Data subjects who are current, former or prospective employees of Intelliflo
This privacy notice applies to all data subjects whose personal data is collected through either being a current or former employee of Intelliflo or by taking part in Intelliflo's recruitment processes.
The Data Protection Officer is NCC Group, contactable at dataprotection@Intelliflo.com is responsible for ensuring that this notice is made available to data subjects prior to Intelliflo collecting/processing their personal data.
All employees of Intelliflo who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured where necessary.
Intelliflo is a technology company that provides business management software to UK financial advice firms through its Intelligent Office (iO) software. Through iO, firms can access Intelliflo’s Personal Finance Portal and Automated Advice services, which enables them to offer online advice solutions to support the traditional, face-to-face advice model. iO is a cloud-based system which enables users to utilise it in a flexible, fluid way. Intelliflo’s open API technology enables developers to interact and build a business management system based upon iO in a liquid manner.
Our Data Protection Officer and data protection representatives can be contacted directly here:
The Intelliflo HR team is the data controller for the information you provide as a job applicant, current and former employee. If you have any queries about the process or how we handle your information please contact us at dataprotection@Intelliflo.com alternatively, employees may review the data flow diagrams held on Confluence under HR.
Job application stage
| Personal data type: | Source (where Intelliflo obtained the personal data from you, the data subject, or from a third party) |
| Personal details including name and contact details. Previous work experience and education. | CV either by direct application or via an employment agency, both are uploaded into the Recruitment Portal of the HR CRM. |
| Eligibility to work in the UK, passport and visa details. | Initial confirmation via email with the individual or through the employment agency. Copies provided by you or through the employment agency. |
Our legal basis for processing for the personal data:
Any legitimate interests pursued by us, or third parties we use, are as follows:
The personal data we would like to collect at interview stage is:
| Personal data type: | Source (where Intelliflo obtained the personal data from, whether directly from you, the data subject, or from a third party) |
| Confirmation of personal details including name and contact details and previous work experience and education. | CV and set competency interview questions and notes taken. |
| Eligibility to work in the UK. | Check of passport. |
| Possible capability assessment. | Set assessment to check level of knowledge and/or understanding. |
| CCJ & credit check. | Declaration form. |
| Criminal record/background check (only carried out on offer of employment). | Disclosure and barring service. |
The personal data we collect is held in the HR CRM system. It will be used for the following purposes:
Our legal basis for processing for the personal data:
Any legitimate interests pursued by us, or third parties we use, are as follows:
Our legal basis for processing personal data relating to criminal convictions and offences:
The personal data we would like to collect and process at offer stage is:
| Personal data type: | Source (where Intelliflo obtained the personal data from if it has not been collected directly from you, the data subject. Note if the personal data has been accessed from publicly accessible sources): |
| Confirmation of personal details including name and contact details. | Email from successful candidate or from the employment agency representing the candidate. |
| Eligibility to work in the UK and proof of identity. | Current passport and where applicable, visa, we will make copies and hold them in your HR file. |
| Proof of qualifications | You will be asked to bring in original documents, we will make copies and hold them in your HR file. |
| Use of personal email address. Consent to a 3rd party reference company undertaking reference checks on the company’s behalf. Employer, credit and criminal. | Consent letter is emailed with the offer pack. Once received back, this information along with your personal email address is uploaded into the reference portal. |
| Health assessment request form including name, address, DoB, gender, contact number and email address. | Assessment form for completion and sending directly to a third party in a stamped addressed envelope. |
| Personal details including name, address, gender, DoB, bank details, marital status and NINO. | Employee payroll form, used for payroll processes and held in your HR file. |
| Emergency contact details | So that we know who to contact in the event that there is an emergency at work. |
| Personal details including name and address and salary details. | Contract of employment. A signed copy will be held in your HR file. |
| Name, address and NINO. | Pension enrolment form. Encrypted copy is sent to our IFA. Used for payroll purposes and the original kept on HR file. |
The personal data we collect is held in the HR CRM and hard copy. It will be used for the following purposes:
Legal basis
Our legal basis for processing for the personal data:
Any legitimate interests pursued by us, or third parties we use, are as follows:
The special categories of personal data concerned are:
| Personal data type | Source | Legal basis |
| Occupational health records | We may ask you to fill in an occupational health form if you become unwell and we will keep this form on file. | Legitimate interest – ensuring empl,broyees are fit to work, take time off for illness when necessary and have reasonable adjustments made where necessary. Legal basis for processing special category data (health data) – processing is necessary for the purposes of occupational medicine and for the assessment of the working capacity of the employee. |
