Authorised User Terms and Conditions

This document (version 2.0.1) was updated on 30/04/2018.

These Authorised User Terms and Conditions of use shall apply to all Authorised Users of Dynamic Planner and other Distribution Technology Limited services.

We reserve the right to amend these Authorised User Terms and Conditions of use from time to time. The website will provide the most current version, which can be found at https://legal.distribution-technology.com/terms/

  1. 1. Parties
    1. 1.1 In these Authorised User Terms and Conditions, “DT”, “we”, “our” and “us” means Distribution Technology Limited (Company no: 4741529) of Sovereign House, Vastern Road, Reading, Berkshire, RG1 8BT.
    2. 1.2 “You” means the Authorised User using the Services.
    3. 1.3 These Authorised User Terms and Conditions sets out the terms on which we will provide the Services to you.
  2. 2. Definitions
    1. 2.1 In these Authorised User Terms and Conditions, unless inconsistent with the context or otherwise specified, the following expressions shall have the following meanings:

      “Adviser” An Authorised User who is an individual or firm identified to the Customer to the extent necessary and to the Regulatory Authorities as the provider of any Financial Advice;

      “Aggregated Data” Information that is recorded pursuant to these Authorised User Terms and Conditions about Authorised Users which is collected into groups so that it no longer reflects or references an individually identifiable Authorised User or is capable of being reconstituted into Customer Data;

      “Applicable Regulations” FSMA, the Money Laundering Regulations 2007 (and all other legislation relating to the handling of the proceeds of crime together with the Guidance Notes for the Financial Sector issued by the Joint Steering Group and any other relevant regulations or guidance issued by any other Regulatory Authority or industry body), the Data Protection Legislation, rules promulgated by any Regulatory Authority and any other law, regulation or code applicable in the context to the person concerned and any lawful mandatory requirements of any Regulatory Authority, court or tribunal;

      “Authorised User” The user of the Services who may be an Adviser or a Customer;

      “Authorised User Terms and Conditions” These terms and conditions as amended from time to time;

      “Customer Access Licence” The licence required in order for a Customer to use the Services, subject to the terms and conditions set out in these Authorised User Terms and Conditions;

      “Customer Data” Any information held by us in connection with these Authorised User Terms and Conditions which relates to Customers which does not fall within the definition of Personal Data. Customer Data excludes Aggregated Data;

      “Customer” Any person who is a purchaser or potential purchaser of a financial product or financial planning service from an Adviser;

      “Data feed” Data and information provided on the number, value and description of financial arrangements;

      “Data Protection Legislation” the Data Protection Act 1998 (whilst in force), the General Data Protection Regulation (EU) 2016/679 (when applicable), the Data Protection Bill (once enacted into English law), and all laws and regulations applicable to the processing of Personal Data under or in relation to the Terms and Conditions as replaced, re-enacted, consolidated, extended, revised or amended from time to time, all subordinate legislation enacted thereunder and any guidance issued by the Information Commissioner’s Office or any successor;

      “Dynamic Planner WealthConnect®” Provides electronic integrations to Product Providers and Partner platforms utilising the data captured within Dynamic Planner;

      “Fees” The fees to be paid in consideration for access to the Services;

      “Financial Advice” Advice provided by Advisers to Customers regarding the cost, value, and suitability of the purchase of Financial Products or any regulated activity pursuant to FSMA;

      “Financial Products” Financial services and products offered for sale or any regulated investment pursuant to FSMA;

      “FSMA” The Financial Services and Markets Act 2000 as replaced, re-enacted, consolidated, extended, revised or amended from time to time and all subordinate legislation enacted thereunder;

      “Investment Platform” Third party entities that are engaged in the businesses of providing a trading and administration platform to facilitate the sale and purchase of Financial Products;

