Last updated 14 April 2023
1. Our Commitment
At intelliflo, we recognize that a robust privacy and data protection program (“Privacy Program”) is essential to the success of firms such as ours that collect and process personal data as part of our day-to-day operations. Our Privacy Program is designed to comply with applicable privacy laws, rules and regulations, account for best practices relating to information handling, and service our customers and employees with trust and confidence.
2. Where We Operate
Our operations are mainly based in the United States of America, the United Kingdom, Australia and India, with some limited contingency resources in other jurisdictions. Summarized in this document are the uniform minimum standards that we have adopted in maintaining our commitment to preserve privacy. Where we engage contractors, consultants, suppliers, and business partners who handle personal data or personal information (collectively “Personal Data”) on our behalf, we expect these third parties (irrespective of where they are based) to have in place appropriate policies and procedures which provide a level of protection for the processing of Personal Data as those set out in this document.
3. How We Use Personal Data
intelliflo processes Personal Data to conduct business and administrative activities and to provide products and services to its customers. As our customer base is largely business to business, the Personal Data collected from you, our customers, will normally consist of:
- Your employee’s information which we need to administer and manage your account, respond to queries, and provide the necessary platform access.
- Your client’s information which you collect and upload to our platform, enabling you to provide financial advisory services. As the purposes for collecting and using this information is determined by you, intelliflo is a “data processor” under the UK DPA and EU GDPR.
- For the purposes of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), intelliflo is considered a “services provider” in both instances.
4. Our Framework
To manage matters relating to privacy and data protection, intelliflo has a privacy team who oversee our compliance with the various privacy laws and regulations. This includes a privacy manager responsible for defining and evaluating the efficacy of our Privacy Program and a Data Protection Officer.
Our Privacy Program adopts a global principles-based framework, which sets privacy standards applicable to our business when handling your Personal Data. These principals are:
- Transparency. intelliflo informs individuals about the Personal Data we collect, the basis for collection and uses via our privacy policies and provisions in our agreements. Please visit the “Privacy” section of our websites for further details.
- Purpose Limitation. intelliflo will collect and process Personal Data for the legitimate purposes explained in our notices and not for other purposes.
- Minimization. intelliflo will collect and process Personal Data as necessary to fulfil the purposes we have stated in our notices.
- Accuracy. intelliflo builds and implements processes and workflows within its platforms designed to keep your data accurate and up to date.
- Security. intelliflo has adopted an information security management system (ISMS) certified by the British Standards Institution (“BSI”) as compliant with ISO/IEC 27001, which is managed and overseen by our security team. Our security program covers organizational, application, server, network and physical security. We have various security technologies and processes in place designed to protect data in transit and at rest. We use an end point detection and response (“EDR”) solution for endpoint protection and cloud workload protection (“CWP”). At the network level, we use next-gen firewalls designed to protect data going in and out of intelliflo. We have implemented processes, workflows, and training programs to train staff on security awareness and provided an incident escalation process. The enhanced protection and security of customer data is a core driver to our security program.
- Rights. intelliflo has enabled capability within our platforms linked to internal policies and processes to address privacy inquiries, complaints and where applicable, requests from individuals to exercise their rights relating to their Personal Data.
- Storage Limitation. intelliflo has established records management controls to define retention and storage requirements. intelliflo retains customer data on our records for a limited period after the end of an agreement to fulfil requests to return or anonymize the data on our records within 30 days or as otherwise specified in pertinent agreements.
- Accountability. intelliflo has put risk management policies and procedures in place with identified privacy controls that are reviewed and revised regularly. We maintain a management procedure to monitor changes in applicable privacy laws and regulations and regulatory guidance relating to privacy and processing of Personal Data.
5. Our Vendor Relationships
intelliflo uses vendors who can provide sufficient guarantees to implement appropriate technical and organizational measures that can meet the requirements of privacy compliance.
Where we engage vendors, contractors, consultants, suppliers, and partners who handle Personal Data on our behalf we have implemented policies and appropriate contractual provisions to ensure that those third parties (irrespective of where they are based) apply a comparable level of protection in relation to the processing of personal data as those that we seek to utilize. In the limited instances where there may be a “restricted transfer” of data from the UK, our processes are designed to undertake the appropriate transfer risk assessments and apply the UK Transfer Addendum.
As part of our onboarding process, third party vendors, contractors, consultants, suppliers, and partners are subject to appropriate risk assessment(s), including privacy and security evaluations, in addition to in-life monitoring.