Verve are committed to protecting your data. We will never pass your personal data to anyone else, except for any sub processors in title to our business, without your explicit permission. Types of personal data that is collected includes:
- Name
- Addresses
- Date of Birth
- Email Addresses
- Financial Information
- Medical Information
- IP Addresses
Verve Holdings Limited use certain sub processors to assist in providing our services. We use service providers that may store and process personal data about you and your end users (each, a “Sub-Processor”). This page provides important information about the identity, location and role of these material Sub-Processors.
Third party Sub-Processor
|
Purpose |
Applicable Service Type |
Sub-Processor Location |
Privacy Information
|
Amazon (AWS) |
Hosting and Asset Storage |
All |
EU |
Link |
ANS |
Hosting |
All |
United Kingdom |
Link |
CashCalc |
Cashflow modelling software for financial planning. |
Paraplanning, Training |
United Kingdom |
Link |
CII |
Membership, study material and exams. |
Training |
EEA |
Link |
Cognito Forms |
Survey and form software – data collection. |
DNA Services |
United States |
Link |
Defaqto |
To complete paraplanning services such as risk profiling, fund research, provider research. |
Paraplanning |
United Kingdom |
Link |
Efax |
Digital Faxing Solution |
Paraplanning, All relevant |
Ireland |
Link |
Expert Pensions |
Training |
Training |
United States |
Link |
FCA Connect |
FCA Applications |
Compliance |
United Kingdom |
Link |
FCA Regdata |
FCA Reporting |
Compliance |
United Kingdom |
Link |
FE Analytics |
Fund research/risk profiling. Calculation of Reduction in Yield |
Paraplanning, DNA Services |
United Kingdom |
Link |
GBG |
Identity verification and Fraud prevention Solutions |
Compliance |
United Kingdom |
Link |
GoCardless |
Taking payments via direct debit |
All |
United Kingdom |
Link |
Google Analytics |
Website & System Analytics |
All |
United States |
Link |
Hubspot |
CRM system for Sales & Marketing |
All |
United Kingdom |
Link |
I4C Cashflow |
Cashflow modelling software for financial planning. |
Paraplanning |
United Kingdom |
Link |
Locktons |
Insurance broker |
Consultancy, Compliance |
United Kingdom |
Link |
MICAP |
Investment research |
Paraplanning, DNA Services |
United Kingdom |
Link |
Moneyscope |
Cashflow modelling software for financial planning. |
Paraplanning |
United Kingdom, EEA |
Link |
Protean Risk |
Insurance broker |
Consultancy, Compliance |
United Kingdom |
Link |
Pusher |
System APIs |
All |
EU |
Link |
Rackspace |
Hosting and asset storage |
All |
EU |
Link |
SelectaPension |
Pension provider comparison and research. |
Paraplanning, DNA Services |
United Kingdom |
Link |
Sentry |
System Development |
All |
United States |
Link |
SignRequest |
Used for TOB agreements and document e-signatures. |
All services |
United Kingdom / EU |
Link |
Stripe |
Payment terminal |
All relevant |
Ireland |
Link |
Synaptics |
Provider and fund research. |
Paraplanning, DNA Services |
United Kingdom |
Link |
TalentLMS |
Training platform |
Training |
EU |
Link |
Teamtailor |
Recruitment applicant tracking tool system |
Recruitment services |
EU |
Link |
Tech-Link |
External technical consultants, used to answer particular technical queries. |
All relevant services |
United Kingdom |
Link |
UK Global |
Insurance broker |
Consultancy, Compliance |
United Kingdom |
Link |
Xero |
Accounting software |
All |
United Kingdom |
Link |
20i |
Hosting |
All |
United Kingdom |
Link |
Our services have been grouped into a summary list as follows however there is also cross over:
- Direct Authorisation (Going it Alone)
- PROD, CIP, PDD, CIP, ESG, CRP, EIS, VCT (DNA Services)
- Paraplanning Services
- Compliance Services
- Suitability Report Templates
- Training
- Training & Competence
- Marketing & Design
- Consultancy
- Platform Migration Support
- Portfolio Creation and Maintenance
Nature and purpose of the processing personal protected data:
Provision of the services
|
Nature of data processing
|
Direct Authorisation (Going it Alone) |
Providing intermediaries with support and FCA applications. Data required to ensure legal and regulatory accuracy in the application. |
PROD, CIP, PDD, CIP, ESG, CRP, EIS, VCT (DNA Services) |
Providing services to the intermediary, concerning their investment solutions and provider research. Data required via research systems to ensure accuracy and time-sensitive data. |
Paraplanning Services |
Providing research and reports for end clients for the purpose of financial advice. Data required to ensure client-specific information and up to date financial information relating to research and analysis. |
Compliance Services |
Providing technical advice and regulatory support to the intermediary. Data required to ensure accurate regulatory information. |
Suitability Report Templates |
Providing non-client specific documentation to the intermediary to allow them to provide reports to their clients. Data used to ensure the intermediate needs are required. |
Training |
Support services to individuals concerning the CII diploma and soft skills. System used to log and support students with their training and to provide current training materials. |
Training & Competence |
Providing support to those in Financial Services to ensure their competency to complete their job. Systems used to log data to provide FCA reporting. |
Marketing & Design |
Support to intermediaries with their branding and marketing. Intermediary data used via marketing systems to ensure client specific outcome. |
Consultancy |
Offering business and compliance support to intermediaries. Systems used to ensure suitable outcomes in relation to business needs. Feeds into the other. |
Platform Migration Support |
Assisting with the paraplanning and administration involved in platform migration. Provided to the intermediary. Refer to paraplanning for system data. |
Portfolio Creation and Maintenance |
Assisting the intermediary with their investment solutions. System access required for fund and investment research. |
To complete the above the processing activities of the data include; Access; collection; recording; retrieval; use; modification; hosting; storage; making available; monitoring (service delivery); deletion; destruction.
Verve Data Protection
Technical & Organisational measures
Ongoing confidentiality, integrity, availability and resilience of processing systems.
System architecture |
We maintain available system configurations hosted via Rackspace (Apricity system), 20i (Para-Sols Rise), and AWS (Dextera), ensuring low levels of downtime, therefore minimising the risk of data loss. |
Encryption |
Data is encrypted in transit using HTTPS for web & API requests. |
Update testing |
New deployments to production systems are subject to code review, manual testing, automated testing, and product manager reviews before being released. |
Vulnerability testing |
We carry out vulnerability and penetration testing with each new release of all production systems. |
System security |
Our cloud servers are monitored, with SSH access restricted to a set of IPs. Our load balancers only accept connections on port 443, ensuring secured connection. |
Access control |
We maintain records of security privileges of individuals with access to our systems and adopt a policy of least privilege. Security privileges are reviewed periodically and as part of starter/mover/leaver checks. |
User authentication |
Access is via email address, and the use of a secure encrypted token. |
Restoring availability and access to personal data in a timely manner in the event of a physical or technical incident.
Disaster recovery |
System data is backed up daily to cloud based servers, providing additional resilience and a recent recovery point in the unlikely event of system failure. |
Regular testing, assessing and evaluating of these measures' effectiveness.
Information security management |
Responsibility for information security is shared between the technical and operational teams, the leadership of which aims to regularly review and improve existing practice. This includes penetration testing as part of development releases and running internal audits. |