EvolveU (UK) Limited is a Network specifically for the insurance sector and is deemed the Principal Firm. Firms that are appointed under its FCA license are referred to as Appointed Representatives (AR’s). AR’s under EvolveU’s license may advise/arrange insurance products or handle insurance claims on behalf of its customers. EvolveU (UK) Limited does not directly advise, arrange or handle claims on behalf of the customer.
EvolveU (UK) Limited is committed to protecting the privacy and confidentiality of all individuals and takes its responsibilities regarding the security of data very seriously. We abide by the rules of the Financial Conduct Authority (FCA) and General Data Protection Regulation (GDPR) upheld by the Information Commissioner Officer (ICO). This includes processing any personal data lawfully, fairly and in a transparent manner.
EvolveU (UK) Limited, Moreton House, 16 Trident Park, Trident Way, Blackburn, Lancashire. BB1 3NU is the Data Controller.
What information do we collect about you and why?
Where you provide your personal data on our website or contact us by email or other electronic means it will be taken as a positive action that you would like us to contact you about becoming an AR. Initially, we will only collect data that we need from you to discuss whether we would consider taking you on as an AR.
The types of personal information we will collect from you include: name, address, telephone number, email address, job role, overview of your employment history, knowledge of the FCA and insurance industry.
When obtaining information from you we will do this by phone, email, post or face to face and will confirm the accuracy of the data collated at all times. It is important that all the data we hold on you is accurate therefore if your data changes please let us know so that we can update our records.
If we consider taking you on under our license, and as part of the process to register you as an AR, we will collect information that is necessary to deem that you are fit and proper to act in that capacity and obtain information required by the FCA. This is often referred to as due diligence. This will include obtaining personal data such as date of birth, national insurance number, passport, 5 year address history, employment history, CV, references etc. In addition, we may collect sensitive data and criminal offence data (including spent convictions) as required by the FCA.
Most of what we ask is required by the FCA and is subject to change. However, as part of our obligation under the FCA we are also required to carry out stringent due diligence. Where we request further information it will be because either the FCA has requested it or we believe they may ask for it.
As part of the due diligence checks we will collect data on all Directors, Partners or Sole Traders of the Firm wishing to become an AR for the purposes of ensuring that each individual is deemed fit and proper to act in the role being applied for.
Once authorised as an AR, you will be required to provide data on you, your firm and employees in order for us to fulfil our obligation to the FCA and as set out in your AR Agreement Contract with us. You will also be given a Compliance Manual that sets out what we, as Principal, require of you to comply with the FCA rules.
Generally the types of information we review, hold and process is regarding the firm, such as accounts, complaints history, advertisements, training records etc. We will also require you to provide Management Information on a monthly basis so that we can assess whether there are any issues that may raise any concern. Some of this data also includes personal data such as your name or other information that is personal to you.
We may also collect data on your employees such as their name, job role, telephone number and email address so that we can liaise with them where required to provide training, send regulatory newsletters or to discuss any other matter in relation to your obligations as an AR.
We will also complete random file checks to ensure that your files are compliant and meet the requirements of the FCA. The files checked will consist of customer data and will only be reviewed for the purposes of compliance. A report will then be produced to highlight any areas that require attention from you.
Where you receive a regulated complaint that falls under the Financial Ombudsman Service’s remit, this must be forwarded to us as set out in your AR Agreement so that we, your Principal, may deal with it. Full details of the customer, complaint and copy of the client file must be forwarded to us as soon as possible. We may also discuss or have email communications with you where required to establish the cause of complaint and to assist with a resolution. As Principal we are responsible under the FCA to handle any regulated complaint received by our AR’s.
Information collected via our website
We collect web usage information when you visit our website including information such as the date, time, page viewed or searched relating to your browsing activity. Where you have provided personal data we may collect web usage information to enable us to build a demographic profile.
