Privacy policy

Who we are

We are Sprint Enterprise Technology Ltd (Sprint), a company that provides online software and data-processing services to professional financial Advisers and wealth managers to enable them to report on how they are managing their clients’ investments.

Sprint has two core products: a reporting application called Fastrak, and a data hub called FINIO.

In respect of Fastrak, for data protection purposes Sprint acts as both a Data Processor and a Data Controller. We are a Data Controller in respect of data that we hold concerning financial advisers and wealth managers, whereas we are a Data Processor in respect of any end client data (investment data or personal data). This privacy policy covers the data we hold concerning financial advisers and wealth managers.

In respect of FINIO, for data protection purposes Sprint acts as both a Data Processor and a Data Controller. We are a Data Controller in respect of data relating to the contacts that we have at the investment platforms, software systems and Financial Advisers concerned, whereas we are a Data Processor in respect of data that we pick up from investment platforms and deliver or make available to specific end points – this can be a software system used by a financial adviser, or directly to the financial adviser themselves. This Privacy Policy covers the data we hold concerning financial advisers and wealth managers.

The person responsible for this policy within Sprint is our chief executive and data protection officer, Robin Bevan, who can be reached via email to: data.protection@sprintenterprise.co.uk or via your financial adviser.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Why this policy exists

This privacy policy aims to explain to you how Sprint Enterprise Technology Ltd:

• Complies with data protection laws and follows best practice
• Protects your rights as someone whose investment details are recorded in our databases
• Is open about how it stores and processes your data
• Protects itself from the risks of a data breach

What data we hold about you

The exact content of the data we hold about you varies depending on where it comes from, however it may include some or all of the following:

• Your name (including title), gender, address, email address and telephone number(s)
• Your National Insurance Number and date of birth
• Your relationship to other persons recorded in our databases (e.g. spouse, parent etc.)
• Who your financial adviser is (individual and firm)
• Your investment goals and objectives, and your attitude to and capacity for risk.
• Copies of identifying information (e.g. passport) that your financial adviser needs to keep on file for regulatory (e.g. anti money-laundering) purposes.
• Which investment, pension and protection policies you hold (e.g. SIPPs, ISAs, Endowment Policies, Bonds, General Investment Accounts, Savings Plans, Live Insurance etc.). For these we record the name of the provider, the policy number, the policy type, the start date etc.
• Details of investments held within these policies now and in the past (i.e. the investment name, identifying code(s), number of units held, market prices and values). This includes cash amounts held within these policies in GBP or other currencies.
• Other assets you may hold or have held in the past – e.g. property, cars, directly-held shares, cash bank account etc. Information on these is limited – e.g. name & market value.
• Liabilities you may have or may have had in the past – e.g. mortgages, other loans. Information held on these is limited, e.g. name & current size of liability.
• Private documents & messages shared between you and your financial adviser.
• Investment reports and recommendations and your decisions about whether to accept or reject the recommendations.
• Dates and times of both successful and unsuccessful attempts by you (or using your username) to log into our client portal, and the network addresses (IP addresses) these came from.
• The company you work for.
• A record of communication that we may have had with you or your company.

How your data is acquired

Your personal data in Fastrak comes from three possible sources:

• From data that you have entered via our website (www.sprintenterprise.co.uk), support portal, or provided to us directly via email or other communication
• From third party sources who have your permission to pass us your details.
• From research that we have done using publicly available information.

Where your data is kept

All your personal data held within our systems is hosted in the UK on servers located in a highly secure data centre managed for us by a company called Rackspace. Rackspace is one of the world’s leading providers of secure hosting for information technology companies and holds the highest levels of internationally recognised certification for secure data management. Access is strictly controlled through multiple layers of security.

What we do with that data

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

• Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
• Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
• Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
• Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

We will use your personal data for the following purposes:

• To keep you informed of products and services provided by Sprint.

We will occasionally use some of the data relating to financial advisers in an
anonymised and aggregated form in order to generate key metrics – but this will be
stripped of all information that could directly or indirectly allow this data to be identified as potentially belonging to you.

We will never allow any of your personal data to be disclosed to any third party, unless explicitly authorised by yourself, for any purpose whatsoever, other than when ordered to do so by a legal authority (e.g. Court of Law) having the relevant jurisdiction to enforce that order.

How long we will keep your data

We will keep your personal data on file only for so long as the data is considered necessary, and only for so long as you have given us the permission to do so. You may at any time request that your data be deleted from our records.

Your rights

You have the following rights in respect of your personal data that we hold:

• Right to be informed - This privacy notice is in fulfilment of your right to be informed about how we are handling your data.
• Right of access - You have the right to access – free of charge and within a reasonable timeframe - your personal data and supplementary information held by us on your behalf. If you wish to obtain a copy of this please contact our Data Protection Officer.
• Right to rectification - If any of the personal data we hold is incorrect you have the right to have it corrected within one month of making such a request. If you wish to do this, please contact our Data Protection Officer.
• Right to erasure - We must delete or remove your personal data if you request that and there is no compelling reason for its continued processing. If you wish to do this, please contact our Data Protection Officer.
• Right to restrict processing - We must comply with any request to restrict, block, or otherwise suppress the processing of your personal data. We are still permitted to store your personal data if it has been restricted, but not process it further. We must retain enough data to ensure the right to restriction is respected in the future. If you wish the processing of your personal data to be restricted, please contact our Data Protection Officer.
• Right to data portability - We will provide you with a copy of your data on request so that you can reuse it for your own purposes. If you wish to invoke this right, please contact our Data Protection Officer.
• Right to object - You have the right to object to the way we are processing your data. If you wish to invoke this right, please contact our Data Protection Officer
• Rights in relation to automated decision making and profiling - You have additional legal rights in respect of systems that use your personal data for automated decision making and profiling, however, we do not and will not use your personal data for such purposes

If you have any questions

If you have any questions or concerns about any of the above, please contact our Data Protection Officer. We will endeavour to address all such queries in a timely manner – either directly or through updates to this policy.