We help you consider all areas and put together a financial plan that helps you to achieve your financial goals
Looking for Financial Advice?
Book a no obligation call with one of our experts
Capital Professional Ltd trading as Ascot Lloyd (referred to in this policy as "we", "us" or "our") is part of the Ascot Lloyd Group. We are a limited company registered in England and Wales under registration number 07584487, and we have our registered office at Reading Bridge House, George Street, Reading, RG1 8LS. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO) in relation to our processing of Personal Data under registration number Z3325007.
For the purposes of meeting the UK GDPR and the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.
Purpose of this Policy
This policy explains what kind of personal information we collect in connection with our services and how we will process (use) this information.
This policy describes how we collect, use, share, retain and safeguard personal data.
This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.
Who this privacy notice applies to
This privacy notice applies to you if:
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, date of birth, gender, and contact details but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. Personal data does not include data where the identity has been removed (anonymous data).
Personal data may contain information which is known as special category personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences. This data is treated in the same manner as special category personal data, where we are legally required to comply with specific data processing requirements.
When will we collect personal data?
We collect information about you when you engage us for financial planning, financial advice, mortgage advice, investment management services and corporate benefits services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us and when you request information about our services, client events, promotions, and campaigns.
You may provide us with personal data when signing up to our services, through application forms, when completing contact forms, when you contact us via the telephone, when writing to us directly or where we complete forms in conjunction with you.
We may record your communications with us when contacting our customer care, complaints, and other customer focused functions.
Where we collect data directly from you, we are considered to be the controller of that data i.e., we are the data controller. Where we use third parties to process your data on our behalf, these parties are known as processors of your personal data. Where there are other parties involved in managing your investment, we will be a joint data controller of your personal data.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
Personal information we collect from you
The information we hold about you will often be provided by you directly (for example, when you apply for a service or product) but sometimes we collect data from other sources. As a provider of financial services, we will collect and hold the following categories of personal data:
Other sources where we collect information about you
We may also collect information relating to you from the following:
How will we use your personal data?
We must always have a lawful basis (lawful or legal reason) to process your personal data. The primary legal basis that we use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.
In most cases, processing your personal data and the legal basis for doing so will be as follows:
Why we process your data
To enable us to carry out actions that are necessary for us to provide you with the product or service (for example, receiving payments) under a contract with you.
To enable us to meet our legal obligations (for example, we need to get proof of your identity so that we can meet our anti-money laundering obligations).
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where you give us specific permission to use your information for a specific purpose.
In the public interest
In some cases it is in the substantial public interest (for example, to give you the support you need if you are or become a vulnerable customer) to use your sensitive personal data/special categories of personal data.
Based on our legal basis for using your personal information, the table below expands on how we process personal data from you. Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data:
How we use your information
The legal basis for using the information
To provide our services to you and receive payments.
To communicate with you to confirm your instructions to us. and to assess and improve our services for training, quality, and improvement purposes.
To assess and improve our services for training, quality, and improvement purposes. Our communications with you, electronic methods and telephone calls which may be recorded and monitored.
To make checks, including verifying your identity and the identity of joint account holders to make sure we are speaking to the right persons.
To deploy CCTV at our premises to monitor and collect images and/or voice recordings.
Telephone call recording.
To deploy caller line identification technology to verify your identity.
To collect and use your location and device information for identity verification purposes.
To communicate with you in relation to our products/ services, legal or regulatory information, and to manage your agreement with us.
To communicate with you regarding any complaints you may have about our products and services.
To develop and improve products and services by analysing information, including helping us to decide if you are suitable for a product or service.
To market and personalise our communications and products/ services to you.
Unless you have opted out of our marketing services or the law prevents us from doing so, we will send you information about our products and services.
If you are an employee or business representative working for a company with which we have a supplier or partnership: to enter and manage our contractual relationship with your employer.
If you are an employee or business representative working for a company with which we have a supplier or partnership: to send you marketing communications.
To observe the laws and regulations that apply to us and to cooperate with the regulators and law enforcement.
