The controller is AES Financial Services Ltd. If you are a data subject whose data is controlled and/or processed by AESFSL; you can contact AESFSL at 24 Elysium Gate, 126 – 128 New King’s Road, London SE6 4LZ, or by email to marketing@aesinternational.com.
The purpose of the controlling and processing in relation to clients is to enable it to perform and improve its business of advising on financial services for clients; this includes being able to carry out due diligence on clients for anti-money laundering, anti-terrorist financing and anti-fraud purposes; to audit and assess risk in our services; to comply with various statutory and regulatory obligations; to market its services to those who may wish to receive them (and in relation to potential clients to consider whether to take them on); where a data subject becomes an AES client, UK statutory obligations require AES is required to retain records generally for five years and indefinitely in respect of clients who perform defined benefit pension scheme transfers. AES also retains client data for its legitimate interest purposes for up to fifteen years after the last date on which business is performed for a client or there has been a communication exchange, in order to be able to resolve disputes or similar matters such as being able to show clients that they have been treated fairly.
We may also use data for direct marketing purposes. If we market to you and you are not already a client our further legitimate interest is to provide you with information as a potential client for a reasonable period. We regard one year as a reasonable period after your last interaction with us as a data subject who is not a client, and after this period we shall delete your data unless we have other legitimate interests to maintain in keeping it (such as your becoming a client). See below on your option to opt out of direct marketing.
AES does not intentionally process special categories of personal data (for example genetic data) unless such information is necessary towards the provision of its services (for example: a general overview on a data subject’s health may be of relevance) and does not use systems to make automated decisions based on client data subjects. Provision of personal data by a client is unavoidable for the purposes of AESFSL contracting its services to a client, and if such data is not provided, AESFSL will typically not be able to provide services.
AESFSL may share clients’ personal data with auditors and professional advisers, and those who provide professional services to AES for client purposes, such as those providing a client money-handling service, those providing storage services for email records and the like and those providing cloud storage and processing systems; it will also share client data with regulators where required by relevant regulations and law, and/or administrative requirements. This may include HMRC (and/or other relevant tax authorities), the FCA and other regulating authorities, and the Financial Ombudsman Service (and overseas equivalents).
AESFSL transfers data to servers in the UAE as part of a common IT system with its branch in the DIFC and a sister company in the UAE AES Middle east Insurance Broker LLC. The UAE has not benefited from an adequacy decision from the EU. AESFSL manages such transfers by operating its systems in the UAE to the same levels of protection as apply to it in the EU and by legally requiring this in the UAE through standard data protection clauses in a contract pursuant to Article 46 2.(c) GDPR dated 1 May 2018. A copy of the contract is available on request to the contact details provided above. Data subjects who are AESFSL clients have the right to data portability and to have access to their data held by AESFSL and to object to its rectification, erasure, or restricting (subject to AESFSL being able to comply with its legal obligations and to the extent that any such data does not meet the requirement of necessity for AESFSL to pursue its legitimate interests to resolve disputes and similar matters).
Where AESFSL has obtained a data subject’s consent to processing, and other reasons for processing do not apply, the data subject may withdraw consent at any time, but such withdrawal shall not be retroactive in effect. Data subjects may lodge a complaint with the relevant supervisory authority, the Information Commissioner's Office, whose contact details are in the link.
All those in receipt of direct marketing material from AES may opt out of it at any time by contacting AES as above; if this occurs, AES will cease processing the client’s data for direct marketing purposes.
This notice may be updated from time to time.
