Your rights, your information and how we use it

AC is committed to protecting your personal information.

Our Privacy Policy contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.

We may need to make changes to our Privacy Policy, so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed, we will contact you to let you know.

This version of our Privacy Policy was last updated April 5^th 2018.

Who we are

Aberdein Considine & Company is a Partnership established under the Law of Scotland with a Head Office situated at 5 - 9 Bon Accord Crescent. Aberdeen, AB11 6DN and having a place of business inter alia at 30 Cloth Market, Newcastle upon Tyne, NE1 1EE.

We are members of and authorised by the Law Society of Scotland. A list of the Partners of the Firm is available on request. A list of the Partners of the Firm is also displayed at Head Office situated at 5 - 9 Bon Accord Crescent, Aberdeen, AB11 6DN and at 30 Cloth Market, Newcastle upon Tyne, NE1 1EE aforesaid.

We abide by the professional practice standards set forth in the Standards of Conduct of Practice Rules for Solicitors laid down by the Law Society of Scotland. The standard of Conduct Practice Rules may be inspected by accessing the Law Society of Scotland website - www.lawscot.org.uk

We are authorised and regulated by the Solicitors Regulation Authority (SRA) which is the regulatory body of solicitors practicing in England and Wales. Our Registration Number is 628245.

We are authorised and regulated by the Financial Conduct Authority (FCA), 12 Endeavour Square, Stratford, London, E20 1JN. Our Financial Services Registers number is 142693. Our permitted business is advising on and arranging pensions, savings and investment products, non-investment insurance contracts and mortgages. You can check this on the Financial Services Register by visiting the FCA's website www.fca.org.uk/firms/systems- reporting/register or by contacting the FCA on 0800 111 6768.

How to contact us

If you have any questions about our Privacy Policy or the information we collect or use about you, please contact:

FAO Data Protection Officer

Aberdein Considine & Company

5-9 Bon Accord Crescent

Aberdeen

AB11 6DN

Email: DPO@acandco.com

Information we collect and use

Our Privacy Policy, which applies to this website (www.acandco.com) operated by AC, explains how and why we collect personal information about you. We are committed to responsible management of personal information in accordance with the EU General Data Protection regulations and Data Protection Bill 2017 ( http://www.gov.uk/government/collections/data-protection-bill-2017 ) and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

In order to receive certain information and to use certain services on this site, you will be asked to provide personal information about yourself such as your name, address and email address. When you provide this information to us, you consent to our use of that information in accordance with the terms of this Privacy Policy. This information will be used to provide you with the services that you have requested and to provide you with news and information about our products and services. AC, as well as its business partners and its service companies may use your personal information together with other information for providing legal services, credit checks, money laundering, marketing, administration and training and AC may disclose information to our service providers and agents for these purposes. If you no longer want to receive such information just let us know by emailing us at DPO@acandco.com and we will stop sending it.

Information about you that we collect and use includes:

• Information about who you are - eg your name, date of birth and contact details
• Information connected to your product or services with us - eg your bank account details
• Information about your contact with us -eg meetings, phone calls, emails/letters
• Information that is automatically collected - eg via cookies when you visit one of our websites
• Information if you visit one of our offices - eg visual images collected via closed circuit televisions (CCTV)
• Information classified as 'sensitive' personal information - eg relating to your health, marital or civil partnership status. This information will only be collected and used where it's needed to provide the product or services you have requested or to comply with our legal obligations
• Information you may provide us about other people - eg joint applicants or proprietors or beneficiaries for products you have with us
• Information on children - eg where a child is named as a beneficiary in a Will or on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender)

We are committed to processing your data in a lawful, fair and transparent manner.

What are cookies?

Some websites use cookies which are text only strings of information that the website you are visiting transfers to the cookie file of the browser on your computer. Their purpose is to identify users and to enhance the user's experience by customising web pages. A cookie will usually contain the name of the domain from which the cookie has come, an expiry date for the cookie, and a value, which is usually a random generated unique number.

Use of Cookies on our site

The Website automatically gathers certain information such as IP addresses and the number and frequency of visitors to the Website and individual web pages. This is collected using cookies and is used by us for security and monitoring purposes, to manage the Website, to track usage, to improve the Website and to ensure the Website is as appealing to as many visitors as possible. Cookies are pieces of information that are stored by the browser on the hard drive of your computer. The Website also uses cookies to enable us to provide features such as remembering certain information about you and your preferences so that we and they can deliver targeted advertisements which will be of most interest to you. Cookies can be deleted from your hard drive or you can configure your web browser so that it rejects cookies. To learn more about cookies and how to reject them, visit www.aboutcookies.org.

Rejection of cookies will not prevent you from using most of the features on the Website. If you experience any problems having deleted cookies, you should contact the supplier of your web browser.