We may also use web usage information to create statistical data regarding the use of our website. Where statistical data is produced we may then use that data to help us assess the effectiveness of marketing campaigns, develop and deliver services and information to improve the overall effectiveness of our website. We will also use IP addresses to analyse trends, track users movements and gather broad demographic information for our own internal use.
Within our website you can interact with us, if you so wish. Where you provide your personal data on our website it will be taken as a positive action that you would like us to contact you to become an AR of EvolveU.
When you visit our website we may store some information (commonly known as a cookie) on your computer. Cookies do not damage your computer. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them. They cannot be accessed by other servers. You do not have to accept cookies. You can decide if you want to accept cookies by changing the settings on your browser to either accept, reject or notify you when a cookie is set. All cookies used by this website are used in accordance with current UK and EU Cookie Law.
Type of Cookie Purpose
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. Like most websites, our site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us.
Linking to other websites
This website may contain links to other websites. The operators of other sites may collect information from you which will be used by them in accordance with their own Privacy Notice.
This Privacy Notice applies only to our website. We are not responsible for the privacy practices within any other websites. You should always be aware of this when you leave this website and we encourage you to read the Privacy Notice on any other website that you visit.
Contact details received from a third party
The majority of our business comes from referrals. Where a third party refers your details on to us we will ensure they have obtained your consent and confirm that you are expecting us to contact you.
Information from other sources
We may obtain information from other sources such as public records, e.g. Companies House, FCA Register, Google Search, Directorship Search. This is part of our due diligence and will enable us to verify who you are or facts that you have told us are accurate.
In addition, we will also carry out a criminal record check which will be supplied by the Disclosure and Barring Service and will carry out a credit check and search The Registry Trust when applicable.
The above is carried out to ensure you meet the FCA’s criteria of being fit and proper to become an AR of EvolveU. A full copy of this will be held on file so that we can evidence to the FCA this has been carried out.
How will we use this information?
We will only use your data in ways that you would reasonably expect us to. Below summarises how we will use your data.
Where you make an enquiry to become an AR we will only collect data that will provide us with the information we need to discuss whether we would consider taking you on as an AR.
If considered as a potential AR we will carry out due diligence and complete the necessary applications to the FCA to approve you as an AR under EvolveU. You will not be permitted to trade under our licence until all due diligence is complete and the FCA have approved you.
Once you are authorised we will use your data for the purpose of overseeing compliance and adherence to our policies as set out in the AR Agreement and Compliance Manual. We will keep a copy of all email communications with us. Where we need additional information from you to support an your Application or any other form of application to the FCA we will request this from you. Where we need it for any other reason we will notify you of this.
As part of our service our sister company Ecompli (UK) Limited will produce regular newsletters to update you on FCA Regulations or other regulations where applicable. All Ecompli newsletters include a link that you must click on to record CPD. The link will send an email to us to record this on a CPD Log. You should also keep a record on a CPD Log to evidence what training you have completed. This facility is also available to your employees. Should you wish them to receive Ecompli newsletters as a way for them to keep up to date with regulation please let us know their name and email address.
Please note Ecompli newsletters only contain guidance on regulations it does not include any type of marketing.
We will complete a compliance visit or review to ensure that we are satisfied that you are carrying out your role as an AR as per the AR Agreement and Compliance Manual. Included within this visit we will provide you with tests that you will be required to complete to evidence competency. Where tests are taken we will log the results on a CPD Log.
Where we have carried out file reviews we will provide you with a report confirming any issues that have been flagged up and need your attention. We will also collect monthly MI Information from you including accounts. This data will provide us with the information we need to assess whether you are deemed a risk and entered onto our Risk Register. Where you are deemed a risk then further monitoring will be carried out.
The lawful basis on which we use this information
We will use your data to register you as an AR under the lawful basis of a contract.
Once an AR Agreement Contract is in place we will carry out the above using the lawful basis legitimate interests. We have decided upon this basis as it allows us to meet with our obligation as a Principal Firm and the FCA and is the most suitable lawful basis for processing data.