      “IPR” All intellectual property rights anywhere in the world, including, without limitation, an invention, patent, design or utility model rights, any copyright and related rights and trademarks, service marks, database rights, topography rights, commercial or confidential information, know how or trade secrets and any other rights of a similar nature which may now or in the future subsist anywhere in the world, in each case whether registered or unregistered and the right to apply for any of them;

      “Partners” The Product Provider(s) and Investment Platform(s) whose systems are licensed to be integrated with the DT System and as updated in writing between the Parties from time to time;

      “Personal Data”, “Data Subject”, “Controller”, “Processor” and “Process” shall be interpreted in accordance with applicable Data Protection Legislation;

      “Personal Data Breach” means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data;

      “Partner Platform” The Partners platform which is integrated with the DT System;

      “Product Provider” Third party entities whose businesses are engaged with the provision and administration of one or more Financial Products;

      “Professional User Licence” The licence required in order for an Adviser to use the Services, subject to the terms of these Authorised User Terms and Conditions;

      “Regulatory Authorities” The Financial Conduct Authority, and any other regulatory authority which, from time to time, has responsibility for regulating Advisers and/or any of their services or products;

      “Services” The services provided by us under these Authorised User Terms and Conditions, as more particularly detailed in any formal agreement between us and described on the Site from time to time, which includes the provision of information, education and analysis of individual’s financial circumstances (and including Valuation Services) and data provided by third parties, assemblers, applets, HTML, formatted files, modules, algorithms, compilers, source code, object code, data, user interfaces, icons and the "look and feel" of any of the foregoing, (whether in printed or electronic form) and all other material accessed via the Site as well as all updates, enhancements and modifications thereof and other associated services including but not limited to the Microsoft Outlook plugin;

      “Site” our website currently located at www.dynamicplanner.com

      “Trial” A period of time set by us during which an Authorised User may use the Services for the purposes of evaluating them;

      “Valuations” Valuation details of individual customers’ financial holdings where applicable (and made available) which certain third party providers have agreed to provide as part of the Services under these Authorised User Terms and Conditions;

