Privacy Policy

This Privacy Policy contains information about Broadstone’s policies governing the collection and use of your personal information. Broadstone is the trading name of Broadstone Consulting Actuaries Limited (04240092), Broadstone Corporate Benefits Limited (07978187), each with registered office at 55 Baker Street, London, England, W1U 8EW, and Broadstone Risk & Healthcare Limited (SC191020) whose registered office is at Falkirk Business Hub, 45 Vicar Street, Falkirk, FK1 1LL.

We value the privacy of those who provide personal information to us and this Privacy Policy applies to our customers, personnel who work for our customers, members of the schemes to which we provide services, website visitors, suppliers and contractors.  It describes the personal information that we collect, how we use this information, the legal basis on which we process it, with whom it is shared and how it is stored.

Please read this Privacy Policy carefully to understand how we handle personal information.

By accessing or browsing our website, contacting us on social media, using any of the services that we provide or otherwise providing your information to us, you confirm that you have read and understood this Privacy Policy.

From time to time we may need to make changes to this Privacy Policy. In the event that we update our Privacy Policy the updated version will be on our website and, where appropriate, notified to you by post or email. We advise you to regularly review this Privacy Policy.  By continuing to use the services and our website to supply services to us you are confirming that you have read and understood the latest version of our privacy policy.

1.             Information we collect

We may collect and use any of the following information and we refer to this as ‘personal information’ throughout this Privacy Policy:

1.1          Personal information that you give us

You, your employer or your scheme trustee/administrator may give us personal information about you by using the online forms provided on our website, completing order forms, setting up an account with us, or by contacting us by phone, e-mail or other means. This includes, for example, when personal information is provided to us in order to receive our services.   You or your employer may also give us personal information about you when you are, or it is offering or providing services, to us.

Such personal information may include:

(a)           Information about you

(i)             Your name

(ii)            Address and post code

(iii)           Email address

(iv)          Telephone number

(v)           Your job title

(vi)          Company name

(vii)         Company address

(viii)        Account information

(ix)          Gender

(x)           Date of birth

(xi)          Salary and pension details (and other financial information such as information about employee benefit schemes)

(xii)         Marital status

(xiii)        Health information

(xiv)        Information provided in correspondence

(xv)         Updates in information provided to us

(b)           Information about the services we provide to you

(i)             Information needed to provide services to you

(ii)            Customer services information

(iii)           Customer relationship management and marketing information

(c)           Information about services we receive from you or your employer

(i)             Your website

(ii)            Supplier due diligence information

(iii)           Work contact information (phone number, postal address, email address)

Some of the personal information that we collect about you or which you or your employer provides to us about you may be special categories of data.  Special categories of data include information about racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, your physical and mental health or sexual life.

Please note that we need certain types of personal information so that we can provide services to you so you, or your employer, can provide services to us. If you do not provide us with such personal information, or ask us to delete it, you may no longer be able to access our services or provide goods and services to us.

1.2          Personal information we collect about you

(a)           Each time you visit our website we may automatically collect any of the following information:

(i)            Technical information, including the Internet protocol (IP) address used to connect your computer to the internet, domain name and country which requests information, the files requested, browser type and version, browser plug-in types and versions, operating system and platform;

(ii)           Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.

(b)           We may intercept, monitor and/or keep records of email communications entering and leaving our systems.

(c)           If you contact us on social media, we will collect certain information about you from your social media page and through your interactions with us or with information about our services.

(d)           If you are a journalist or work for an institution/trade association in our industry, we may collect information about you from public sources.

(e)           If you are a customer or a supplier (or a potential customer or supplier) or work for one of them (including as a consultant), we may obtain information about you from your company’s website.

(f)            We may acquire personal information from third party providers in order to promote and market our services.  Any such marketing will be carried out in accordance with section 10.

(g)           We may acquire personal information in relation to the members of the schemes to which we provide services from third parties such as insurance companies and medical professionals.

2.             Use of information

We, or third party data processors acting on our behalf, collect, use and store the personal information listed above for the following reasons:

2.1          Visiting our website:

(a)          To allow you to access and use our website;

(b)          To provide technical support;

(c)          To provide you with the information and services that you request from us;

(d)          To ensure the security of our services and our website;

(e)          To recognise you when you return to our website; and

(f)           For improvement and maintenance of our website and preparing reports or compiling statistics in order to improve our services. Such details will be anonymised as far as is reasonably possible and you will not be identifiable from the information collected.

