We ask that you read this privacy notice carefully as it contains important information about MyEva; how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and the supervisory authority in the event you have a problem or complaint.
Who is MyEva
MyEva collects, uses and is responsible for certain personal data about you. MyEva is required to comply with data protection regulation, and we are responsible as a data controller of that personal data for the purposes of those laws.
When we mention “MyEva”, “we”, “us” or “our” we are referring to MyEva a trading name of Wealth Wizards Benefits Ltd.
Wealth Wizards Benefits Ltd is registered in England and Wales (6030782) and our registered office is at Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT. We are authorised and regulated by the Financial Conduct Authority, our Financial Services Register number is 596641 and we are registered with the Information Commissioner’s Office Registration No: ZA163085.
The personal data MyEva collects and uses
MyEva collects personally identifiable information about you through:
- The use of enquiry and registration forms.
- Your use of any MyEva products or our services.
- The provision of your details to MyEva either online or offline.
- The provision of your details supplied to MyEva by your employer.
In the course of providing our services to you MyEva may collect the following personal data when you provide it:
- contact information
- identity information
- financial information
- employment status
Special categories of data
Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These are known as ‘special categories of data’ and include data concerning your health, racial or ethnic origin, genetic data, bio-metric data and sexual orientation. Data relating to criminal convictions or offences is also subject to additional levels of protection.
MyEva may process:
- health information and lifestyle information
- details of any vulnerability;
- criminal conviction or offence information when providing our services in relation to a range of products
MyEva doesn’t use any special category data (such as data about your health) in the automated process unless it’s strictly necessary to deliver our services and we have obtained your explicit consent to do so.
Information MyEva collects from other sources
MyEva also obtains personal data from other sources in the course of providing our services, including from your employer. Where MyEva obtains this information from another party, it is their responsibility to make sure they explain that they will be sharing personal data with us and, where necessary, ask permission before sharing information.
The personal data MyEva obtains from other sources may include the following:
- Your employer
- Product providers/scheme administrators
- Professionals such as your Solicitor or Accountant
- Identification and verification checking agencies
- identity information
- sanction check information
How MyEva uses your personal data
In order to deliver our services to you effectively MyEva may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers, MyEva also uses Client Relationship Management systems (CRMs). Where third parties are involved in processing your data, MyEva will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of care in processing your data and that they’ll only act in accordance with our written instructions.
MyEva also extracts certain information from your data for the purpose of generating statistics, but it is not possible to identify you from these statistics.
The table below sets out:
- how MyEva uses your personal data.
- the lawful bases upon which MyEva uses your personal data.
- who MyEva routinely shares your personal data with.
|Rationale/Reason for Processing||Lawful Basis for Processing||Third party recipients linked to that activity|
|To provide you with our services.||Performance of a contract||
|Improving our services.||Legitimate interest||
|To retain records of our services or advice provided to you by MyEva in order to defend potential legal claims or complaints.||Legitimate interest||
|To provide you with details of products and our services from MyEva and third parties that may be of interest to you in accordance with your preferences. For more information see ‘MyEva Marketing’ below.||Consent||
Automated decision making and profiling
MyEva uses automation to make some decisions without any human involvement. These decisions are generally based on factual data and can lead to quicker and more consistent decisions, particularly where large volumes of data need to be analysed. When you use MyEva, your personal data will be gathered through the information that you give us, your data is then processed by MyEva to carry out our services to you. If you’re unsure about the outcome of MyEva’s automated processes or require more information about these; you can contact us to discuss or to challenge the outcome.
MyEva uses tracking on some web pages, which records user movements, including page scrolling, mouse clicks and text entered. The data MyEva collects in this way helps to identify usability issues, to improve the assistance and technical support MyEva can provide to users and is also used for aggregated and statistical reporting purposes.
MyEva may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve the quality of our services, and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.
MyEva may use personal data held about you to help identify, tailor and provide you with details of products and our services from MyEva that may be of interest to you. MyEva will only do so where there is a legitimate business reason to do so and will do this in accordance with any marketing preferences you have provided to MyEva.