      “Valuation Services” Data and information services including valuation details of individual customers’ financial holdings where applicable (and made available) which certain third party providers have agreed to provide as part of the Services under these Authorised User Terms and Conditions. We reserve the right to add and delete providers of the Valuation Service without notice.
  3. 3. Access to the services
    1. 3.1 Access to or use of the Services is strictly limited to Customers who have purchased a Customer Access Licence and to Advisers who hold a Professional User Licence (or those Authorised Users who have been granted a Trial by Distribution Technology).
    2. 3.2 By using the Services, you consent to be bound by the terms and conditions of these Authorised User Terms and Conditions. If you do not wish to be bound by these terms then you must not use the Services.
    3. 3.3 As from your acceptance of these Authorised User Terms and Conditions as an Adviser or a Customer, the payment of the Fee and an execution of a formal agreement which would incorporate these Authorised User Terms and Conditions, we shall provide the Services to you. You hereby acknowledge that you have authorised us (as authorisation is required under the Computer Misuse Act 1990 (as amended)) to provide the Services and you further acknowledge and accept that these Authorised User Terms and Conditions is not a Software Licence.
    4. 3.4 Access to the Services will be controlled by your password and username. You are responsible for the proper use of your password and username. You (and the firm to which you belong) will be entirely liable for all activities conducted under your password or username whether authorised by you or not.
    5. 3.5 Authorised Users may access and use the Services solely to gain information, education and analysis for the purposes of their business only and for no other purpose and may not authorise any third party to access the Service using their details or passwords without our prior written consent.
    6. 3.6 The Service is available to handheld mobile devices running Apple iOS. The Service may be upgraded from time to time to provide new functions and services. New versions may not be compatible with earlier versions of iOS and may not therefore function on older devices.
    7. 3.7 Access to Dynamic Planner is restricted to the nominated licence holders as may be specified in a separate formal agreement between us. Access by anyone who is not a licence holder will constitute a breach of these terms and conditions.
    8. 3.8 It is a condition of this licence, that all Advisers listed as CF30 accredited in a firm on the FCA Register at the time of licencing and all other non CF30’s who will access Dynamic Planner, be licensed as part of that firm’s licence except where agreed in writing between the parties.
  4. 4. Not Financial Advice
    1. 4.1 You acknowledge that we are not authorised by the Financial Conduct Authority to provide Financial Advice and you agree and acknowledge that the provision of the Services by us shall not be construed or interpreted to mean the provision of Financial Advice from us to you as an Authorised User.
    2. 4.2 Advisers are responsible for all Financial Advice provided to Customers. It is an Adviser’s responsibility to ensure that the Services provided by us meet their obligations as a provider of Financial Advice. We will not be responsible to the Authorised User, or to the Regulatory Authorities for any Financial Advice provided.
  5. 5. Service Provision
    1. 5.1 Services are provided on an ‘As Is’ basis with all faults and no guarantee of satisfactory quality, timeliness, performance or accuracy. You acknowledge that because of the nature of the Internet the services may not be accessible when needed and that information transmitted over the Internet may be subject to interception and modification by third parties. We disclaim to the fullest extent allowed by law any and all warranties express or implied, including but not limited to the quality, fitness for purpose, timeliness, accuracy or completeness of the Services.
    2. 5.2 We will use reasonable skill and care to provide the Services but we do not guarantee any service levels or that any given error or failure will be corrected in any given timeframe or at all. You acknowledge that all hardware, software and applications may contain errors.
