We are The Openwork Partnership, a trading style of Openwork Limited – Auckland House, Lydiard Fields, Swindon, SN5 8UB (ICO Registration Reference Z8925674), one of the UK’s largest networks of financial advisers.
Here at The Openwork Partnership, we care about privacy, with a strong focus on building trust and delivering peace of mind to our clients, protecting their data and individual rights.
This privacy notice gives you a clear view of who we are, how we collect, share and use the personal information you provide us, and how we protect your data to the highest standard.
We also want to make you fully aware of the rights and choices you have to control your personal information and protect your privacy.
This privacy notice covers The Openwork Partnership, and all of its partners and subsidiaries, including the Zurich Advice Network and all other legacy legal entities by which the network was previously known (together, “Openwork” or the “Group”) on how they collect, process and use your personal information whether that is face to face, over the phone, online or via an Openwork or appointed representatives (AR) firm’s website(s), in accordance with UK privacy and data protection laws – namely the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), the Data Protection Act 2018 (DPA 2018), and UK General Data Protection Regulation (UK GDPR).
Openwork must also adhere to rules issued by the Financial Conduct Authority (FCA) on data security.
Our financial advisory services are delivered by our network of financial advisers based in our appointed representatives (AR) firms.
Openwork operates under a “Joint Controllership” relationship with our AR Firms, whereby we jointly determine the purposes and means of processing our clients’ personal data. Openwork also has access to personal information that Openwork’s AR firms collect and use via Openwork’s centralised IT systems.
Within this joint controller arrangement, both Openwork and its AR firms share responsibility for complying with appropriate privacy and data protection laws and partner together to ensure we have the right measures in place, protecting our clients’ data and establishing a foundation of trust, to be maintained on an ongoing basis.
Throughout the remainder of this notice, “we” and “our” shall therefore refer inclusively to “Openwork” and its AR Firms in partnership as joint controllers.
Separate privacy policies exist for candidates and colleagues employed by Openwork and its AR firms and are made available to those individuals separately from this privacy notice.
Your information may come to us from a number of different sources. You may provide it directly to us when using our services, it may be generated in the course of using those services or it may be publicly available information.
Information may be provided directly by you in some of the following circumstances:
Other examples of where Openwork obtains your personal information from include:
Where personal data is provided to us by a third party, we will make sure that these third parties have been transparent with you, providing a clear explanation on how this data will be shared with Openwork and have a lawful reason for doing so. Where this is found not to be the case, we will make every effort to make sure you are aware that we are processing this information within a month. Where contacting you directly in relation to this is difficult to achieve, then we will ensure that our privacy notices clearly detail where this is happening.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this privacy notice.
More information on our current uses of data from different sources is detailed below.
This section describes how we use your information. Each purpose is described below with detail relating to:
As a client of Openwork
Purpose: To provide financial advice and services to clients (corporate, mortgage, protection or wealth clients) and to complete transactions on their behalf.
Information: Data about you and your family’s circumstances including personal contact details such as name, title, addresses, telephone numbers and personal email addresses; date of birth; gender; marital status and dependents; next of kin; national insurance number; bank account details, payroll records and tax status information; salary, annual leave, pension and benefits information; financial circumstances and current policies; corporate information relevant to the transaction; employee, member and contractor details relevant to the transaction; copy of driving licence, passport, payslips, utility bills and bank statements; photographs; information about your health, including any medical condition, health and sickness records.
Source: Provided by individual as part of taking out financial services with Openwork.
Legal Basis: For the performance of a contract or to take steps to enter into a contract with you. Any health information required during applications for insurance products (e.g. life insurance, pensions, sickness, etc.) is processed for reasons of public interest in relation to insurance. Any other processing of sensitive or special categories data will be carried out with your explicit consent.
Supporting clients with additional needs
Purpose: In line with Financial Conduct Authority guidance, to ensure vulnerable clients are protected and firms consider vulnerable characteristics for product design, service, pre and post advice and complaints procedures.
Information: In addition to data collected for all Openwork clients, this will include information on specific area of vulnerability in relation to health, lifestyle, resilience or capability factors and level of additional support required. This may include more sensitive information volunteered by you, as part of discussions around services or support requirements e.g. in relation to race, ethnicity, religious beliefs or sexual orientation.
Source: Based on information provided by the client, client family members or their representatives.
Legal Basis: As part of Openwork’s legitimate interest in ensuring clients are effectively supported whilst being provided with financial services. Any processing of sensitive or special categories data such as health data in relation to supporting clients will be carried out with your explicit consent or that of your representative.
Beneficial owners and third-party payments
Purpose: In line with Anti Money Laundering legislation, to keep a register of beneficial owners i.e. individuals with a controlling interest in a privately held business and to carry out appropriate checks on individuals making payments to your account.
Information: Name, address, contact details, proof of ID, source of funds and financial crime check results.
Source: Based on information provided by an Openwork client in relation to any beneficial owner of their assets or individuals making payments to their account.
Legal Basis: Necessary for the compliance with a legal obligation, namely the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and for reasons of public interest in relation to suspicion of terrorist financing, financial crime or money laundering.
Assistance to legal firms
Purpose: To provide appropriate advice to a legal firm who has sought guidance relating to financial products for an individual who is party to legal proceedings in which the legal firm is involved, and where the individual is not a client of Openwork (such as pension sharing audits).
Information: Potentially any client data that may inform this assessment (see “As a client of Openwork’s” section).
