Privacy notice

This notice applies to Standard Life Savings Ltd and Elevate Portfolio Services, both part of abrdn plc.

abrdn plc is committed to protecting your personal information.

This Privacy Notice explains what personal information is collected and used, for any customer investing via our wrap, Fundzone or Elevate platform. The controllers of this personal information are Standard Life Savings Ltd (‘SLSL’) and Elevate Portfolio Services Ltd (‘EPSL’); both part of abrdn plc. For the purposes of this privacy notice, reference to ‘we’, ‘us’, ‘our’ means SLSL and EPSL.

This Privacy Notice contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.

We may need to make changes to our Privacy Notice; so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed; we will contact you to let you know.

Our Cookie Policy forms part of our Privacy Notice. When you browse our websites we use cookies to store information about how you use these websites in order to improve the quality of service provided to you. To understand what type of cookies we use and how these work when you use our websites read our Cookie Policy.

This version of our Privacy Notice was last updated on 6 February 2023.

How to contact us

If you have any questions about our Privacy Notice or the information we collect or use about you, please contact:

FAO: Data Protection Officer
abrdn plc
1 George Street
Edinburgh
EH2 2LL

Email: DPOffice@abrdn.com

This Privacy Notice includes the following sections

Information about who you are e.g. your name, date of birth and contact details
Information connected to your product or service with us e.g. your bank account details
Information about your contact with us e.g. meetings, phone calls, emails / letters
Information that is automatically collected e.g. via cookies when you visit one of our websites
Information to allow you to access our online services e.g. username and email address
Information if you visit one of our offices e.g. visual images collected via closed circuit television (CCTV)
Information you may provide us about other people e.g. joint applicants or beneficiaries for products you have with us
Information classified as special category data (‘sensitive’ personal information) e.g. relating to your health, gender or partner. Where we collect and use sensitive personal information, as defined by data protection laws, this information will only be collected and used where it’s needed to provide the product or service you have requested or to comply with our legal obligations, and where we have also obtained your explicit consent to process such information.

We may collect your personal information directly from you, from a variety of sources, including:

An application form for a platform account
Phone conversations with us
Emails or letters you send to us
Registering for one of our events e.g. retirement roadshows
Participating in research surveys to help us understand you better and improve our products and services
Our online services such as websites, our platforms, and through our social media (if you engage with our marketing campaigns).

If you have a financial adviser or a discretionary investment manager, the information we collect and use will most likely have been provided by them on your behalf.

We may also collect personal information on you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to locate alternative contact information if we are unable to contact you directly.

We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only if are able to satisfy one of the lawful processing conditions set out in the data protection laws.

This will be the case where:

You have given us your permission (consent) to use your information. For example, to send you information about products and services offered by other parts of abrdn plc and / or selected third parties, who we have chosen to work with which we believe may be of interest and benefit to you
You can withdraw your consent at any time by emailing DPOffice@abrdn.com
It’s necessary to provide the product or service you have requested e.g. if you wish to invest in one of our pension or savings products, we will require some personal information including your name, address, date of birth, bank account details
It’s necessary for us to meet our legal or regulatory obligations e.g. to send you Annual Statements, tell you about changes to Terms and Conditions or for the detection and prevention of fraud
It’s in the legitimate interests of abrdn i.e.

To deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product or investment
Where we need to process your information to better understand you and your needs so we can send you more relevant communications about the products you have with us
To develop new products and services
To conduct research and collate management information to improve the products and services we offer.

Where the processing is in our legitimate interests or those of a third party, we will always conduct an assessment to ensure that this use of your personal information is not excessive or unnecessary or otherwise more intrusive than it needs to be.

We sometimes use systems to make automated decisions based on personal information we have - or are allowed to collect and use from others - about you. These automated decisions can affect the products, services or features we offer you now or in the future. We use automated decisions in the following ways:

Tailoring products and services e.g. placing you in groups with similar customers to make decisions about the products and services we may offer you to help meet your needs
When designing and enhancing our online services and tools for use by your adviser and / or discretionary investment manager to provide you with ongoing guidance and advice.