In addition, where you provided your consent, MyEva may provide you with details of products and services of third parties where they may be of interest to you.
You can opt out of receiving marketing at any time. If you wish to amend your marketing preferences, please contact us.
How long will MyEva hold your personal data
MyEva will not hold your personal data for longer than is required under the terms of our contract for our services with you. MyEva is subject to regulatory requirements to retain data for specified minimum periods. In addition, we are obliged to treat our customers fairly in the event of a future complaint and therefore MyEva reserves the right to retain data for longer than these specified minimum periods in order to allow us to investigate such complaints and, if necessary, defend a future claim against us, currently 7 years. However, MyEva may keep your data for longer than 7 years if we cannot delete it for legal or regulatory reasons; for example, MyEva has to hold pension transfer information indefinitely.
MyEva will therefore keep your personal information securely for as long as we need to for the purpose of providing you with financial advice under the terms of our services or for as long as we are required to by relevant regulations. MyEva regularly reviews the legal and regulatory obligations around the retention of your personal information.
Keeping your personal data secure
MyEva takes measures to ensure the security of your data, industry best-practice is followed at all stages of the data life-cycle. MyEva is always working to improve the methods employed to secure your data, for example, data is encrypted when in transit across public internet links and stored in an encrypted format in our systems. MyEva limits access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
MyEva has procedures in place to deal with any suspected data security breach. MyEva will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
You are responsible for your secure use of MyEva and for choosing a secure password when MyEva asks you to set up a password to access our services. You should keep this password confidential and should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for MyEva. Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us, MyEva cannot guarantee the security of any personal data sent to our site while still in transit and so you provide this at your own risk.
Transfer of your information out of the European Economic Area (EEA)
We will only ever transfer your information to processors based in other countries outside the EEA where we consider that there are adequate safeguards provided for your information, with individual rights standards that meet the GDPR requirements and the use of these processors is necessary in the fulfilment of our obligations to you.
To achieve this, we will use EU approved standard contractual clauses for the transfer of this data. When transferring personal data to the US we will only use providers who are self-certified under the EU-US Privacy Shield. The EU-US Privacy Shield addresses the collection, protection, storage, transfer and use of data transferred from the EEA the US.
MyEva and your rights
You have legal rights under data protection regulation in relation to your personal data. These are set out in the table below:
|Your right to…||What this means for you|
|access personal data||You can ask MyEva to confirm whether we have and are using your personal data. You can also ask for a copy of your personal data from MyEva and for information on how we process it. MyEva may ask you for proof of identity when making a request to exercise these rights. MyEva does this to ensure we only disclose information or change your details where we know we are dealing with the right individual.
MyEva will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, MyEva will inform you before proceeding with your request. MyEva aims to respond to all valid requests within one month. It may however take longer if the request is particularly complicated or you have made several requests. MyEva will always let you know if a response will take longer than one month. To speed up the response, MyEva may ask you to provide more detail about what you want to receive or are concerned about.
MyEva may not always be able to fully address your request, for example if it would impact the duty of confidentiality of others, or if we are otherwise legally entitled to deal with the request in a different way.
|correction or erasure of personal data||You can ask that MyEva rectify any information about you which is incorrect. MyEva will be happy to rectify such information but may need to verify the accuracy of the information first.
You can ask that MyEva erase your personal data if you think we no longer need to use it for the purpose we collected it from you. You can also ask that MyEva erase your personal data if you have withdrawn your consent to MyEva using your information (if we originally asked for your consent to use your information).
