Client Privacy Notice

Privacy & your data

  • In order to provide appropriate and high quality advice we will collect and store information about you (your data).
  • We keep your data safe, and we do not share it outside Money Advice Plus except with your consent, (eg to write a letter on your behalf) except in certain limited circumstances (eg. Serious concerns about your safety).
  • We will store your data for 7 years after we have finished working with you, and after this, it is securely destroyed.
  • Some of the information that we need to keep on people’s files includes sensitive personal data, including information about health conditions, and other personal information which is relevant to the advice and support services which we provide and sometimes required by our funders for anonymised reports.
  • If you have any questions or concerns about the way we keep or use your information, please ask your Money Advice Plus worker. You have a right to see information about you that we hold.
Information about sharing personal data

More information about your circumstances, for example mental health problems or other difficulties can help us to work with you better. If you tell us about specific needs which you have, we will record the information on your file and will check with you how we can tailor our service to accommodate any needs. You can be confident that we will not share this information without explicit consent from you to do so.

More information about data we collect and how we use and store it is on the following pages. If you would like your worker to go through this with you, or if you have any questions, then please ask.

More information about Data Protection

Data controller

Money Advice Plus keeps your personal data in our offices and databases. The Data Protection Officer is Andrea Finch and she can be contacted on our usual number.

Client data

This information applies to any client of Money Advice Plus. Where we have received data relating to an individual who does not become a client (for example, a referral where the person referred declines an appointment), we keep the data for as long as is required to track the progress of the referral and provide feedback to the referrer, where appropriate.

Processing your data

Personal Data is used to provide non identifiable reports internally for Money Advice Plus; for example, monitoring to check that we are providing a service that is accessible to all sections of our community. Personal data is used to provide reports and is part of our funding agreement with Citizen Advice and the Money and Pension Service. It is a requirement that our work is checked for quality and accuracy and this means a small number of cases are looked at in full. If a case is selected, data is shared for this purpose only and then will be deleted. It will not be retained by the organisation conducting the audit. If you want more information, please ask your adviser.

You have been asked separately whether you consent to being contacted by the funder for research purposes. If you change your mind over this then please speak to your adviser.

Categories of data

Much of the data that we hold is necessary to enable us to provide a full advice service relevant to the individual circumstances of each client. We need to retain this after the end of our work with an individual so that we can check the accuracy and quality of advice given and in case we are contacted with any questions or complaints after the end of our work. This is in line with recommended advice sector best practice.

There is also a small amount of data which we collect and hold solely because we are required to report about it. This data is collected separately on an equal opportunities monitoring form and clients are given the option to withhold all or any of this information without it affecting the service we provide.

Each year we review what categories of data we collect and hold on our database and check that it is still required for a good reason.

Anonymising data

We are mindful that 2 pieces of data that alone do not identify a client may do so when pieced together; for example, if a client’s postcode is shared together with details of their medical condition. The Data Controller checks report formats to ensure that client confidentiality will not be breached by reporting and that data cannot be pieced together in this way.

Sources of data

Most data is provided directly by clients. Some data is provided at the point of referral by a third party. We ask referrers to satisfy themselves that they have gained consent to share data with us.

Data transfers

Personal data is never transferred from Money Advice Plus without explicit consent for information sharing from a client and without it being necessary to do so in the course of our work.  For example, with your permission we might send information required to make a referral to another agency. In specific circumstances we might send data without consent, such as where there is a safeguarding concern (see our confidentiality policy).

Data is never transferred outside the EU.

On occasion we may contract outside agencies to process data on our behalf. We may also share data with our database support service for the purpose of identifying systemic faults in the database. We follow our confidentiality policy and before data is shared for either of these purposes we must be satisfied that the outside agency has arrangements to securely store the data and dispose of it properly as soon as the work is completed.

Retention of data

In accordance with recommended advice industry best practice, all data is stored for 7 years after the end of our work with a client, except those kept longer (see below).

The following are stored for 14 years:

  • All cases at closure where there has been a complaint, or a case involving significant corrective action
  • During the 7 year storage period, when a client or representative contacts us with a significant question or complaint
  • When cases are identified by casework supervisors as concerning unusual or novel points of law, at the point of closure, or when checking closed files
  • When a client dies and we have been unable to contact any next of kin, and we are left holding a residual estate

Clients are advised of the storage period and how to access their closed files during that time in the closing letter.

Date Protection – Your Rights

You have a right to withhold data

When we collect data, normally it is required for the provision of good advice and we only tell you if we are asking for monitoring or reporting purposes. If you can withhold data without it affecting the advice we can give, we will tell you. If by withholding data you limit the service we are able to provide, we will also explain how our service is limited, e.g. if you do not want to tell us your earnings then we will not be able to do a benefits check.

Some data is required so that we can provide a service, e.g. where we are funded to work with people living in Brighton & Hove then we will be required to satisfy ourselves of a client’s address, and we will not be able to provide a service without this information.

Where a client wishes to remain anonymous and/or not to have their personal data stored, we will always seek to accommodate this, but it may not always be possible for us to provide a service in these circumstances.

You have a right to be forgotten

When you have agreed to Money Advice Plus storing and processing your data, you can withdraw this consent. You should do this in writing to the Data Controller (see above). If you withdraw consent then this may affect our ability to continue working with you (see above). We may have to close your case, if it is not already closed. We will keep records of the work we have done and we will need to retain these records in case you later have a complaint about advice received, and for the purpose of checking the accuracy and quality of advice given. This means that we cannot erase all of the personal data that we hold, but any data that has been collected solely for monitoring and reporting purposes may be erased.

You have a right to see all the data about you that we hold

You should request this in writing to the Data Controller, specifying an address to which we can post the data, or specifying if you require the information emailed in an electronic format. Information will be provided at the latest within one month of receipt. If requests for data are repetitive or otherwise excessive, then we will follow Guidance from UK Data Protection Act 2018 and General Data Protection Regulations.

You have a right to correct data if we have got it wrong

You should address requests for correction to the Data Controller.

Your right to restrict processing of personal data

If you object to our legitimate processing of data, please speak with the Data Protection Officer. Most of our funding is conditional on our providing reports to the funders, which necessitates the processing of personal data. It is not normally possible for us to continue providing a service to a client who wishes to opt out of data processing.

Find out all you need to know when you use our services or contact us

See all policies