Nightingale Protection

    Customer Privacy Notice

    This privacy notice tells you what to expect us to do with your personal information.

    Contact details

    Post:
    68 Kings Drive, Surbiton, KT5 8NH

    Telephone:
    07920 485601

    Email:
    chris@nightingaleprotection.co.uk

    What information we collect, use, and why

    To provide and improve products and services for clients

    We collect or use the following information:

    • Names and contact details
    • Addresses
    • Gender and pronoun preferences
    • Occupation
    • Date of birth
    • Marital status
    • Third party information (such as family members or other relevant parties)
    • Payment details (including card or bank information for transfers and direct debits)
    • Financial data (including income and expenditure)
    • Transaction data (including details about payments to and from you and details of products and services you have purchased)
    • Usage data (including information about how you interact with and use our website, products and services)
    • Employment details (including salary, sick pay and length of service)
    • Health information (such as medical records or health conditions)
    • Criminal records data (including driving or other convictions)
    • Video recordings
    • Audio recordings (e.g. calls)
    • Records of meetings and decisions

    Special category data: We also collect health information, which is subject to additional protection due to its sensitive nature.

    For the operation of client or customer accounts

    • Names and contact details
    • Addresses
    • Purchase or service history
    • Marketing preferences

    Special category data: Health information may also be collected for this purpose.

    For the prevention, detection, investigation or prosecution of crimes

    • Names and contact information
    • Client accounts and records
    • Financial information (e.g. for fraud prevention or detection)

    Special category data: Health information may also be collected for this purpose.

    For information updates or marketing purposes

    • Names and contact details
    • Profile information
    • Marketing preferences
    • Purchase or account history

    For research or archiving purposes

    • Purchase or client account history

    To comply with legal requirements

    • Name
    • Contact information
    • Client account information
    • Any other personal information required to comply with legal obligations
    • Criminal offence data

    Special category data: Health information may also be collected for this purpose.

    To protect client welfare

    • Names and contact information
    • Client account information

    For dealing with queries, complaints or claims

    • Names and contact details
    • Addresses
    • Payment details
    • Account information
    • Purchase or service history
    • Customer or client accounts and records
    • Financial transaction information
    • Correspondence

    Special category data: Health information may also be collected for this purpose.

    Lawful bases and data protection rights

    Under UK data protection law, we must have a "lawful basis" for collecting and using your personal information. You can find out more about lawful bases on the ICO's website.

    Your data protection rights

    Right of access

    You have the right to ask us for copies of your personal information and details about where we get it from and who we share it with.

    Right to rectification

    You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

    Right to erasure

    You have the right to ask us to delete your personal information in certain circumstances.

    Right to restriction of processing

    You have the right to ask us to limit how we can use your personal information.

    Right to object to processing

    You have the right to object to the processing of your personal data.

    Right to data portability

    You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

    Right to withdraw consent

    When we use consent as our lawful basis you have the right to withdraw your consent at any time.

    If you make a request, we must respond to you without undue delay and in any event within one month. To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

    Our lawful bases for collecting and using your data

    For providing and improving products and services, operating accounts, crime prevention, and legal compliance:

    • Consent — we have permission from you after giving you all the relevant information.
    • Contract — we need to collect or use the information to enter into or carry out a contract with you.
    • Legal obligation — we need to collect or use your information to comply with the law.
    • Legitimate interests — we collect and use information to determine premium amounts for our clients. We supply this to insurers so they can assess risk for the underwriting process to get a decision on the price and validity of a client's application.

    For marketing, research, archiving, protecting client welfare, and dealing with queries/complaints:

    • Consent — we have permission from you after giving you all the relevant information. You have the right to withdraw your consent at any time.
    • Legal obligation — for complaints handling, we may need to use your information to comply with the law.

    For more information on our use of legitimate interests as a lawful basis, please contact us using the contact details above.

    Where we get personal information from

    We collect personal information directly from you.

    How long we keep information

    We keep personal information only for as long as we need it for the purposes set out in this privacy notice, including to provide services, meet legal and regulatory obligations, resolve complaints, and maintain appropriate business and audit records. We regularly review what we hold and securely delete or anonymise information when it is no longer needed.

    Retention periods

    Enquiries / prospects (who do not become clients)

    Kept for up to 24 months from last contact, to manage follow-ups, document outcomes, and support service improvement reporting. If you ask us not to contact you, we keep a minimal suppression record to respect your preference.

    Clients – advice and policy arrangement records

    Including fact finds, demands & needs, suitability/recommendation rationale, application records, policy documents, and key communications — kept for at least 5 years from the date the relevant advice/activity/communication took place (and often longer where needed for complaint handling). FCA record-keeping rules include minimum retention expectations for certain regulated activities.

    Complaints records

    Kept for 6 years after the complaint is closed. This aligns with typical limitation/time-limit considerations for financial complaints.

    Claims support records

    Kept for 6 years after the claim is settled/closed (or longer if required due to dispute, litigation, or insurer/principal requirements).

    Marketing records and preferences

    Marketing preferences/consents/opt-outs kept while you remain on our marketing list and for up to 6 years after you opt out. Marketing contact details kept until you opt out or we decide the information is no longer current/needed.

    Payment details

    We do not keep full bank/card details where possible. If we take details to set up premiums, we enter them directly into the insurer/provider system and do not retain them.

    Accounting and tax records

    Invoices, commission statements, business accounts records — kept for at least 6 years from the end of the relevant company financial year.

    Call recordings

    If we record calls, recordings are typically kept for up to 24 months, unless needed longer for a complaint, dispute, or legal/regulatory requirement.

    Keeping information longer

    In some cases we may need to keep information for longer, for example:

    • Where there is an ongoing complaint, dispute, regulatory request, or legal claim ("legal hold")
    • Where laws or regulators require longer retention

    How we delete or anonymise information

    When retention periods expire, we securely delete personal information or anonymise it so it can no longer be linked to an individual. We also delete or securely dispose of paper records and securely remove data from IT systems in line with good information security practice.

    Who we share information with

    We may share personal information with:

    • Insurance companies, brokers or other intermediaries
    • Regulatory authorities
    • Organisations we're legally obliged to share personal information with

    How to complain

    Data protection complaints

    If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

    If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

    Information Commissioner's Office

    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    Helpline: 0303 123 1113

    Website: ico.org.uk/make-a-complaint

    Service complaints

    If you are unhappy with any aspect of the service you have received from us, you can raise a complaint directly with Nightingale Protection Ltd or with our principal firm, Kingsmead Financial Planning Ltd. Simple complaints may be resolved within 3 business days; more complex matters follow a formal process of up to 8 weeks. If you remain dissatisfied, you have the right to refer your complaint to the Financial Ombudsman Service.

    Full details of our complaints procedure, including contact details for Kingsmead Financial Planning Ltd and the Financial Ombudsman Service, are available on our complaints page.