Please note; MyEva may not always be able to comply with your request, for example where we need to keep using your personal data in order to comply with our legal obligation or where we need to use your personal data to establish, exercise or defend legal claims.
|restrict how MyEva uses personal data||You can ask that MyEva restrict the use of your personal data in certain circumstances, for example:
MyEva can continue to use your personal data following a request for restriction where we have regulatory obligations; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
|object to how MyEva uses personal data||You can object to any use of your personal data, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, MyEva may continue to use the personal data if we can demonstrate that we have compelling legitimate interest to use the information.|
|to transfer personal data to another organisation||You can ask MyEva to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where MyEva uses your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data. This right only applies to data that:
|object to automated decisions||If MyEva made a decision about you based solely by automated means (i.e. with no human intervention), and the decision made by MyEva produces a legal effect concerning you, or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where MyEva is authorised by law to make such decisions and has adopted suitable safeguards in the decision-making processes to protect your rights and freedoms.|
|find out more about how MyEva uses personal data||If you are not satisfied with the level of information provided in this privacy notice, you can ask MyEva:
If you would like to exercise any of the above rights, please:
- provide us with information to identify you, e.g. name, address, date of birth; also
- proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- details of what your information request relates.
email: email@example.com or write to: Wealth Wizards Benefits Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT;
MyEva and the Information Commissioner’s Office (ICO)
If you are not happy with the way MyEva is handling your personal data, you have a right to lodge a complaint with the Information Commissioners Office. It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk).
We do however ask that you please attempt to resolve any issues directly with us before contacting the ICO.
How to contact MyEva
If you wish to contact MyEva, please send us an email: firstname.lastname@example.org or write to Wealth Wizards Benefits Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.
Glossary of Terms
|we, us or our||MyEva a trading name of Wealth Wizards Benefits Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.|
|contact information||These are details that can be used to contact a person, including title, first name, surname, personal telephone number, email address, home address, postcode or city of residence. This may also include work contact information such as a works telephone number or a company email address.|
|data controller||A natural or legal person (such as a company) which determines the means and purposes of the processing of personal data. For example, MyEva is a data controller as we determine how we will collect personal data from you, the scope of the personal data which will be collected, and the purposes for which it will be used in the course of us providing you with our services.|
|data protection regulation||The applicable data privacy and protection laws, including the Data Protection Act 2018 in the UK and the GDPR in Europe and local implementing laws.|
|employment status||This is information about whether you are; employed, self-employed, unemployed, a student or retired.|
|Financial Conduct Authority||The Financial Conduct Authority, being the independent watchdog that regulates the financial services industry.|
|financial information||This is information relating to your financial status, including salary/income, outgoings/expenditure and tax status.|
|health information||This is information relating to your medical history, including symptoms, diagnoses, procedures and outcomes, as well as information about your height and weight. This could include previous and current or persistent medical conditions and family medical history.|
|identity information||This is any information that can be used to distinguish a person or verify their identity, such as name, date of birth, place of birth, gender, marital status, passport, drivers’ licence and national insurance number.|
|legitimate interest||Legitimate interests is one of the six lawful bases for processing personal data. Wealth Wizards must have a lawful basis in order to process personal data in line with the ‘lawfulness, fairness and transparency’ principle.
When processing personal data on the basis of legitimate interests, Wealth Wizards will complete a legitimate interests assessment to judge the purpose, need and balance (is the legitimate interest overridden by the data subjects’ interests, rights or freedoms?) of the processing.
|lifestyle information||This includes both work and leisure behaviour patterns. Most relevant to your products may be your smoker status, alcohol consumption, health, retirement age and exercise habits.|
|our services||This is the financial advice MyEva gives you and the services we provide to you in relation to products.|
|products||These can include an investment, pension and/or protection product in respect of which we provide our services to you.|
|product providers/scheme administrators||These are companies which provide or administer investment, pension and/or protection products or schemes.|
|sanction check information||This is information relating to your “politically exposed persons” (PEPs) status and Her Majesty’s Treasury financial sanctions status, which is recorded to prevent fraud and money laundering.|
|vulnerability||A vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when an advisory firm is not acting with appropriate levels of care. These customers are more likely to suffer severe detriment if something goes wrong. Details of vulnerability fall in to the following categories: health; resilience (financial); life events; and capability (financial knowledge/ confidence).|
Updated on 9th march 2020 (v. 25)