If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our products or services.

The majority of your information is processed in the UK or European Economic Area (EEA).

However, some of your information may be processed by us, or the third parties we work with, in countries outside of the UK or the EEA, including countries such as the United States.

Where your information is being processed outside of the UK or the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK or EEA Data Protection Laws e.g. we will put in place legal agreements with third parties and abrdn affiliates with ongoing oversight to ensure they meet their obligations.

We may share your information with third parties for the reasons outlined in 'Why we collect and use your information'.

We may share your information with:

Companies within abrdn plc who support in the provision of the product or service you have with us
Credit and identity check agencies for ID verification and credit reference checks
Your adviser or discretionary investment manager where this is required as part of the product or service you have agreed with us
Companies within abrdn plc and/or our selected partners for their marketing purposes only where you have provided prior appropriate consent
Companies we have chosen to support us in the delivery of the products and services we offer to you and other customers e.g. research, consultancy or technology companies; or companies who can help us in our contact with you, for example companies who help us validate mailing addresses
Our regulators; including the Financial Conduct Authority (FCA and the Information Commissioner's Office for the UK (the ICO)
Law enforcement and other appointed agencies who support us (or where they request the information) in the prevention and detection of crime
HM Revenue & Customs (HMRC) for the processing of tax relief on pension payments or the prevention of tax avoidance
Social media companies such as Facebook and LinkedIn, so they can display messages to you and others about our products and services, or make sure you are not sent information which is not relevant to you personally (for example, if you already have the abrdn product we want to advertise).

Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.

We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations. An example of this is that Internal and external audit and specialist third party consultants conduct regular, independent assurance and benchmarking exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.

Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.

Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.

To provide your product and meet our legal and regulatory obligations, we keep your personal information and copies of records we create (e.g. calls with us) while you have a relationship with us.

Even when you no longer have a relationship with us, we are required to keep information for different legal and regulatory reasons. The length of time will vary and we regularly review our retention periods to make sure they comply with all laws and regulations: typically, we will be required to retain your personal information for a minimum of 7 years after our relationship has ended.

You have a number of rights under data protection laws which may be exercised in certain circumstances.

These are:

Right to be informed about how and why we are processing your personal information

You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with - we do this in our Privacy Notice and on our websites and platforms.

Right of access to personal information relating to you

You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR) by contacting Platform-DSAR@abrdn.com or in writing/email to the Data Protection Officer (see How to Contact Us section).

Right to request rectification of inaccurate or incomplete personal information

If your personal information is inaccurate or incomplete, you can request that it is corrected.

Right to request erasure of your personal information

You can ask for your information to be deleted or removed if there is not a compelling reason for abrdn to continue to have it.

Right to restrict processing of your personal information

You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.

Right to data portability

You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.

Right to object to processing of your personal information

You can object to abrdn processing your personal information where: it’s based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.

Right to not be subject to automated decision making including profiling

You have the right to ask abrdn to:

give you information about its processing of your personal information
request human intervention or challenge a decision where processing is done solely by automated processes
carry out regular checks to make sure that our automated decision making and profiling processes are working as they should.

More information can be found on your rights here https://ico.org.uk/for-the-public/

If you want to talk to us about any of the individual rights, please contact us at our Data Protection Officer’s address.

We will always strive to collect, use and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in our Privacy Notice, please let us know immediately and we will do our utmost to make things right.

Please contact us at:

FAO Data Protection Officer
abrdn,
1 George Street,
Edinburgh,
EH2 2LL

Email: DPOffice@abrdn.com

While we hope that we can resolve any complaints for you, you do have the option to complain to the ICO (whether or not you have exhausted our complaints procedure). Their contact details are as follows:

Website: www.ico.org.uk

Postal address:

Information Commissioner’s Office, Wycliffe House,
Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.