Privacy Notice

MyEva Privacy Notice

MyEva takes the privacy of your data seriously.  MyEva is committed to safeguarding your privacy while providing a personalised and valuable service.  This Privacy Notice explains the data processing practices for MyEva.

We ask that you read this privacy notice carefully as it contains important information about MyEva; how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and the supervisory authority in the event you have a problem or complaint.

Italicised words in this privacy notice have their meaning set out in the Glossary of Terms at the end of this document.

Who is MyEva

MyEva collects, uses and is responsible for certain personal data about you.  MyEva is required to comply with data protection regulation, and we are responsible as a data controller of that personal data for the purposes of those laws.

When we mention “MyEva”, “we”, “us” or “ourwe are referring to MyEva a trading name of Wealth Wizards Benefits Ltd.

Wealth Wizards Benefits Ltd is registered in England and Wales (06030782) and our registered office is at Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.  We are authorised and regulated by the Financial Conduct Authority, our Financial Services Register number is 596641 and we are registered with the Information Commissioner's Office Registration No: ZA163085.

The personal data MyEva collects and uses

MyEva collects personally identifiable information about you through:

  • The use of enquiry and registration forms.
  • Your use of any MyEva products or our services.
  • The provision of your details to MyEva either online or offline.
  • The provision of your details supplied to MyEva by your employer.

In the course of providing our services to you MyEva may collect the following personal data when you provide it:

  • contact information
  • identity information
  • financial information
  • employment status
  • details of your dependants and/or beneficiaries under a policy (If you are providing information about another person, we expect you to ensure that they know you are doing so and are happy for their information to be provided to us.  You might find it helpful to show them this privacy notice and if they have any concerns please contact us in one of the ways described below.)
  • products

Special categories of data

Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These are known as ‘special categories of data’ and include data concerning your health, racial or ethnic origin, genetic data, bio-metric data and sexual orientation.  Data relating to criminal convictions or offences is also subject to additional levels of protection.

MyEva may process:

  • health information and lifestyle information
  • details of any vulnerability;

         and/or

  • criminal conviction or offence information when providing our services in relation to a range of products

MyEva doesn’t use any special category data (such as data about your health) in the automated process unless it’s strictly necessary to deliver our services and we have obtained your explicit consent to do so.

Information MyEva collects from other sources

MyEva also obtains personal data from other sources in the course of providing our services, including from your employer.  Where MyEva obtains this information from another party, it is their responsibility to make sure they explain that they will be sharing personal data with us and, where necessary, ask permission before sharing information.

The personal data MyEva obtains from other sources may include the following:

  • Your employer
  • Product providers/scheme administrators
  • Professionals such as your Solicitor or Accountant
  • Identification and verification checking agencies
  • identity information
  • sanction check information

How MyEva uses your personal data

In order to deliver our services to you effectively MyEva may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers, MyEva also uses Client Relationship Management systems (CRMs).  Where third parties are involved in processing your data, MyEva will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of care in processing your data and that they’ll only act in accordance with our written instructions.

MyEva also extracts certain information from your data for the purpose of generating statistics, but it is not possible to identify you from these statistics.

The table below sets out:

  • how MyEva uses your personal data.
  • the lawful bases upon which MyEva uses your personal data.
  • who MyEva routinely shares your personal data with.

Rationale/Reason for Processing

Lawful Basis for Processing

Third party recipients linked to that activity

To provide you with our services.
Performance of a contract
Product providers/scheme administrators
• Compliance support services
• IT Systems and software providers
• Accountancy, regulatory or legal services
Improving our services. 
Legitimate interest
• Compliance support services
• IT Systems and software providers
• Accountancy, regulatory or legal services
To retain records of our services or advice provided to you by MyEva in order to defend potential legal claims or complaints.
Performance of a contract
• Compliance support services
• IT Systems and software providers
• Accountancy, regulatory or legal services
To provide you with details of products and our services from MyEva.
Legitimate interest
• IT systems and software providers
To provide you with details of products and our services from third parties that may be of interest to you in accordance with your preferences.  For more information see ‘MyEva Marketing’ below.
Consent
• IT systems and software providers
• Marketing agencies

Automated decision making and profiling

MyEva uses automation to make some decisions without any human involvement.  These decisions are generally based on factual data and can lead to quicker and more consistent decisions, particularly where large volumes of data need to be analysed.  When you use MyEva, your personal data will be gathered through the information that you give us, your data is then processed by MyEva to carry out our services to you.  If you’re unsure about the outcome of the automated processes or require more information about these; you can contact us to discuss or to challenge the outcome.

