The purpose of the controlling and processing in relation to clients is to enable it to perform and improve its business of advising on financial services for clients; this includes being able to carry out due diligence on clients for anti-money laundering, anti-terrorist financing and anti-fraud purposes; to audit and assess risk in our services; to comply with various statutory and regulatory obligations; to market its services to those who may wish to receive them (and in relation to potential clients to consider whether to take them on).
Where a data subject is an AES financial services client, UK statutory obligations require AES is required to retain records generally for five years and indefinitely in respect of clients who perform defined benefit pension scheme transfers. AES also retains client data for its legitimate interest purposes for up to fifteen years after the last date on which business is performed for a client or there has been a communication exchange, in order to be able to resolve disputes or similar matters such as being able to show clients that they have been treated fairly.
Where a data subject is an employee benefits client, AES retains client data for its legitimate interest purposes to provide services (a) for eighteen months following the lapse of an annual policy to be able to provide annual data to insurance providers, and (b) for three years from the conclusion of a medical claim to assist in medical claims.
We may also use data for direct marketing purposes. If we market to you and you are not already a client our further legitimate interest is to provide you with information as a potential client for a reasonable period. We regard one year as a reasonable period after your last interaction with us as a data subject who is not a client, and after this period we shall delete your data unless we have other legitimate interests to maintain in keeping it (such as your becoming a client). See below on your option to opt out of direct marketing.
AES does not intentionally process special categories of personal data (for example genetic data) unless such information is necessary towards the provision of its services (for example: a general overview on a data subject’s health may be of relevance and health is the subject matter in a medical claim) and does not use systems to make automated decisions based on client data subjects. Provision of personal data by a client is unavoidable for the purposes of AESFSL contracting its services to a client, and if such data is not provided, AESFSL will typically not be able to provide services.