Where we collect your information

We may collect your personal information directly from you, from a variety of sources, including:

• an application form for a product or service
• phone conversation with us
• emails or letters you send to us
• meetings with one of our solicitors, estate agents, financial advisers or other member of staff
• registering for one of our events - eg retirement events, employment seminars
• participating in research surveys to help us understand you better and improve our products and services
• our online services such as websites, social media and mobile device application ('Apps')

If you have a financial adviser and/or are a member of your employer's pension scheme, the information we collect and use will most likely have been provided by them on your behalf.

We may also collect personal information on you from places such as business directories and other commercially or publicly available sources - eg to check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.

We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only where:

• you have given us your permission [consent] to send you information about products and services offered by us and/or selected third parties we have chosen to work with which we believe may be of interest and benefit to you
• it's necessary to provide the product or service you have requested - eg if you wish to invest in one of our mortgage, pension or savings products, if you wish to market your property through us we will require some personal information including your name, address, date of birth, bank account details
• it's necessary for us to meet our legal or regulatory obligations - eg to send you Annual Statements, tell you about changes to Terms and Conditions or for the detection and prevention of fraud and anti-money laundering
• it's in the legitimate interests of AC - eg to deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product, investment or services; where we need to process your information to better understand you and your needs so we can send you more relevant communications about the business and products you have with us and to develop new products and services; where we use artificial intelligence or computer algorithms to improve the products and services offered to you
• it's in the legitimate interests of a third party - eg sharing information with your employer's adviser for the governance of a pension scheme of which you are a member
• If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our products and services.
• We sometimes use systems to make automated decisions based on personal information we have - or are allowed to collect and use from others - about you. These automated decisions can affect the types of business, products, services or features we offer you now or in the future. We use automated decisions in the following ways:
• tailoring products and services - eg placing you in groups with similar clients to make decisions about the types of business, products and services we may offer you to help meet your needs
• when designing and enhancing our online services to help meet your requirements for ongoing guidance and support
• We also use technologies, such as the Facebook Pixel, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners.

Who we may share your information with

We may share your information with third parties for the reasons outlined in 'What we collect and use your information for'

These third parties include:

• departments within AC
• your adviser or employer
• companies we have chosen to support us in the delivery of the products and services we offer to you and other clients - eg research, consultancy or technology companies; or companies who can help us in our contact with you, for example an internet service provider
• our regulators and any Supervisory Authority - eg the Law Society of Scotland, the Solicitors Regulatory Authority (SRA), the Financial Conduct Authority (FCA), the Information Commissioner's Office for the UK (the ICO)
• law enforcement, credit and identity check agencies for the prevention and detection of crime. More information about TransUnion’s activities are available at https://www.transunion.co.uk/legal-information/bureau-privacy-notice
• HM Revenue & Customs (HMRC) or the National Crime Agency (NCA) - eg for the processing of tax relief on pension payments or the prevention of tax avoidance
• We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.

Where information is processed

The majority of your information is processed in the UK and European Economic Area (EEA)

How we protect your information

We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.

Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.

Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.

How long we keep your information

We will keep your personal information only where it is necessary to provide you with our products or services while you are a client.

We may also keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.

Your individual rights

You have several rights in relation to how AC uses your information. They are:

Right to be informed

You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with - we do this in this Privacy Policy and any privacy notices.

Right of access

You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a Data Subject Access Request (DSAR).

Right to request that your personal information be rectified

If your personal information is inaccurate or incomplete, you can request that it is corrected.

Right to erasure

You can ask for your information to be deleted or removed if there is not a compelling reason for AC to continue to have it.

Right to restrict processing

You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information - but only to ensure we don't use it in the future for those reasons you have restricted.

Right to data portability

You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example if you were transferring your business to another Firm or if you were moving your pension to another pension provider.

Right to object

You can object to AC processing your personal information where it's based on our legitimate interests (including profiling), for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.

Rights related to automatic decision making including profiling

You have the right to ask AC to:

• give you information about its processing of your personal information
• request human intervention or challenge a decision where processing is done solely by automated processes
• carry out regular checks to make sure that our automated decision making and profiling processes are working as they should

How to make a complaint

We will always strive to collect, use and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in our Privacy Policy, please raise your concerns in writing with our Client Relations Partner (Scotland) Robert Fraser, 420-424 Union Street, Aberdeen, AB10 1TQ; our Client Relations Partner (England) Thomas Lillie, 30 Cloth Market, Newcastle, NE1 1EE or our Financial Services Director, Allan Gardner, 5-9 Bon Accord Crescent, Aberdeen, AB11 6DN

Your complaint will be acknowledged within five working days and normally, after a full investigation, you will receive a detailed response within a further ten working days.