2.2          Receiving goods and services from you

(a)          To enable us to receive and manage services from you (including supplier due diligence, payment and expense reporting and financial audits);

(b)          For health and safety records and management;

(c)          To assess your working capacity;

(d)          To confirm information on CVs and perform reference checks, to assess you or your employer’s suitability to work for us; and

(e)          For equal opportunities monitoring.

2.3          Providing services to you

(a)          To provide relevant services and support to you, your employer or scheme trustee/administrator;

(b)          To deal with any enquiries or issues you have about our services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you.

(c)          To send you certain communications (including by email or phone) about our services such as service announcements and administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges);

(d)          To allow you to attend our events;

(e)           For health and safety and quality assurance; and

(f)           To carry out statistical analysis and market research.

2.4          For internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies.

2.5          To comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so.

2.6          To establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.

2.7          If you contact us on social media, to monitor your interactions with us and our brand online, where it is in our legitimate interests to do so for market research and for planning future marketing campaigns.

2.8          If you are a journalist, where it is in our legitimate interests to contact you to invite you to write a news article about our services; to invite you to events, send you promotional material and for press releases.

3.             Legal basis for use of your personal information

3.1          We consider that the legal bases for using your personal information as set out in this Privacy Policy are as follows:

(a)          Our use of your personal information is necessary to perform our obligations under any contract with you (for example, to comply with the terms of use of our website which you accept by browsing our website and/or to comply with our contract to provide services to or receive services from you or your employer); or

(b)          Our use of your personal information is necessary for complying with our legal obligations (for example, providing information to HMRC); or

(c)          Where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests include to:

(i)            Run, grow and develop our business;

(ii)           Operate our website;

(iii)          Select appropriately skilled and qualified suppliers;

(iv)          Ensure a safe working environment for our staff and visitors;

(v)           Marketing, market research and business development;

(vi)          Provide services to our customers, make and receive payment, provide customer services and to know the customer that we are providing services to;

(vii)         Place, track and ensure fulfilment of orders with our suppliers; and

(viii)        For internal group administrative purposes.

3.2          We may use your special categories of data where you have provided your consent (which you may withdraw at any time after giving it, as described below).

3.3          In the future, other use of other personal information may be subject to your consent (which can be withdrawn at any time after giving it, as described below). Where this is the case, that need for consent will be identified in this Privacy Policy.

3.4          If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at corporate@broadstone.co.uk and we will stop doing so. However, if you withdraw your consent, this may impact the ability for you to be able to provide services to us (for example, if those services require health assessments that involve use of your special categories of data) or for us to provide services to you.

4.             Cookies

4.1          To ensure that our website is well managed and to facilitate improved navigation within the website, some pages use cookies, which are small files placed on your internet browser when you visit our website. We use cookies in order to:

(a)           Offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences;

(b)           Manage our website by enabling us to develop the content and functionality of the website to better meet the needs of users;

(c)           Track information on our systems and identify categories of users by items such as address, browser type and pages visited; and

(d)           Analyse the number of visitors to different areas of the website and to ensure that the website is serving as a useful, effective information source.

4.2          Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website.

4.3          For detailed information on the cookies we use and the purposes for which we use them, please refer to our cookies policy here : cookie policy. By continuing to use our website and/or our services, you are agreeing to our use of cookies as described in our cookies policy.

5.             Sharing your personal information

5.1          We may share your personal information with any company that is a member of our group, where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of services to our customers, management information, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance). We may also share your personal information with our group companies where they provide products and services to us.

5.2          We will share your personal information with the following categories of third parties:

(a)           Our service providers and sub-contractors, including but not limited to our online benefits software provider, payment processors, suppliers of technical and support services, insurers, logistic providers, and IT service providers;

(b)           Companies that assist us in our marketing, advertising and promotional activities; and

(c)           Analytics and search engine providers that assist us in the improvement and optimisation of our website.

Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

5.3           We will also disclose your personal information to third parties:

(a)            Where it is in our legitimate interests to do so to run, grow and develop our business:

(i)             If we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;

(ii)           If substantially all of Broadstone or any of its affiliates’ assets are acquired by a third party, in which case personal information held by Broadstone will be one of the transferred assets;

(b)           If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;

(c)           In order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or

(d)           To protect the rights, property, or safety of Broadstone, our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.