    3. 5.3 The parties acknowledge and accept that the Valuation Services may be provided by third party providers in whole or in part and that we shall not be liable for any loss, damages, costs or expenses whatsoever incurred or sustained by you or by any Customer or Authorised User as a result of such third party input or dealings. In the event that you become aware of any inaccuracies or discrepancies in the Valuation Services or otherwise pursuant to these Authorised User Terms and Conditions you shall notify us as soon as reasonably practicable and we shall use our reasonable commercial efforts to resolve or rectify such inaccuracy or discrepancy.
    4. 5.4 We reserve the right at any time and from time to time to amend, improve, correct, discontinue, temporarily or permanently suspend the Services (or any part thereof) with or without notice and you agree that we will not be liable to you or any third party for any such modification, suspension or discontinuance. You should review the description of the Services on the Site from time to time.
    5. 5.5 You shall:
      1. (a) Not obtain or attempt to obtain access to or interfere with any programs or data of ours except as explicitly permitted by these Authorised User Terms and Conditions;
      2. (b) Not attempt to reverse-engineer, decompile, translate, disassemble or separate the components of the Services;
      3. (c) Ensure that the Customer Data will not contain anything which infringes third party rights, is libellous, indecent, obscene or defamatory or is in any way illegal;
      4. (d) Perform your obligations under these Authorised User Terms and Conditions with reasonable care and skill;
      5. (e) Except as is set out in these Authorised User Terms and Conditions or as is otherwise permitted by law you are strictly forbidden from using the Services in any circumstances, and without limitation, shall not sub-contract, sub-license or resell the Services;
      6. (f) Not disclose your access or log in details and password to any third party and shall notify us as soon as reasonably possibly in the event of any unauthorised disclosure (whether intentional or accidental) or such details.
  6. 6. Personal Data and Customer Data
    1. 6.1 If we process any Personal Data on your behalf, and/or on behalf of any Authorised User, then such processing will be carried out in accordance with the provisions of the Data Processing Addendum which is attached to, incorporated into, and forms part of these Authorised User Terms and Conditions. Authorised User shall indemnify and hold us harmless against any claims made against us as a result of us acting in accordance with the Authorised User’s documented instructions.
    2. 6.2 We shall acquire no rights or interest in the Customer Data other than as expressly set out elsewhere in these Authorised User Terms and Conditions or in our Privacy Policy.
    3. 6.3 We shall not be responsible for backing up or saving any Customer Data and the Authorised User shall ensure that it has saved all Customer Data.
    4. 6.4 We shall not share, disclose, sell, or make available to any third party the Customer Data without first receiving the written consent of the Adviser. For the avoidance of doubt, we may share, disclose, sell, or make available Aggregated Data to third parties.
    5. 6.5 On termination of any formal agreement between us we shall be permitted to retain and use an archival copy of the Customer Data in order to, and solely to the extent necessary to: (i) comply with any laws, rules, or regulations governing the matters set forth in these Authorised User Terms and Conditions on in any formal agreement between us, or (ii) defend against any claim arising from the provision of the Services.
  7. 7. Intellectual Property
    1. 7.1 All IPR in the Services shall remain vested in us or such other third party provider as provides content or information within the Services.
    2. 7.2 The Services may include third party information such as, but not limited to, fund information and Valuation Services. A reasonable number of copies of this information may be used and printed by Advisers in their normal course of business or by Customers in relation to an analysis of their own finances however, you are not permitted to:
      1. (a) Manipulate the information other than enabled by the Services;
      2. (b) Use any portion of the information as source material or factual content to create original content for publication;
      3. (c) Re-distribute any information to any third party (with the exception of Advisers to their Customers).