Source: Based on information provided by the legal firm in relation to the relevant proceedings.
Legal Basis: As part of Openwork’s legitimate interest in ensuring that its response to the legal firm is accurate and appropriate and to support processing of special categories data for the establishment, exercise or defence of legal claims.
Other legal matters
Purpose: To deal with legal claims and on-going litigation cases.
Information: Names of individual involved in relevant legal matter and any relevant information in relation to that individual that may be relevant to the case.
Source: Provided by you as part of any on-going legal matter.
Legal Basis: Necessary for compliance with a legal obligation and for the establishment, exercise or defence of legal claims.
Anti money laundering
Purpose: To make checks with third party agencies to authenticate and verify your identity and to apply these checks to sanction lists for the purposes of meeting with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
Information: Name, address, contact details and customer due diligence report (ID match and politically exposed person, sanction lists and global adverse media checks). ID matches will include the processing of sensitive biometric data from photographic images for ID verification purposes.
Source: Provided by you as part of being a client of Openwork’s.
Legal Basis: Necessary for the compliance with a legal obligation, namely the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and for reasons of public interest in relation to suspicion of terrorist financing or money laundering.
Marketing communications and providing information on the work of Openwork
Purpose: To send you email notifications you have specifically requested in relation to Openwork’s services and communications such as newsletters and bulletins. To send you marketing communications relating to our business which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications and/or you wish to withdraw your consent).
Information: Email address, postal address, job title, organisation name, consent status for receiving marketing materials.
Source: Provided by you as part of accessing Openwork services or attending Openwork events.
Legal Basis: As part of Openwork’s legitimate interests where information is sent in paper form, or in certain situations where it is permitted under PECR in electronic form. Based on explicit consent provided by you, where required under PECR, for this information to be sent to you in electronic form.
Dealing with your enquiry or a complaint
Purpose: To allow Openwork to effectively deal with any enquiry or complaint you or others may have.
Information: Name, contact email and telephone number and nature of the enquiry or complaint. Personal data of complainants and respondents.
Source: Provided by you and others via our website, social media channels, telephone or in writing. Potentially provided by another organisation that we have contacted about a complaint you have made and who gives us your personal information in its response or a complainant may refer to you in their complaint correspondence.
Legal Basis: As part of Openwork’s legitimate interests. This will only be carried out in a way that balances the rights and interests of individuals against the legitimate interests of Openwork.
Dealing with individual rights
Purpose: To allow Openwork to respond to requests under the UK GDPR for individuals to exercise their rights e.g. to access their own data, request erasure of data, object to processing, etc.
Information: Provided by you via our website, social media channels, via email, telephone or in writing.
Source: Provided by you via our website, as part of a consultation, telephone or in writing.
Legal Basis: Openwork is legally obliged under the UK GDPR to respond to data subject requests.
Managing data breaches
Purpose: To be able to assess any impact on individuals of a data breach involving personal data held on Openwork systems or on third party systems.
Information: Any information relating to an individual that may have been breached.
Source: From any organisation or individual that may have reported this data breach to Openwork.
Legal Basis: Openwork is legally required under UK GDPR to respond to data breaches appropriately.
Supplier management
Purpose: To ensure appropriate financial management of on-going contracts with Openwork suppliers including sending statements, invoices and payment reminders to you, and collecting payments from you.
Information: Suppliers’ name, email, contact numbers and financial documentation such as purchase orders, invoices etc.
Source: Provided by the supplier organisation or generated by Openwork.
Legal Basis: In order to manage the on-going contract with that supplier.
Improving the use of our website and IT systems
Purpose: To ensure appropriate system administration and troubleshooting of website issues, to track the pages you have visited in order to improve the quality of the site and to personalise the website experience. To keep track of and solve issues users are experiencing with our technology systems, personalising our website for you, enabling your use of the services available on our website, keeping our website secure and preventing fraud.
Information: User’s IP address or the location of your computer or network on the internet and any individual’s data needed to deal with an internal system issue (where the issue is linked to that individual’s data).
Source: Automatically collected as part of using our website and via cookies on the website (see our separate cookie notice for more information) and identified by Openwork in managing specific IT issues.
Legal Basis: Explicit consent is sought for use of cookies when you access our website. Methods of turning off cookies can be found in our separate cookie notice. Ensuring our systems are working effectively and user issues can be resolved is part of our legitimate interests in running the organisation effectively.
Anonymous data records
We may create anonymous data records from your personal data by excluding information (such as your name) that make the data personally identifiable to you. We use this anonymous data (no longer linked to you) to analyse our products and services. We reserve the right to use such anonymous data for any purpose and disclose anonymous data to third parties, including but not limited to our research partners, at our sole discretion.
In certain circumstances we may process your personal data through automated decision-making, including profiling. This may include segmenting and tailoring the data to enable us to match our communication and products to your perceived needs. In the case we process your personal information through automated decision-making, we will inform you about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Section 10 “YOUR RIGHTS” below outlines your rights relating to the automated decision making and profiling.
We may use artificial intelligence (AI) systems to help us provide our services, improve efficiency, and enhance your experience. For example, we may use AI tools to analyse information, support decision-making, or assist with routine administrative tasks.
When we use AI, we do so in accordance with data protection law. We ensure that:
We do not make solely automated decisions that have a legal or similarly significant effect on you without human involvement.
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as is reasonably necessary for the purposes set out in this privacy notice.
We may also share your data with third parties to perform services on your behalf.
Types of third parties who may have access to your personal data include:
<li