Use of cookies and other tracking devices

As is common practice with almost all professional websites, MyEva uses cookies, which are tiny files that are downloaded to your computer, to improve your experience.  MyEva's Cookies Policy describes what information we gather, how we use them and why we sometimes need to store these cookies.  MyEva will also share how you can prevent these cookies from being stored, however this may downgrade or disrupt certain elements of their functionality. The MyEva Cookies Policy can be viewed here.

MyEva uses tracking on some web pages, which records user movements, including page scrolling, mouse clicks and text entered.  The data MyEva collects in this way helps to identify usability issues, to improve the assistance and technical support MyEva can provide to users and is also used for aggregated and statistical reporting purposes.

Telephone calls

MyEva may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve the quality of our services, and to help detect or prevent fraud or other crimes.  Conversations may also be monitored for staff training purposes.

Servicing and Engagement Communications

MyEva uses your personal data to identify and provide you with details of products and our services that we believe will be useful to you as a registered user.  MyEva will only do so where there is a legitimate business reason to do so and where we believe such processing whilst not required by law is of clear benefit to you.  These engagement communications will have a limited privacy impact and will be of a nature that you should reasonably expect us to use your data in this way.

You can opt out of receiving engagement emails at any time; however, dependent on the products and our services that we provide to you it may not be possible to unsubscribe to all emails, as we may have a lawful requirement to do so in order to fulfil our contractual obligations to you.  

MyEva Marketing

MyEva may from time to time use personal data held about you to help identify, tailor and provide you with details of products from selected third parties that may be of interest to you.  MyEva will only do so where you have provided us with your consent to email details of products and services of third parties and will do this in accordance with any marketing preferences you have provided to MyEva.

You can opt out of receiving marketing at any time.  If you wish to amend your marketing preferences, please contact us.

How long will MyEva hold your personal data

MyEva will not hold your personal data for longer than is required under the terms of our contract for our services with you.  MyEva is subject to regulatory requirements to retain data for specified minimum periods.  In addition, we are obliged to treat our customers fairly in the event of a future complaint and therefore MyEva reserves the right to retain data for longer than these specified minimum periods in order to allow us to investigate such complaints and, if necessary, defend a future claim against us, currently we hold most data for 7 years.  However, MyEva may keep your data for longer than 7 years if we cannot delete it for legal or regulatory reasons; for example, MyEva has to hold pension transfer information indefinitely.  

MyEva will therefore keep your personal information securely for as long as we need to for the purpose of providing you with financial advice under the terms of our services or for as long as we are required to by relevant regulations.  MyEva regularly reviews the legal and regulatory obligations around the retention of your personal information.

Keeping your personal data secure

MyEva takes measures to ensure the security of your data, industry best-practice is followed at all stages of the data life-cycle.  MyEva is always working to improve the methods employed to secure your data, for example, data is encrypted when in transit across public internet links and stored in an encrypted format in our systems.  MyEva limits access to your personal data to those who have a genuine business need to know it.  Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

MyEva has procedures in place to deal with any suspected data security breach.  MyEva will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

You are responsible for your secure use of MyEva and for choosing a secure password when MyEva asks you to set up a password to access our services.  You should keep this password confidential and should choose a password that you do not use on any other site.  You should not share your password with anyone else, including anyone who works for MyEva.  Unfortunately, sending information via the internet is not completely secure.  Although we will do our best to protect your personal data once with us, MyEva cannot guarantee the security of any personal data sent to our site while still in transit and so you provide this at your own risk.

