The Money Advice Trust “The Trust” is a charity founded in 1991 to help people across the UK tackle their debts and manage their money with confidence. The Trust’s main activities are giving advice, supporting advisers and improving the UK’s money and debt environment.
We give advice and information to people concerned about their debts through our National Debtline service and the equivalent service to small businesses through our Business Debtline service. We support advisers by providing training through Wiseradviser. We use the intelligence and insight gained from these activities to improve the UK’s money and debt environment by contributing to policy developments and public debate around these issues.
The Trust is committed to good practice in the handling of personal data and careful compliance with the requirements of the Data Protection Act (2018).
The Trust is a “Data Controller”. This means that we are responsible for deciding how we hold and use personal information about you. The Trust looks after the information it holds about you and respects your privacy.
This privacy notice explains how we will treat your information, what your rights are, and how we will ensure that your data is kept safe, secure and in your control.
Please contact us if you require a copy of this privacy notice in writing.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We make sure that the information we hold is:
- as accurate as possible;
- we do not hold more information than we need; and
- we do not hold it longer than we need to.
Contacting us with questions about how we use your data
We have a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact DPO@MoneyAdvicetrust.org .
How we keep your data secure
The Trust is committed to good data management in order to protect people from harm. This means we take appropriate security precautions to prevent your information being lost, used or accessed in an unauthorised way, inappropriately altered or disclosed. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We regularly review our information collection, storage and processing practices, including physical security measures.
Registering on the site
We will collect the following personal information from you:
- name, a user name;
- email address, telephone number
- organisation details (name, postal address, telephone number)
- supervisor details (name, email address and telephone number)
- whether you are a member of the IMA – if you are, member number
- whether your organisation is funded by MaPS – if it is, project name
- your organisation’s FCA authorisation number
If you do not provide this information then we will not be able to provide you with the full range of services the Charity Site has to offer.
Whilst using e-learning resources on the Charity Site, we track your progress through the e-learning modules and record this information. This is a Wiseradviser requirement to allow us to know when you have completed e-learning modules.
This information will be used to:
- Administer your accounts with us
- Process orders or applications submitted by you
- Send you information by email about products and services
- Verify that the organisation you work or volunteer for is eligible to access Wiseradviser
- Carry out marketing analysis and make general improvements to the Charity Site
- Obtain your views or comments on the services we provide
We may disclose your personal data to the following:
- your employing organisation / membership organisation / charity partner agency (and their respective membership organisations);
- in the case of Face-to-Face Project (formerly the Financial Inclusion Fund Project) funded advisers, to the Money and Pension Service;
- on request for details of the user’s record of e-learning by your nominated supervisor. In this case we will forward a copy of your learning record;
- where specific learning is required in order to be granted a particular role e.g. to become a Debt Relief Order (DRO) Approved Intermediary. In this case we will send a list of the names of those who have met the requirements to the organisation granting the role. In the case of DROs this would be the Competent Authority;
- on enrolment in a face-to-face or virtual training event we will give the tutor the names of those enrolled to attend. This may also include the venue where the training is going to be held.
Should it become necessary for personal data to be shared with other third parties in the future, we will update this privacy statement to reflect the change.
Collated, anonymous data (such as number of advisers attending training courses) is shared within the Trust’s partner agencies (and their respective membership organisations), funders and government. This is to enable us to evaluate the effectiveness of the learning that we provide and to demonstrate demand and take-up of services.
Use of discussion forums or chat rooms
Wiseradviser includes discussion forums in which you can post information. Any information that you post in these areas becomes public information and you should always be careful when deciding to disclose your personal details as part of that information.
If you sign up to our newsletter, we will retain this information. This will not be sent to any other organisation. Should you wish to be removed from the newsletter/s at any point please either unsubscribe from the link in the most recent newsletter, or contact us using firstname.lastname@example.org.
If you contact us to enquire further about our services, we will retain this information only for as long as is necessary. This will not be provided to any other organisation and will only be used for the purposes in which we have told you it shall be used. Once dealt with, and the purpose no longer applies, emails will be deleted. If there is a legal or business reason to retain these emails, then a clearly defined retention time will be agreed after which time the emails will be deleted. You can contact us at any time to request your information to be removed.
Information automatically collected from your computer
When you visit the Wiseradviser website our web server automatically records your IP address. This IP address is not linked to any of your personal information. We use IP addresses to help us administer the site, to collect demographic information and to find out such things as how many people are visiting particular pages on our site.
Our website may also use a website recording service which may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. The information collected is stored and is used for aggregated and statistical reporting and is not shared with anybody else.
How will we use automatically collected information from your computer?
We will use some of this information in order to:
- carry out marketing analysis and make general improvements to our site;
- analyse how users are making use of the site; and
- obtain your views or comments on the information and advice we provide.
We may collect anonymous data which is shared with our partner agencies, funders and the government. This enables us to demonstrate demand and use of the site.
Your personal data rights
We do our best to be open and transparent about how we use your personal data and, where possible, give you choice over what data is held and how it is used.
The Data Protection Act (2018) sets out the rights you have over how organisations should treat an individual’s data. These are as follows. .