Where we need your consent we will ask for this separately. We do not use pre-ticked boxes or make assumptions that you have given your consent. Your consent must be freely given by positively opting in or making a clear affirmative action that you are giving your consent. We will do our very best to ensure you know exactly what you are consenting to and remind you that you may withdraw your consent at anytime by contacting us by email or phone. Where consent is obtained a record of this will be made confirming what you have consented to, the time and date and how consent was obtained.
Potential AR’s: Where you have expressed an interest in becoming an AR we will ask for your consent to stay in contact with you until you are either an AR of EvolveU or decide you don’t wish to proceed.
Who will it be shared with?
We will only share your data with firms who assist us in meeting our obligation as a Principal. We will share your name, firm name, type of business and email address with our sister company Ecompli (UK) Limited so that they may send regulated newsletters to you to keep you up to date with legislation. On occasion we use the support of other compliance consultants, secretary type business’s or IT Support companies. Where we use such firms we will carry out due diligence on them and obtain a copy of their Privacy Notice and PI Insurance and have a contract in place.
We may also share your data with Mayes Accountants to enable them to assist with our accounts. Where required we may share your data with Forbes Solicitors, if we need them to act on our behalf for any legal matter.
If you are a franchisee then we will provide data to the franchisor as detailed within the AR Agreement.
Where required we may forward your details onto regulatory authorities or fraud agencies where we have a legal obligation to do so to comply with our regulatory requirements or where fraud is suspected. We may do this under the lawful basis legal obligation.
What we will do to ensure the security of personal information
We will not share any of the information you provide to third parties for marketing purposes. Where we need to transfer or store data outside the EEA it will be done so securely. The information you provide will be held securely by us regardless of whether the information is in electronic or physical format. We use leading technologies and security measures to safeguard your information and keep strict security standards to prevent any unauthorised access to it.
How long will we retain your data
We will only hold data for as long as is necessary. Where you have expressed an interest in becoming an AR but have not proceeded we will keep the information for one year in case you decide to proceed. Where you have been approved as an AR under EvolveU, we will retain the file for a minimum of six years, in line with the law. Where we need to hold your file for longer than this then we will inform you of this.
Where we review a file we will keep a copy of the client record for one year in case we need to discuss the case at your annual compliance visit. The client file will then be deleted however a copy of the report produced will be held on file for a minimum of six years.
What are your rights?
You have the right to:
- Be informed about how we use, share and store your personal information;
- Request access to the personal data we hold on you (also known as a Subject Access Request (SAR)). Where a SAR is requested we will respond promptly and within one month from the date we receive the request;
- Request your personal data is amended if inaccurate or incomplete;
- Request your personal data is erased where there is no compelling reason for its continued processing and we don’t have a legitimate interest to retain it;
- Request that the processing of your data is restricted;
- The right to object to your personal data being processed;
- Rights in relation to automated decision making and profiling.
Where the processing of your data is based on your consent, you have the right to withdraw this consent at anytime by contacting us by phone or email. We do not use automated decision making or profiling systems.
Right to complain
We hope that the compliance support service you receive from us is to the high standard you would expect. If at any point you are unhappy with the way we have used your data then please notify: Suzanne Gibson by either email, post or phone as shown below. If you remain concerned about the way we collect or use your personal data you can raise your concern with the Information Commissions Office (ICO) on 0303 123 1113. For further details you may visit the ICO website www.ico.org.uk
We will tend to disclose the complainants identity to whoever the complaint is about, however if you wish your identity to remain anonymous, we will try to respect that. We will keep your complaint on record for two years once closed.
Changes to the information
We regularly review and, where necessary update our Privacy Notice. If we plan to use personal data for a new purpose our Privacy Notice will be updated and you will be notified.
How to contact us
If you wish to contact us about the above or any other matter then please contact us at:
EvolveU (UK) Limited
16 Trident Park
Tel: 01254 675676