      4. (d) Reverse engineer the Services or access the information except via the Services.
      5. (e) Represent or give the impression that any third party (including Customers) can rely on us for any information provided.
    3. 7.3 We shall grant to you a non-exclusive right to access the Services via the Site for the term stipulated in any formal agreement between us. Said right of access shall be subject to you fulfilling, and continuing to fulfil all obligations set forth in these Authorised User Terms and Conditions.
  8. 8. Payments
    1. 8.1 The Authorised User shall pay the Fees to us (save where you are using the Services pursuant to any Trial authorised by us).
    2. 8.2 All sums payable are net of Value Added Tax or other taxes payable which shall where appropriate be additionally payable by the Authorised User at the prevailing rate.
    3. 8.3 All Fees and fee rates may be increased on an annual basis, effective on each anniversary of the date of any formal agreement between us, to reflect changes in the previous twelve (12) months in Retail Price Index (“RPI”).
    4. 8.4 Where the payment of any invoice or any part thereof is not made when due, we, without prejudice to our other rights hereunder or in law, shall be entitled to charge interest (before as well as after judgment) on the outstanding amount at the rate of 4% per annum above Barclays Bank base rate for the time being in force from the date payment becomes due to the date it is made.
    5. 8.5 Where the payment of fees is not made when due, we reserve the right to suspend your access to the Services until the fees (plus any accrued interest) are received in full. Fees will still be due during the period of suspended Services.
  9. 9. Term and Termination
    1. 9.1 Subject to any other formal agreement between the parties, these Authorised User Terms and Conditions shall continue until terminated either:
      1. (a) Through cancellation by you, after the initial term of twelve (12) months, with not less than three (3) months prior written notice; or
      2. (b) By us at any time with immediate effect by notice in writing.
    2. 9.2 The rights and obligations of the parties which expressly or by implication are intended to continue after termination of these Authorised User Terms and Conditions shall survive and continue to bind the parties, their successors and assigns.
  10. 10. Liability and Indemnity
    1. 10.1 Except as is set out in Clause 10.4 below, we shall not be responsible to you in connection with these Authorised User Terms and Conditions in contract, tort (including negligence) or otherwise for any loss of profit, loss of reputation and loss of anticipated savings, loss or corruption of data or information (whether direct or indirect) nor for any costs, expenses, damages and losses of an indirect or consequential nature, suffered or incurred by you arising out of or in connection with these Authorised User Terms and Conditions.
    2. 10.2 Subject to clause 10.4, our maximum liability under these Authorised User Terms and Conditions shall not exceed an amount equal to the Fee actually paid by the Authorised User in the month in which the liability was incurred.
    3. 10.3 10.3 You shall indemnify us against any losses, payments and/or claims brought against us arising from:
      1. (a) your breach of the Data Protection Legislation;
      2. (b) the provision of Financial Products or Financial Advice to Customers;
      3. (c) a breach by you of any of the Applicable Regulations in relation to the provision of the Services; or
      4. (d) information that you have provided to us or your misuse of the Services; except to the extent that such losses, payments or claims are directly attributable to our negligence or fraud.
    4. 10.4 Nothing in these Authorised User Terms and Conditions shall limit or exclude liability for any death or personal injury caused by negligence nor for fraud or any other liability which may not be properly limited or excluded under applicable law.
  11. 11. Wealth Connect
    1. 11.1 DT will not be responsible or liable for the completion of new business transactions or the accuracy of valuations received from Partners.
  12. 12. Force Majeure