- Right to be informed
- Right of access
- Right to rectification
- Rights to object to, or restrict the use of your data
- Right to erasure
- Right to data portability
- Rights in relation to automated decision making and profiling
- Rights relating to direct marketing
Right to be informed
The Trust will ensure that all individuals understand why their data is being obtained, how it is being used and how they can access it. We shall provide this information in a manner that is concise, transparent, intelligible and easily accessible. This information is provided for all ways in which you may communicate with us.
Right of access
You have the right to find out what personal data we hold about you, and to receive a copy of that data. This is commonly known as a ‘Data Subject Access Request’. Please refer to the subject access request section below if you want further information on how to access your data. We will always ensure that you can access your data quickly and easily.
Right to rectification
In order to provide advice that is comprehensive, accurate and tailored to the circumstances of each person that we help, the Trust wishes to hold accurate data about you. If you believe that your personal data is inaccurate or incomplete then we will ensure that this is rectified. If the Trust has disclosed the personal data in question to third parties it will inform them of the rectification where possible.
Rights to object to, and restrict the use of your data
You can withdraw your consent at any time if you object to or wish to restrict any processing of your data. However, this does not affect the lawfulness of any processing carried out before you notify us that you have withdrawn your consent.
We have no obligation to stop using your data if your data is required for legal proceedings or the establishment, exercise or defence of legal rights.
Right to erasure
The Trust wants you to be comfortable about the data that we hold about you. Therefore, you have a right to have your personal data deleted in the following circumstances:
- you gave us consent to process your data but have now changed your mind.
- you object to the use of your data and we have no overriding reason to keep it.
- we no longer need your data for the original reason is was collected for.
- we have collected your data unlawfully; or.
- you successfully object to its processing.
The Trust can refuse to comply with your request for deletion of your data only in certain limited circumstances.
Records held on the Wiseradviser site will be held for up to three years. This is to ensure that you are able to access records of training courses completed with us. Should you wish for this data to be removed, then you just need to contact us.
Right to data portability
Should you wish for your data to be provided to you in a machine readable format (e.g. CSV file) so that another organisation can process this data, then the Trust will facilitate this where possible. Please contact the DPO@moneyadvicetrust.org.uk for more information.
Rights in relation to automated decision making and profiling
The Trust does not used automated decision making in any of its processes.
Rights relating to direct marketing
The Trust only uses personal data for direct marketing in the following instances:
- Stakeholder contact details for email marketing to promote our commercial Training and Consultancy services.
- Contact details for advisers for email marketing to promote our (free) Wiseradviser courses.
Permission will be obtained when the contact details are provided together with details of how your details will be processed. The Trust must stop processing personal data for direct marketing purposes as soon as it receives an objection. There are no exemptions or grounds to refuse. The request must be dealt with immediately and be free of charge.
Transferring your information outside of Europe
We do not routinely transfer personal information we collect outside of the European Economic Area (EEA). However, in the event that we needed to, we would ensure that your personal information was adequately protected. We will put in place protective measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respect the UK and EU laws on data protection.
How secure is my information with third-party service providers?
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. A data sharing agreement that sets out how we expect third parties to handle any data we share with them is required to be in place before we share any data. Ongoing checks are carried out on these arrangements at regular intervals.
Appropriate specific protective measures include for example, model clauses in data sharing contracts and ongoing security assessments. If you require further information about these measures you can request it from DPO@moneyadvicetrust.org.uk.
How to make a subject access request
You can make a subject access request by calling us or by email to: DPO@moneyadvicetrust.org.uk.
In order to make a valid subject access request the following information must be provided.
- Personal details: your name, address, date of birth and any previous addresses detailed on the record.
- Proof of identity: two forms of identification will be required. One of these must be something like a driving license, passport or birth certificate (see request form for a full list), and the other, a form of address verification dated in the last 3 months (see the request form for acceptable forms of ID).
- Representative details: only applicable if you are applying for a subject access request on behalf of someone else.
Wiseradviser will comply with requests for access to personal information as quickly as possible but will ensure that the information is provided within one month, as required by the Data Protection Act.
Is there a fee?
There is no fee for a subject access request. However, we can charge a ‘reasonable’ fee when a request is excessive or particularly repetitive.
What happens if some of the information we hold is incorrect?
You are entitled to have your personal data rectified if it is inaccurate or incomplete. We will respond to any requests for rectification within one month. This can be extended to two months where the request for rectification is complex. If we decide not to take any action to rectify the data we will explain why and inform you of your right to complain to the Information Commissioner’s Office (ICO).
You also have a right to request deletion or removal of your personal data where there is no compelling reason for its continued processing.
- Where the personal data is no longer accurate or when you withdraw your consent.
- When you object to the processing and there is no overriding legitimate interest for continuing to process it.
- The personal data was unlawfully processed.
- The data has to be erased in order to comply with a legal obligation.
What if I want to complain?
If you are unhappy with the way the subject access request has been handled or how your personal data has been handled, you can make a formal complaint. Please refer to our Complaints Policy.
If you are still dissatisfied with the outcome of your complaint after following our process then you can lodge a complaint with the ICO who will investigate the matter.
For more information on data protection and subject access request, please visit www.ico.org.uk.