Introduction

At Collingbourne Wealth Management Ltd, we are committed to protecting your personal data. This notice explains how we collect, use, store, and share your personal information in line with our obligations under the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU GDPR. It also outlines your data protection rights and our ongoing commitment to keeping your information safe, secure, and used only for appropriate and legitimate purposes.

Types of personal data we collect

To deliver our services effectively and meet our regulatory obligations, we need to gather a range of personal information about you. This includes details about your identity, contact information, financial circumstances, and objectives. In certain cases, we may also need to collect special category data, such as information about your health, if it is relevant to the services we are providing.

The information we gather helps to ensure our recommendations are suitable and compliant with Financial Conduct Authority (FCA) regulations. It also enables us to maintain accurate records and provide a high standard of service.

To provide services effectively, we may need to collect personal data about your close family members or dependents. You are responsible for ensuring that they are aware of and have agreed to share their information with us. We can provide a copy of this notice to them, or you may choose to share it with them directly.

How we use your personal data

We collect and process your personal data to provide a comprehensive and compliant financial advice service.

This includes:

• Delivering the services for which you engage us, such as financial planning, investment advice, and ongoing portfolio reviews
• Maintaining accurate and up-to-date client records, including changes to your financial circumstances or objectives
• Assessing the suitability and appropriateness of financial products or strategies based on your individual needs and risk profile
• Managing applications, transactions, and regular service delivery, including liaising with product providers on your behalf
• Meeting our regulatory obligations, including record-keeping, suitability assessments, anti-money laundering checks, and treating customers fairly in line with FCA rules
• Monitoring and improving service quality, ensuring we uphold professional and ethical standards
• Responding to enquiries, complaints, or compliance matters where your data may be reviewed for legal, regulatory, or insurance purposes

We rely on different lawful bases depending on the context in which we process your data. In many cases, more than one lawful basis may apply. These include:

• Performance of a contract: To deliver the services we have agreed with you in accordance with our Terms of Business and Letter of Engagement
• Legal obligation: To comply with our regulatory responsibilities, including those set out by the Financial Conduct Authority (FCA). These include obligations to verify your identity, ensure fair treatment, maintain records, act in your best interests, manage conflicts of interest, and report to regulators as required under applicable financial services legislation
• Consent: For marketing purposes or processing special category data (e.g. health), we will always seek your explicit permission. Special category data is typically collected to support the provision of specific services, such as life or income protection insurance advice. We will explain the purpose of collecting such data at the time and your decision to provide or withhold consent will not affect unrelated services. You may withdraw your consent at any time by contacting us using the details in the ‘How to Contact Us’ section below
• Legitimate interests: To support our business and professional responsibilities, including record-keeping, complaint resolution, ensuring your financial arrangements remain suitable, meeting anti-money laundering obligations, and cooperating with legal, regulatory or insurance-related matters

Where third parties are involved in processing your data, we take appropriate measures to ensure your personal information is handled lawfully and responsibly. We expect third parties to demonstrate high standards of data protection and only use your data for specific, authorised purposes in line with relevant legislation and good practice.

Where necessary, we utilise secure transfer protocols, including encryption and password protection, to safeguard your data during transmission.

A full list of our current data processors is available on request.

Holding your personal data

During the course of our relationship with you, we will retain personal data necessary to provide services to you and to meet our legal and regulatory obligations. We will hold your personal data for different periods of time depending on the reason we have for processing it.

We undertake to review the data we hold on you regularly to ensure compliance with data protection law. During such reviews, we will:

• Delete data that is trivial or no longer necessary for the purposes outlined above
• Correct any errors or inaccuracies
• Securely delete data that is no longer necessary, in line with the retention periods outlined below

If you do not become a client, we will keep your data for no more than three years, except where required to demonstrate that advice was not provided.

If you become a client, we will typically retain your personal information for at least 10 years after our relationship ends. However, we may keep some data for longer where necessary, including:

• In case of future queries or complaints
• To defend against potential legal claims or regulatory actions
• To comply with pension transfer and opt-out advice requirements
• To meet legal, regulatory, or insurer obligations
• Where necessary to support our legitimate interests, such as meeting the expectations of our professional indemnity insurers

Copies of identity verification documents used for anti-money laundering purposes will be retained for at least five years after the relationship ends.

Accessing and correcting your personal data

You have the right to:

• Request a copy of your personal data – This is known as a subject access request
• Correct any personal data you believe we hold inaccurately
• Request restriction or objection to processing
• Request data portability
• Request the deletion of your personal data. We will comply with such requests to the extent possible, subject to our legal and regulatory obligations

If you decide to request access to the personal data we hold about you (a subject access request), we will respond within 30 days of receiving your request. We may extend this period by up to two months for complex requests, in line with Article 12(3) of the UK GDPR. Unless the request is excessive or clearly unfounded, we will not charge a fee.

If you are unhappy with how we handle your personal data

You have the right to complain to the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: www.ico.org.uk
Phone: 0303 123 1113

How we store your data

We store client data on our proprietary database, which is hosted securely on our server to mitigate risk. We use Microsoft SharePoint to manage and store client files, and Microsoft Outlook for our email communications. Access is restricted to authorised personnel only.
All investment platforms we use are authorised and regulated by the Financial Conduct Authority, ensuring high standards of security, including protection through two-factor authentication.
Clients may view documents, exchange information and communications via our secure client portal, MyCollingbourne, provided by Moneyinfo, which is designed to meet high standards of data protection and regulatory compliance.

Marketing

With your consent, we may contact you with information about products and services. You may opt out at any time using unsubscribe links or by contacting us directly. If you wish to withdraw your consent for any specific purpose (such as marketing or the processing of special category data), you may do so by contacting us using the details provided in the ‘How to contact us’ section below.

Updates to this notice

We keep this privacy notice under regular review and will publish updates on our website or inform you of material changes.

How to contact us

Please contact us if you have questions about this notice or your data:

Data Protection Officer: Martin Strutt

Email: [email protected]

Phone: 01962 360000

Address: 45 Southgate Street, Winchester, Hants, SO23 9EH