we only disclose information to the correct and, where applicable, authorised individual or organisation.Â
In line with our data protection obligations, we aim to respond to all valid requests relating to your personal information within one month. There may be some occasions where it will take us longer, for example, if the request is exceptionally complex. However, in these situations, we’ll let you know as soon as possible and provide details of when we’ll be in a position to respond.
There may be occasions where we don’t have to (fully) comply with a request. In these situations, we’ll explain why we’re unable to do this.  Â
Right of access
The right to request a copy of the personal information we hold about you, along with certain information relating to the processing of your personal information. When you request this information, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee.
Right of data portability
The right, in certain circumstances, to have personal information that you have provided directly to us about you, transferred securely to another service provider in electronic form. This right is only applicable where:
• the processing of your personal information is based either on your consent or in line with the performance of a contract with you, and
• the processing of your personal information is carried out by automated (for example, electronic) means.
Right of rectification
The right to have any inaccurate personal information we hold about you corrected.
Right of erasure (‘Right to be forgotten’)
The right to have any out-of-date personal information deleted once there’s no legal requirement or business need for us to retain it. This isn’t an absolute right as we may need to consider other legal and regulatory requirements which could result in us having to retain your personal information for a specific period of time.Â
Right to restrict processing
The right to restrict some processing, in limited circumstances, and where we don’t have legitimate grounds for processing your personal information.Â
Right to object
The right to object to your personal information being used to send you marketing material. You can remove or add your consent at any time.
You can also object where you have grounds relating to your particular circumstances and we rely on ‘legitimate interests’ as our lawful basis for processing your personal information. However, where we believe we have compelling legitimate grounds, we’ll continue to process it.Â
Exercising your rights
To exercise any of these rights, please contact our Data Protection Officer.
Sending data outside of the UK and European Economic Area (EEA)
The personal information that we or those acting on our behalf process, may be transferred outside of the UK or EEA, in connection with the above uses.
Where any such transfer occurs, we take the necessary steps to make sure that your personal information is protected to the same standard as if it were in the UK. This will include measures such as the adoption of contractual agreements with the other party to make sure that adequate safeguards are put in place.
For any transfers to another part of the Aegon group, these will be covered by an agreement which also obliges the other group member to make sure that adequate safeguards are put in place.  Â
Making a complaint
If you believe we haven’t processed your personal information in accordance with our data protection obligations, and that you’ve been affected by this, you can make a complaint by contacting our Data Protection Officer. You also have the right to ask us to escalate your complaint to our Group Data Protection Officer if you don’t think it’s been handled appropriately.Â
If you’re not satisfied with our response, you can also raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations.
You can contact them at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk/global/contact-us/
Phone: 0303 123 1113
Security
We’re committed to making sure your information is protected and held securely in accordance with our obligations under data protection law. However, the internet isn’t a secure medium and we can’t accept responsibility for the security of an email during transmission or for non-delivery of an email.
There are a few simple steps you can take to protect your computer and internet connection – view our tips here.
We’ve put security policies, rules and technical measures in place to protect the personal information that we have under our control from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification, and
- unlawful destruction or accidental loss.
All our employees and service providers who have access to personal information, are obliged to protect it and keep it confidential.
Links
This website may contain links to other websites. If you use the links to leave this website and visit a website operated by a third party, then we don’t have any control over that website. We can’t be held responsible for the protection and privacy of any information that you provide while visiting such websites.
Updates to this notice
We update our Privacy notice regularly to make sure it continues to reflect our business activities and use of personal information. You can find the date this was last updated at the beginning of this notice.
Â
Last updated January 2024
