The Company takes the privacy of personal data seriously and the legal and compliant treatment of this data is at the core of our operations. The following important information explains how the Company collects, stores and uses the Member’s personal data.

The Company is registered under the General Data Protection Regulations (GDPR) 2018.

1. Who are we?

The Company is a Financial Services Compliance Consultancy firm, offering compliance and support activities to regulated firms who themselves advise or provide services to individuals, trustees and their businesses on financial products and wealth management.

The Company (Company No. 05386389) has its registered office at Colgate Farm, Ham Road, Cheltenham GL54 4EZ, United Kingdom.

2. What do we mean by Personal Data and Special Category Data?

By Personal Data (or personal information), we mean information that relates to the Member and is used to identify the Member, either directly or in conjunction with other material we hold.

Your Personal Data may identify you directly, for example your name, address, date of birth, national insurance number.

Your Personal Data may also identify you indirectly, for example, your employment situation.

Other information that may identify you indirectly is referred to as Special Category Data, such as your physical and mental health history, criminal disclosures or any other information that could be associated with your cultural or social identity. We will use Special Category Data and any Criminal Disclosures in the same way as Your Personal Data generally, as set out in this Privacy Notice. In order to process your Special Category Data however, we do require explicit consent.

3. How do we collect information from the Member?

We collect personal information about the Member when express consent is given by signing the Company’s Data Consent forms, or by indicating consent on the online forms.

4. What type of information do we collect?

The information we collect may include the Member’s name, address, email address and telephone number (Personal Data).

Furthermore, information about health, lifestyle and finances can be collected depending on whether it is necessary for the services provided. We may also ask for evidence of identity, for example a passport, driving license, proof of residence or income.

5. Why do we collect information from the Member?

We use personal information for the following:

• Provision of services and account management: To provide the information, products and services requested from us.
• To comply with legislation in relation to anti money laundering regulations and the Financial Services Act.
• In order to undertake our services for you, we have the right to use your Personal Data provided it is in our legitimate business interest.

6. How do we protect the Member’s personal information?

We have strict safeguarding processes to ensure that we meet our obligations under the Data Protection Regulations 2018. Your privacy is important to us and we will keep Your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us.

7. What are the Member’s rights surrounding personal information?

The GDPR enhances the Member’s rights surrounding personal data. This includes:

• The right to be informed – we will provide a copy of this privacy policy before seeking consent to store/process personal data.
• The right of access – the Member has the right to request a copy of any personal information we hold. This will be provided in a structured format, free of charge, within 1 month of your request. Requests can be made in writing, by telephone or by email, to the Data Protection Officer, Colgate Farm, Ham Road, Cheltenham GL54 4EZ, United Kingdom, 01242 807010, gdpr@ifac.eu
• The right to rectification – the Member has the right to request us to rectify any of personal data which the Member believes is inaccurate or incomplete. We will respond within one month (this can be extended by two months where the request for rectification is complex).
• The right to erasure – the Member has the right to request "to be forgotten", i.e. for us to delete all records of your personal data. We will comply with such request, unless we have a legal obligation to continue to hold personal data.
• The right to restrict processing – the Member has the right to "block" or suppress processing of personal data. We will retain just enough information to ensure that the restriction is respected in future.
• The right to data portability – the Member may request a copy of personal data, in order to use it for their own purposes across different services. We will provide the data in a structured, commonly used and machine-readable form (e.g. CSV) free of charge within one month.
• The right to object – the Member has the right to object to us processing personal data for direct marketing purposes, and historical or statistical purposes, and we will respect this request as soon as we receive it.

8. Who do we share the Member’s personal information with?

We will only share the Member’s personal data with third parties when it is necessary for the service we have been asked to provide, and we will have contracts/safeguards in place to ensure that they treat the privacy of the Member’s personal data with the same importance as we do. We will seek the Member’s consent prior to sharing data with any specific third parties with whom we may propose sharing data.

These third parties, amongst others, may include:

• The Financial Conduct Authority
• iPipeline
• Twenty7Tec
• Defaqto
• External File Checkers
• Xero
• Bottomline technologies (direct debit)
• Mailchimp
• NCA

9. Updates to this Policy

This Privacy Policy will be reviewed periodically and updated to comply with any new legislation. This policy was last updated in April 2025.