Transfer of your information out of the UK and European Economic Area (EEA)

We will only ever transfer your information to processors based in other countries outside the UK and EEA where We consider that there are adequate safeguards provided for your information, with individual rights standards that meet the UK GDPR requirements and the use of these processors is necessary in the fulfilment of our obligations to you.  We currently engage some US-based processors to provide services such as data analytics and marketing communications.  To be clear, we shall only engage with processors based in other countries outside the UK and EEA where we consider that there are adequate safeguards provided for your data.

If personal data is transferred from the UK or a country within the European Economic Area to a country outside the European Economic Area which do not ensure an adequate level of data protection within the meaning of UK Data Protection Laws, we shall ensure that your personal data is adequately protected. To achieve this, we (unless agreed otherwise) rely on UK approved Standard Contractual Clauses and where necessary additional supplementary measures for the transfer of personal data from the UK, EU, the EEA and/or their member states and Switzerland to countries which do not ensure an adequate level of data protection within the meaning of UK Data Protection Laws.

MyEva and your rights

You have legal rights under data protection regulation in relation to your personal data.  These are set out in the table below:

Your right to...

What this means for you

access personal data
You can ask MyEva to confirm whether we have and are using your personal data.  You can also ask for a copy of your personal data from MyEva and for information on how we process it.  MyEva may ask you for proof of identity when making a request to exercise these rights.  MyEva does this to ensure we only disclose information or change your details where we know we are dealing with the right individual.

MyEva will not ask for a fee, unless we think your request is unfounded, repetitive or excessive.  Where a fee is necessary, MyEva will inform you before proceeding with your request.  MyEva aims to respond to all valid requests within one month.  It may however take longer if the request is particularly complicated or you have made several requests.  MyEva will always let you know if a response will take longer than one month.  To speed up the response, MyEva may ask you to provide more detail about what you want to receive or are concerned about.

MyEva may not always be able to fully address your request, for example if it would impact the duty of confidentiality of others, or if we are otherwise legally entitled to deal with the request in a different way.
correction or erasure of personal data
You can ask that MyEva rectify any information about you which is incorrect.  MyEva will be happy to rectify such information but may need to verify the accuracy of the information first.

You can ask that MyEva erase your personal data if you think we no longer need to use it for the purpose we collected it from you.  You can also ask that MyEva erase your personal data if you have withdrawn your consent to MyEva using your information (if we originally asked for your consent to use your information).

Please note; MyEva may not always be able to comply with your request, for example where we need to keep using your personal data in order to comply with our legal obligation or where we need to use your personal data to establish, exercise or defend legal claims.
restrict how MyEva uses personal data
You can ask that MyEva restrict the use of your personal data in certain circumstances, for example:

• where you think the information is inaccurate and MyEva needs to verify it;
• where MyEva’s use of your personal data is no longer required, but you do not want us to erase it;
• where the information is no longer required for the purposes for which it was collected, but MyEva needs it to establish, exercise or defend legal claims; or
• where you have objected to MyEva’s use of your personal data, but we still need to verify if we have overriding grounds to use it.

MyEva can continue to use your personal data following a request for restriction where we have regulatory obligations; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
object to how MyEva uses personal data
You can object to any use of your personal data, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information.  If you raise an objection, MyEva may continue to use the personal data if we can demonstrate that we have compelling legitimate interest to use the information.
to transfer personal data to another organisation
You can ask MyEva to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).

You may only exercise this right where MyEva uses your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data.  
This right only applies to:
• data that is held electronically, and
• you have provided to Wealth Wizards.
object to automated decisions
If MyEva made a decision about you based solely by automated means (i.e. with no human intervention), and the decision made by MyEva produces a legal effect concerning you, or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review.  These rights do not apply where MyEva is authorised by law to make such decisions and has adopted suitable safeguards in the decision-making processes to protect your rights and freedoms.
find out more about how MyEva uses personal data
If you are not satisfied with the level of information provided in this privacy notice, you can ask MyEva:
• What personal data we have about you and where we got your data from;
• What we use your information for and what automated decision were made;
• Who we disclose your information to and whether we transfer it abroad;
• How we protect your information and how long we keep it for;  
• What rights you have and how you can make a complaint.

