General

The controller is Jessica Cook.  If you are a data subject whose data is controlled and/or processed by AESFSL; you can contact AESFSL at 51 Dorset Street, London, W1U 7NG, or by email to Jessica.cook@aesinternational.com.

The purpose of the controlling and processing in relation to clients is to enable it to perform and improve its business of advising on financial services for clients; this includes being able to carry out due diligence on clients for anti-money laundering, anti-terrorist financing and anti-fraud purposes; to audit and assess risk in our services; to comply with various statutory and regulatory obligations; to market its services to those who may wish to receive them (and in relation to potential clients to consider whether to take them on).
Where a data subject is a Jessica Cook client, UK statutory obligations require Jessica Cook is required to retain records generally for five years and indefinitely in respect of clients who perform defined benefit pension scheme transfers. Jessica Cook also retains client data for its legitimate interest purposes for up to fifteen years after the last date on which business is performed for a client or there has been a communication exchange, in order to be able to resolve disputes or similar matters such as being able to show clients that they have been treated fairly.
Where a data subject is an employee benefits client, Jessica Cook retains client data for its legitimate interest purposes to provide services (a) for eighteen months following the lapse of an annual policy to be able to provide annual data to insurance providers, and (b) for three years from the conclusion of a medical claim to assist in medical claims.
We may also use data for direct marketing purposes.  If we market to you and you are not already a client our further legitimate interest is to provide you with information as a potential client for a reasonable period.  We regard one year as a reasonable period after your last interaction with us as a data subject who is not a client, and after this period we shall delete your data unless we have other legitimate interests to maintain in keeping it (such as your becoming a client). See below on your option to opt out of direct marketing.
Jessica Cook does not intentionally process special categories of personal data (for example genetic data) unless such information is necessary towards the provision of its services (for example: a general overview on a data subject’s health may be of relevance and health is the subject matter in a medical claim) and does not use systems to make automated decisions based on client data subjects.  Provision of personal data by a client is unavoidable for the purposes of AESFSL contracting its services to a client, and if such data is not provided, AESFSL will typically not be able to provide services.

Sharing personal data with others

AESFSL may share clients’ personal data with auditors and professional advisers, and those who provide professional services to Jessica Cook for client purposes, such as those providing a client money-handling service, those providing storage services for email records and the like and those providing cloud storage and processing systems; it will also share client data with regulators where required by relevant regulations and law, and/or administrative requirements.  This may include HMRC (and/or other relevant tax authorities), the FCA and other regulating authorities, and the Financial Ombudsman Service (and overseas equivalents).

Transfers of data out of the EU

AESFSL transfers data to servers in the UAE as part of a common IT system with its branch in the DIFC and a sister company in the UAE AES Middle East Insurance Broker LLC.  The UAE has not benefited from an adequacy decision from the EU.  AESFSL manages such transfers by operating its systems in the UAE to the same levels of protection as apply to it in the EU and by legally requiring this in the UAE through standard data protection clauses in a contract pursuant to Article 46 2.(c) GDPR dated 1 May 2018.  A copy of the contract is available on request to the contact details provided above.  Data subjects who are AESFSL clients have the right to data portability and to have access to their data held by AESFSL and to object to its rectification, erasure, or restricting (subject to AESFSL being able to comply with its legal obligations and to the extent that any such data does not meet the requirement of necessity for AESFSL to pursue its legitimate interests to resolve disputes and similar matters).

Consent etc

Where AESFSL has obtained a data subject’s consent to processing, and other reasons for processing do not apply, the data subject may withdraw consent at any time, but such withdrawal shall not be retroactive in effect.  Data subjects may lodge a complaint with the relevant supervisory authority, the Information Commissioner’s Office, whose contact details are in the link.

Direct Marketing – option to opt out

All those in receipt of direct marketing material from Jessica Cook may opt out of it at any time by contacting Jessica Cook as above; if this occurs, Jessica Cook will cease processing the client’s data for direct marketing purposes.

This notice may be updated from time to time.

AES Middle East Insurance Broker LLC and other entities outside the EU

AES Middle East Insurance Broker LLC (“MEIB”) controls and processes data, some of which relates to data subjects in the EU.  MEIB therefore complies with the GDPR in respect of such data subjects and to that end has inter alia mandated AESFSL as its representative pursuant to Article 7(1) GDPR as a channel to relevant data protection authorities and data subjects.  Any data subject benefitting from GDPR protection and any relevant data authority wishing to contact MEIB regarding data protection matters may therefore contact either MEIB itself or AESFSL.  AESFSL in its capacity as MEIB’s representative has no liability for data protection matters relating to MEIB. AES International SA and AES Financial Services Ltd (DIFC Branch) have similarly appointed AESFSL as their data protection representative.