    1. 12.1 Neither party shall be liable for any delay or failure to perform its obligations under these Authorised User Terms and Conditions (save for obligations to make payments) which is attributable to any acts, events, omissions or accidents beyond its reasonable control, including but not limited to acts of God, extreme adverse weather conditions or natural disaster, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, breaking off of diplomatic relations or similar actions, terrorist attack, civil war, civil commotion or riots, nuclear, chemical or biological contamination or sonic boom, compliance with any law, regulation or directive, fire, explosion or accidental damage, failure of plant machinery, machinery, computers or vehicles, any labour dispute, including (but not limited to) strikes, industrial action or lockouts, non-performance by suppliers or subcontractors and interruption or failure of utility or transport service.
  13. 13. Entire Agreement
    1. 13.1 These Authorised User Terms and Conditions (together with the documents referred to herein) contains the entire agreement and understanding of the parties and supersedes all prior agreements, understandings or arrangements (both oral and written) relating to the subject matter of these Authorised User Terms and Conditions.
  14. 14. Nature of Relationship
    1. 14.1 Nothing in these Authorised User Terms and Conditions shall create or be deemed to create a partnership between you and us and neither party shall have authority or power to bind the other or to contract in the name of or create liability against the other in any way or for any purpose save as expressly authorised by the other from time to time.
  15. 15. Severability
    1. 15.1 In the event that the whole or any part of the terms, conditions or provisions contained in theses Authorised User Terms and Conditions shall be determined invalid, unlawful or unenforceable to any extent then such term, condition or provision or part thereof shall be severed from the remaining terms, conditions and provisions which shall continue to be valid and enforceable to the fullest extent permitted by law.
  16. 16. Waiver
    1. 16.1 Any waiver or a breach of any of the terms of these Authorised User Terms and Conditions or any default hereunder shall not be deemed a waiver of any subsequent breach or default and shall in no way affect the other terms of these Authorised User Terms and Conditions.
    2. 16.2 No failure or delay in exercising any right, remedy, power or privilege of any party under these Authorised User Terms and Conditions and no course of dealing between the parties shall be construed or operate as a waiver thereof, nor shall any single or partial exercise of any right, remedy, power or privilege preclude any other or further exercise therefore or the exercise of any other right, remedy, power or privilege. The rights and remedies provided by these Authorised User Terms and Conditions are cumulative and are not exclusive of any rights or remedies provided by law.
  17. 17. Notices
    1. 17.1 Any notice or other communication to be given to us under these Authorised User Terms and Conditions should be sent to: Distribution Technology Limited, Sovereign House, Vastern Road, Reading, Berkshire, RG1 8BT.
  18. 18. Assignment
    1. 18.1 We may assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under these Authorised User Terms and Conditions without your prior written consent. Notwithstanding the foregoing, either party may assign these Authorised User Terms and Conditions in the case of merger, acquisition or sale of all, or substantially all, of the assigning party’s assets, stock or business. Subject to the foregoing, these Authorised User Terms and Conditions shall bind and inure to the benefit of the parties’ respective successors and permitted assigns.
  19. 19. Exclusion of third party rights
    1. 19.1 Unless expressly provided in these Authorised User Terms and Conditions, no term of this Authorised User Terms and Conditions is enforceable pursuant to the Contracts (Rights of Third Parties) Act 1999 by any person who is not a party to it.
  20. 20. Variation
    1. 20.1 We may vary these Authorised User Terms and Conditions at any time on giving you written notice, either by email, post or by posting the amended Authorised User Terms and Conditions on the Site. No variation of these Authorised User Terms and Conditions by you shall be valid unless signed by both parties.
  21. 21. Governing law
    1. 21.1 These Authorised User Terms and Conditions shall be governed by and construed in accordance with the laws of England and Wales.
    2. 21.2 The parties hereto hereby submit to the exclusive jurisdiction of the courts of England in relation to any claim, dispute or difference that may arise hereunder.