| GP health records | Occasionally it may be necessary for us to request records from your GP. You will be asked to give consent first, and we will request specific records for your benefit. | Legitimate interest – ensuring employees are fit to work, take time off for illness when necessary and have reasonable adjustments made where necessary. Legal basis for processing special category data (health data) – processing is necessary for the purposes of occupational medicine and for the assessment of the working capacity of the employee. N.B. Consent is requested under confidentiality law, not under the General Data Protection Regulations. |
| Pay increase letters | Where you are given a pay increase we will keep the letters detailing this. | Legitimate interest - Record of communication with employee and showing past history to increases. |
| Disciplinary letters | Where disciplinary action is required we will keep a copy of the letters that have been sent to you. | Legitimate interest - Record of communication and any warnings given. Removed from file once warnings are spent. |
| Change of address details | Where your address has been changed we will keep a copy of this. | Legitimate interest - Current address is keep as a check against the HR & payroll system |
| Payroll data | Your payroll data will be kept for the duration of your employment. | Legitimate interest - For reporting purposes. |
| Childcare voucher information - Salary sacrifice | Where the salary sacrifice scheme is used this information will be stored. | Legitimate interest - For reporting and auditing purposes and as confirmation of consent to process salary sacrifice. |
| Cycle hire scheme details | Where the cycle hire scheme is used, this information will be stored. | Legitimate interest - For reporting and auditing purposes and as confirmation of consent to process salary sacrifice. |
| Qualifications | We will keep a copy of your qualifications. | Legitimate interest - As proof of level of learning. |
| Training agreements | Where you have entered into a training agreement with Intelliflo we will keep a copy of this. | Legitimate interest - In case of any re-imbursement needed if employment comes to an end. |
| File notes from meetings | Where there are formal meetings and notes have been taken, a record of these notes will be stored. | Legitimate interest - In case issues need to be revisited or legal action is taken against Intellfilo. |
| Resignation letter | If you resign, a copy of your resignation letter will be kept. | Legitimate interest - As a record for payroll and reporting/auditing purposes. |
| Confirmation of resignation | When we confirm receipt of your letter of resignation we will keep a record of this. | Legitimate interest - As a record for payroll and reporting/auditing purposes. |
| Settlement agreements | If you enter into a settlement agreement we will keep a record of this. | Legitimate interest - As a record for payroll and reporting/auditing purposes. |
| Termination details | If your contract is terminated with Intelliflo we will keep a record of this. | Legitimate interest - As a record for payroll and reporting/auditing purposes. |
| References | We will keep a copy of your reference so that we are able to provide this if requested. | Legitimate interest - Consistency purposes. |
| PMR data | This information will be kept on Sage and not all data will be retained once you leave unless it is about pay or specific training due to performance issues. | Legitimate interest - In case issues need to be revisited or legal action is taken against Intellfilo. |
Intelliflo will pass on your personal data to third parties. The following third parties will receive your personal data for the following purpose(s) as part of the processing activities:
Aviva
If you are employed by Intelliflo, relevant details about you are provided to Aviva for the purposes of managing our Group Personal Pension scheme. This will include, you name, address, date of birth, NINO and salary.
Details are uploaded into the Aviva portal and starters and leavers are managed through this system.
Kingston Hospital
When you receive your offer pack you will be asked to complete a Work Health Assessment prior to your start date, which will help to determine if you are fit to undertake the work that you have been offered or advise us if any adjustments are needed to the work environment or systems so that you can work effectively.
Kingston Hospital send the HR department via email a pre- employment health screening form outlining the outcome of their assessment and if any further action is required.
Hargreaves Lansdown
If you are employed by Intelliflo, relevant details about you are provided to our independent financial advisors as they manage our pension. These include, you name, address, date of birth, NINO and salary data.
AON
If you are employed by Intelliflo, relevant details about you are provided to our insurance brokers as they manage our Life and Income Protection insurance. These include, you name, address, date of birth, NINO and salary data; where applicable information on your health, which might contain sensitive data.
Verifile
On receipt of your offer via email, you will be asked to complete and return a consent form, which gives permission for Verifile to contact you via your personal email with a link to their portal, where you will be asked to complete details to assist with reference checking. These include details for employment references, credit and criminal check details.
Vitality
If you are employed by Intelliflo, relevant details about you are provided to our private medical insurances as they manage our private medical scheme.
You can join the private medical scheme by completing an application form which asks for name, date of birth and for any family members details should you wish to cover them too. These details along with your home address and company email details are then uploaded into the scheme portal directly by HR.