5.4          Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

6.             Retention of personal information

6.1          We keep your personal information for no longer than necessary for the purposes for which the personal information is processed.  The length of time we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights, for example:

(a)           In general customer personal information will be deleted when the customer relationship ends (however personal information may be retained if such information needs to be transferred to an alternative service provider or if required to defend any legal claims);

(b)           FCA regulated activity advice will be retained in line with regulatory requirements.

6.2          Further information on the length of time during which we retain your personal information can be found in our Records Management Policy/Records Retention Rules.  A copy is available upon request

7.             Security of your information

7.1          Broadstone is committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access, unavailability and destruction and takes all reasonable precautions to safeguard the confidentiality of personal information, including through use of appropriate organisational and technical measures. Organisational measures include physical access controls to our premises, restricting access on a need to know basis, staff training, adequate business continuity and disaster recovery procedures and locking physical files in filing cabinets.  Technical measures include use of encryption, using secure web portals to send special categories of personal information, passwords for access to our systems and use of anti-virus software.  Additionally Broadstone has secured Cyber Essentials certification and Broadstone’s datacentre is ISO 27001 accredited.

7.2          In the course of provision of your personal data to us, your personal information may be transferred over the internet.  Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk.

7.3          Where we have given you (or where you have chosen) a password which enables you to access an online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

8.             Transfers of personal information

8.1          The personal information may be used, stored and/or accessed by third party data processors. This may be for the purposes listed in section 2 above, the provision of our services to you,  your employer or scheme trustee/administrator, the receipt of services from you or your employer, the processing of transactions and/or the provision of support services.

8.2          If we provide any personal information about you to any such non-EEA ( European Economic Area ) third party data processors, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy.  These measures include:

(a)           In the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome); or

(b)           In the case of entities based in other countries outside the European Economic Area, entering into European Commission approved standard contractual arrangements with them.

8.3          Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting Liz Kane, Head of Compliance (020 3689 6900 or liz.kane@broadstone.co.uk) at any time.

9.             Third party websites

9.1          Our website may, from time to time, contain links to websites operated by third parties including partner networks and our group companies. Please note that this Privacy Policy only applies to the personal information that we collect and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

10.          Marketing

10.1        We may collect and use your personal information for undertaking marketing by email, or phone.

10.2        We may send you certain marketing communications (including electronic marketing communications to existing customers) if it is in our legitimate interests to do so for marketing and business development purposes.

10.3        However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.

10.4        If you wish to stop receiving marketing communications, you can contact us by email at corporate@broadstone.co.uk at any time, by calling 020 3869 6900 during business hours or by clicking on the unsubscribe link which will be located in all our marketing communications.

11.          Your rights

11.1        You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact Liz Kane, Head of Compliance (020 3689 6900 or liz.kane@broadstone.co.uk) at any time. You have the right to request that we:

(a)           provide access to any personal information we hold about you;

(b)           update any of your personal information which is out of date or incorrect;

(c)           delete any personal information which we are holding about you;

(d)           restrict the way that we process your personal information;

(e)           prevent the processing of your personal information for direct-marketing purposes;

(f)            provide your personal information to a third party provider of services;

(g)           provide you with a copy of any personal information which we hold about you; or

(h)           consider any valid objections which you have to our use of your personal information.

11.2        We will consider all such requests and provide our response within a reasonable period (and in any event any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.

11.3        If an exception applies, we will tell you this when responding to your request.  We may request you provide us with information necessary to confirm your identity before responding to any request you make.

12.          Comments and questions

12.1        If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact Liz Kane, Head of Compliance (020 3869 6900 or liz.kane@broadstone.co.uk) We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

12.2        You may also make a complaint to the data protection authority in the European Union country where we are based or where we process personal information that relates to offering services to you in the European Union.  In the UK, the relevant supervisory authority is the Information Commissioner’s Office (‘ICO’). Information on how to lodge a complaint can be found on the ICO’s website https://ico.org.uk/concerns/.  Alternatively you may seek a remedy through local courts if you believe your rights have been breached.

Would you like to speak with one of our experts

Contact Details

55 Baker Street
London, W1U 8EW
United Kingdom

Follow Us