ADDENDUM: DATA PROCESSING

  1. 1. Definitions
    1. 1.1 In this Addendum the following terms shall have the following meanings:
      "Authorised User Terms and Conditions" means the Authorised User Terms and Conditions of use which apply to all Authorised Users of Dynamic Planner and other Distribution Technology Limited services, into which this Addendum is incorporated.
      "Customer Personal Data" means any Personal Data processed by us on your behalf under this Addendum.
      "Data Protection Legislation" as defined in the Authorised User Terms and Conditions.
      "Personal Data", "Data Subject", "Controller", "Processor" and "Process" shall be interpreted in accordance with applicable Data Protection Legislation.
      "Personal Data Breach" means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.
      "we", "our" and "us" means Distribution Technology Limited (Company no: 4741529) of Sovereign House, Vastern Road, Reading, Berkshire, RG1 8BT.
      "you" means the Authorised User using the Services (as defined in the Authorised User Terms and Conditions).
  2. 2. Obligations
    1. 2.1 Each party shall comply with its obligations under applicable Data Protection Legislation.
    2. 2.2 In the event that we Process Customer Personal Data under the Authorised User Terms and Conditions, the parties record their intention that we are the Processor and you are the Controller of such Personal Data. Annex 1 to this Addendum sets out the subject-matter and duration of the Processing of Customer Personal Data, the nature and purpose of the Processing, the type of Personal Data and the categories of Data Subjects. In the event of any change during the term of the Authorised User Terms and Conditions, the parties shall work together in good faith to amend Annex 1 by written agreement.
    3. 2.3 We shall Process Customer Personal Data only in accordance with your documented instructions, unless we are required to Process Customer Personal Data other than in accordance with your documented instructions by applicable European Union law provided that (unless prohibited by applicable European Union law) we shall notify you of such legal requirement before such Processing.
    4. 2.4 We shall not transfer Customer Personal Data outside of the European Economic Area without your prior documented consent and in compliance with the following conditions:
      1. 2.4.1 we or you have provided appropriate safeguards in relation to the transfer;
      2. 2.4.2 the Data Subject has enforceable rights and effective legal remedies; and
      3. 2.4.3 we comply with our obligations under Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred.
    5. 2.5 We shall ensure that individuals engaged in the Processing of Customer Personal Data under the Authorised User Terms and Conditions are subject to appropriate obligations of confidentiality in respect of such Personal Data.
    6. 2.6 We shall implement appropriate technical and organisational measures as set out in Annex 2 of this Addendum so as to ensure a level of security appropriate to the risk involved in Processing Customer Personal Data pursuant to the Authorised User Terms and Conditions.
    7. 2.7 Unless otherwise required by applicable law, following termination or expiry of the Authorised User Terms and Conditions we shall, at your option, delete or return all Customer Personal Data and all copies thereof to you.
    8. 2.8 You warrant and undertake that:
      1. 2.8.1 you shall not instruct us to Process Customer Personal Data where such Processing would be unlawful;
      2. 2.8.2 you shall have all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to us for the duration and purposes of this Addendum;
      3. 2.8.3 you have reviewed Annex 1 and it contains full and accurate details of “type of Personal Data” and “categories of Data Subject” to which the Authorised User Terms and Conditions relates; and
      4. 2.8.4 you have reviewed Annex 2 and consider such security measures appropriate in the context of the Processing of Customer Personal Data as anticipated by the Authorised User Terms and Conditions.
  3. 3. Sub Processors
    1. 3.1 We may engage such other Processors (“Sub Processors”) as we consider reasonably appropriate for the Processing of Customer Personal Data in accordance with the terms of the Authorised User Terms and Conditions (including in connection with support, maintenance, development and the use of third party data centres) provided that we shall notify you of the addition or replacement of such Sub Processors and you may, on reasonable grounds, object to a Sub Processor by notifying us in writing within 5 days of receipt of our notification, giving reasons for the your objection. The parties shall work together to reach agreement on the engagement of Sub Processors. The current list of Sub Processors is set out in Annex 1 to this Addendum.
    2. 3.2 We shall require all Sub Processors to enter into an agreement that is compatible with and of equivalent protective effect to this Addendum and we shall remain responsible and liable for Sub Processors’ acts and omissions.
  4. 4. Data Subject requests
    1. 4.1 In the event that any Data Subject exercises its rights under applicable Data Protection Legislation against you, we shall use reasonable commercial efforts, to assist you in fulfilling your obligations as Controller following your written request, provided that we may charge you on a time and materials basis in the event that we consider, in our reasonable discretion, that such assistance is onerous, complex, frequent or time consuming.
  5. 5. Personal Data Breach
    1. 5.1 Upon discovering a Personal Data Breach, we shall notify you as soon as reasonably practicable and shall assist you to the extent reasonably necessary in connection with notification to any applicable supervisory authority and Data Subjects, taking into account the nature of Processing and the information available to us.
  6. 6. Privacy Impact Assessment
    1. 6.1 In the event that you consider that the Processing of Personal Data performed pursuant to the Authorised User Terms and Conditions requires a privacy impact assessment to be undertaken, following written request from you, we shall use reasonable commercial endeavours to provide relevant information and assistance to you to facilitate such privacy impact assessment. We may charge you for such assistance on a time and materials basis.
  7. 7. Audit and amendment
    1. 7.1 Where requested by you, we shall make available all information necessary to demonstrate our compliance with this Addendum and shall contribute to audits of our premises and systems conducted by you or another auditor mandated by you.
    2. 7.2 We reserve the right to amend this Addendum on written notice to you if we consider it reasonably necessary as a result of any changes in law or practice relating to the protection or treatment of Personal Data.