HR amend the portal when employees leave the business, so that they benefit can be stopped.
Meerkat
Meerkat administer the DSE risk assessment on Intelliflo’s behalf. At the beginning of employment HR will email Meerkat with the employees work email address; a link will then be sent to the employee so that they can complete the risk assessment. Actions are then send to HR for rectifying.
LinkedIn Learning
LinkedIn Learning is an on-line training platform which sits with our academy platform. HR and Learning & Development have administration rights and set up employees using their work email address. They also delete employees when they leave.
PluralSight
PluralSight is an on-line training platform. HR and the development manager have administration rights and set up employees using their work email address. They also delete employees when they leave.
Infinite Cloud
Infinite Cloud support the payroll module on Netsuite (Finance system). The HR manager will call or email the support helpline to discuss issues. Personal data can be accessed to carry out legal obligations.
Microsoft Office 365
Intelliflo use Microsoft's Office 365 platform, any personal data you put in email or other parts of Office 365 will be held by Microsoft. Data will also be sent to Office 365 so that you can be authenticated by Microsoft.
SagePeople
HR CRM system holding all data on candidates and employees.
Duo security
Intelliflo use a product called Duo Security to provide SSO (Single Sign On) and Two Factor Authentication, data related to your username and name will be sent to Duo for this to work.
Other systems which will hold details related to account you may require as part of your job.
Intelliflo use a large number of SaaS or hosted systems you will be required to use as part of your day to day job, these systems will hold account information you require to authenticate and so that your colleagues can understand who has said what - these include product management systems like Jira, Aha!, and Github, infrastructure systems like DigiCert, AWS and PagerDuty, and other corporate systems like SalesForce, Netsuite, Slack and Microsoft Office 365.
Jitterbit
We use this to integrate our systems.
Absorb
Absorb is our LMS provider. It provides our staff training and as an employee of Intelliflo you will have an account with Absorb.
Any company requesting references
We will supply reference requests to any company who requests reference information, this includes Name, last job title and dates worked at Intelliflo.
Invesco
Invesco are our parent company. They may receive employee data for several different reasons, these will include budgeting and compensation purposes, related to use by Intelliflo staff of Invesco run application. When data is sent to Invesco it will be transferred securely to them, and it could be viewed in any of their offices around the world. This can include offices in the EEA and offices outside the EEA such as Atlanta. These transfers are protected by EU model clauses which Intelliflo and Invesco have in place.
CCTV
CCTV is used as a method to ensure staff safety and security and will be used for this purpose at all times. This is reflected in the positioning of the cameras and retention of the footage. CCTV is used to monitor the ingress/egress points of Intelliflo's spaces at our Wimbledon Office. This footage is not generally displayed or viewed. It will be viewed when security alarms go off out of hours so that we can confirm there are no intruders in the office or as part of an investigation into a security or personnel issues. Footage is deleted 90 days after it is recorded, unless it is being retained as part of an investigation, in which case it will be stored until the investigation or issue is resolved.
For data related to people who have applied for jobs, assuming you did not progress past applicant stage - your data will be held for no more than 6 months.
For data related to you being an employee of the business we will store the personal data held under legal obligations to HMRC for 7 years.
Any data that may be needed for exercising or defending a legal claim will be retained for the life of the data subject. This may include: Sickness Records, Disciplinary and Grievance records, and termination payments.
For data required to answer reference requests from third parties on ex-employees, we will hold data for the life of the data subject.
Intelliflo archives emails 7 years after receipt, so we will hold information in emails for upto 7 years.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
All of the above requests will be forwarded on should there be a third party involved (as stated above) in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by Intelliflo (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Intelliflo’s data protection team.
The details for each of these contacts are:
| Supervisory authority contact details | Intelliflo data protection team contact details | |
| Contact name: | Information Commissioners Office | Data Protection Officer |
| Address line 1: | Wycliffe House | Wellington House |
| Address line 2: | Water Lane | 60 – 68 Wimbledon Hill Road |
| Address line 3: | Wilmslow | Wimbledon |
| Address line 4: | London | |
| Address line 5: | SK9 5AF | SW19 7PA |
| Email: | casework@ico.org.uk | dataprotection@Intelliflo.com |
| Telephone: | 0303 123 1113 | TBC |
Last updated: 27 April 2020
Intelliflo's market-leading practice management software helps financial advisers transform and grow their business
© Intelliflo Ltd
We use cookies to operate this website and to improve its usability.
Full details of what cookies are, why we use them and how you can manage them can be found by reading our Cookies page.
Please note that by using this site you are consenting to the use of cookies.