If you would like to exercise any of the above rights, please:

  • provide us with information to identify you, e.g. name, address, date of birth; also
  • proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • details of what your information request relates.

email: eva@myeva.com or
write to: Wealth Wizards Benefits Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT;

MyEva and the Information Commissioner’s Office (ICO)

If you are not happy with the way MyEva is handling your personal data, you have a right to lodge a complaint with the Information Commissioner's Office.  It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk).

We do however ask that you please attempt to resolve any issues directly with us before contacting the ICO.

How to contact MyEva

Please contact MyEva if you have any questions about this privacy notice or the information, we hold about you.

If you wish to contact MyEva, please send us an email eva@myeva.com or write to Wealth Wizards Benefits Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.

Making changes to the MyEva Privacy Notice

MyEva reserves the right to add to or change the terms of this Privacy Notice without prior notice.  If MyEva changes this Privacy Notice, we will post the new Privacy Notice on the Service, and it will become effective from the time of posting.  Please visit the MyEva Privacy Notice on a regular basis to ensure you have read the latest version to understand what we do with your personal data.

Glossary of Terms

we, us or our
MyEva a trading name of Wealth Wizards Benefits Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.
contact information
These are details that can be used to contact a person, including title, first name, surname, personal telephone number, email address, home address, postcode or city of residence.  This may also include work contact information such as a works telephone number or a company email address.
data controller
A natural or legal person (such as a company) which determines the means and purposes of the processing of personal data.  For example, MyEva is a data controller as we determine how we will collect personal data from you, the scope of the personal data which will be collected, and the purposes for which it will be used in the course of us providing you with our services.
data protection regulation
The applicable data privacy and protection laws, including the Data Protection Act 2018 in the UK and the GDPR in Europe and local implementing laws.
employment status
This is information about whether you are; employed, self-employed, unemployed, a student or retired.
Financial Conduct Authority
The Financial Conduct Authority, being the independent watchdog that regulates the financial services industry.
financial information
This is information relating to your financial status, including salary/income, outgoings/expenditure and tax status.
health information
This is information relating to your medical history, including symptoms, diagnoses, procedures and outcomes, as well as information about your height and weight.  This could include previous and current or persistent medical conditions and family medical history.
identity information
This is any information that can be used to distinguish a person or verify their identity, such as name, date of birth, place of birth, gender, marital status, passport, drivers' licence and national insurance number.
legitimate interest
Legitimate interests is one of the six lawful bases for processing personal data.  Wealth Wizards must have a lawful basis in order to process personal data in line with the ‘lawfulness, fairness and transparency’ principle.  When processing personal data on the basis of legitimate interests, Wealth Wizards will complete a legitimate interests assessment to judge the purpose, need and balance (is the legitimate interest overridden by the data subjects' interests, rights or freedoms?) of the processing.
lifestyle information
This includes both work and leisure behaviour patterns.  Most relevant to your products may be your smoker status, alcohol consumption, health, retirement age and exercise habits.
our services
This is the financial advice MyEva gives you and the services we provide to you in relation to products.
products
These can include an investment, pension and/or protection product in respect of which we provide our services to you.
product providers/scheme administrators
These are companies which provide or administer investment, pension and/or protection products or schemes.
sanction check information
This is information relating to your "politically exposed persons" (PEPs) status and Her Majesty’s Treasury financial sanctions status, which is recorded to prevent fraud and money laundering.
vulnerability
A vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when an advisory firm is not acting with appropriate levels of care. These customers are more likely to suffer severe detriment if something goes wrong.  Details of vulnerability fall in to the following categories: health; resilience (financial); life events; and capability (financial knowledge/ confidence).
Updated on 04 August 2023 (v. 26)