Annex 1 - Details of Processing

Subject-matter of the Processing of Customer Personal Data:

Duration of the Processing of Customer Personal Data:

We have grouped types of Customer Personal Data as follows:

Nature of Processing Purpose of Processing Type of Personal Data Categories of Data Subject
We collect and store your identity and contact details Necessary for our legitimate interests:
  • To associate your Dynamic Planner account with yourself.
Identity
Contact
Existing users of Dynamic Planner.
Storing and analysing your Clients' Data Contractual obligation:
  • To provide the functions and features of Dynamic Planner we store and process the Clients' Data you provide (e.g. client fact finds and risk profile questionnaire responses).
Identity
Contact
Transaction Data
Technical Data
Profile Data
Usage Data
Existing users of Dynamic Planner, Clients of Dynamic Planner users.
Normal management of your account including: Contractual obligation:
  • Notifying you about changes to our terms or privacy policy.
  • Notifying you about changes to Our Product and services.
  • Manage payments, fees and charges.
  • Collect and recover money owed to us.

Necessary for our legitimate interests:
  • Asking you to leave a review or take a survey to help improve the products and services you licence from us.
Identity
Contact
Financial
Transaction
Existing users of Dynamic Planner, support contacts.
Contacting you regarding additional Dynamic Planner services that may be of interest to you Necessary for our legitimate interests:
  • To notify you about available goods or services which are available to you in line with your usage of Dynamic Planner.
Identity
Contact
Technical
Usage
Profile
Existing users of Dynamic Planner, support contacts.
Analysing usage patterns and trends for our products and services Necessary for our legitimate interests:
  • To define types of customers for our products and services.
  • To keep Our Product, services and websites updated and relevant.
  • To develop our business and to inform our marketing strategy.
Client data
Technical
Usage
Existing users of Dynamic Planner.
Error reporting and troubleshooting Contractual obligation:
  • To administer and protect our business, Our Product, and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
Client data
Identity
Contact
Profile
Existing users of Dynamic Planner, support contacts.
Aggregating data for MI reporting Contractual obligation:
  • To provide MI reporting functionality to users of Dynamic Planner.

Necessary for our legitimate interests:
  • To share aggregated non-personal usage, demographic and trend data with associated 3rd parties.
Client data
Identity
Contact
Profile
Existing users of Dynamic Planner, Clients of Dynamic Planner users.

Sub Processors

Our sub processors are (this list may be subject to change and you will notified as soon as practically possible):

Annex 2 - Security Standards

To protect your privacy and to provide you with a safe experience, we have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Data Protection Officer

We have appointed a Data Protection Officer (“DPO”) within our organisation who is responsible for overseeing these standards. If you have any questions about these standards, including any requests to exercise your legal rights, please contact our DPO:

FAO Data Protection Officer
Distribution Technology Ltd.
Sovereign House
Vastern Road
Reading
Berkshire
RG1 8BT

DPO@Distribution-Technology.com

Personnel

All our employees, contractors and suppliers are vetted and referenced prior to accessing our systems. We use the services of Experian to carry out appropriate background checks such as criminal records and adverse credit. All personnel are under formal contracts that include a strict non-disclosure agreement. All staff undergo appropriate technical and security awareness training.

Access Controls

We limit access to your Personal Data to those employees, contractors and other third parties on a need to know business basis. Such persons are bound by strict contractual obligations of confidentiality and will only Process your Personal Data on our instructions. Physical access to our systems is limited to authorised ISO accredited datacentre personnel on a need to access basis only. All logical access to our systems is terminated using a range of enterprise grade firewalls that strictly allow access on a least access basis. All connections are monitored and logged.

HTTPS

Our systems use Transport Layer Security (TLS) to secure the connection to a user’s computer, as well as using strong encryption standards such as Advanced Encryption Standard (AES) and Secure Hash Algorithm to encrypt the data.

Certificates

Our systems use publicly trusted certificates issued by the Certificate Authority (CA) DigiCert which use strong 256-bit encryption signed with SHA-256 2048-bit RAS keys. Additionally, our public web applications also utilise Extended Validated (EV) certificates to provide further Customer assurance.

High Availability

Our private systems are hosted across replicated N+1 geographically diverse, tier 3+ rated, ISO 27001/9001 accredited datacentres which are all located within the UK. All hardware systems are provisioned on an N+1 redundancy basis. Data is regularly backed up both online and offline and held securely.

Encryption

Where data is backed-up, archived or transferred between facilities it is further secured using AES 256-bit encryption. Access to encryption keys is limited to authorised personnel on a need only basis.

Real Time Protection

All our online systems implement enterprise grade anti-virus, anti-malware, and anti-spyware as well as network and host-based intrusion detection and prevention systems.

Mobile Devices

Where our employees use mobile devices, there is a strict Mobile Device Management (“MDM”) solution in place to ensure secure configuration. Such mobile devices are encrypted and maintained with the appropriate security patching.

Patch Management

We have a policy that all our systems are regularly updated inline manufactures guidance for secure patch management.

Vulnerability Testing

We carry out regular network and application assessments against all our online systems both on an ongoing basis as well as prior to commissioning. These assessments are carried out by the industry recognised NCC Group who are CESG CTAS PCI CREST and ISO accredited.

Data Retention

We only retain Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, compliance, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.