Special Categories of Data/Sensitive Personal data
Some of the information we need to collect is sensitive personal data (also called special category data). We may need to process personal data relating to your health, biometric data and data on criminal convictions and offences. We usually use personal sensitive data on the legal basis that:
Where we tell you that providing certain personal data or special category information is mandatory for a specific product or service, and you decide not to provide that information, we cannot provide you with the service as we will be unable to meet our legal obligations.
What we use your sensitive personal data for
The legal basis for doing so
For due diligence checks. This may disclose information about criminal offences or convictions or may reveal information on your political opinions.
Your medical information may be used as described previously, to provide quotations for certain products or for highlighting special medical circumstances including visual or hearing impediments.
To observe any laws and regulations that apply to us and to cooperate with regulators and law enforcement.
Using your personal information to communicate with you
We will send you messages by post, telephone, text message, email and other digital methods, including, apps, push notifications (messages that pop up on mobile devices) and through new methods that may become available in the future. These messages may be:
Who might we share your information with?
In order to deliver our services to you effectively we may share your personal data within companies belonging to our Group. This is normal practice within our industry where it is necessary to share information to manage and administer your investments and to administer our business.
We may also share your personal data with third parties such as those that we engage for professional compliance, accountancy, or legal services as well as product and platform providers that we use to arrange financial products for you. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and enter into relevant contractual clauses to make sure that data is adequately protected in line with the law.
Some examples of third parties are as follows:
Who we share your personal data with
Product providers including insurance companies, investment platforms, mortgage lenders and investment managers to provide you with the relevant services.
Pension providers and pension administrators to provide you with pension services.
UK and overseas regulators, law enforcement agencies and other authorities in relation to their duties such as preventing crime (whether directly or through third parties such as credit reference agencies) or those engaged in carrying out social or economic statistical research.
Your advisers including your accountants, lawyers, or other professional service providers, that you have authorised to represent you, or any other person you have told us is authorised to give instructions on your behalf such as your attorney or trustee.
Fraud prevention agencies. We will always inform fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations within the UK or abroad, including law enforcement agencies to use this information to detect and prevent fraud or other crimes. We can provide you with details of the fraud prevention agencies we share information with if you request this information.
Our advisors including our accountants, auditors, lawyers, lenders or other professional service providers, where this is required for the provision of their professional services, by law or regulation.
Electronic identify verification agencies in order to fulfil our obligations in respect of prevention of money-laundering and other financial crime we will send your details to third party agencies for identity verification purposes.
Third-party providers who you (or another party you have authorised to give instructions on your behalf) ask us to share information with. If we share your information with these third parties, we will have no control over how they use it. You, or the person/persons with authority over your dealings with us, will need to agree this directly with the third party.
Sharing personal data of others on your instruction. If you share personal details of others with us (including joint account holders, lawyers, accountants, attorneys and trustees) and you ask us to share their personal data with third parties, you should confirm that they understand the information in this policy about how we will use their personal data. For example, credit reference checks may be carried out for persons who you appoint your attorney or trustees.
Our service providers or agents, including their subcontractors to help us administer and manage our business. Where third parties are involved in processing your personal data, we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.
Our business partners who provide services and other service providers and agents who provide services on our business partners behalf.
Any sellers after we acquire a company as part of the transitional arrangements relating to the acquisition of the business.
Any prospective purchasers of the whole or any part of our business as part of the due diligence process relating to the sale of the business.
Anyone we transfer or delegate (or may transfer or delegate) our rights or obligations to, as allowed under the terms and conditions of any contract you have with us.
Credit reference agencies as described below.
Credit reference agencies and fraud prevention agencies
We use reference agencies and fraud prevention agencies to carry out credit and identity checks on you. For this, we will send your personal data to the credit reference agencies or fraud prevention agencies and they will in return send us information about you. The credit reference agencies may also share your personal data with other organisations, and those organisations may use the information to make decisions about you. This may affect your ability to get credit. We may continue to collect information about you from credit reference agencies after the business relationship we have with you has ended.
We do not give investment information to credit reference agencies. The Credit Reference Agency Information Notice (CRAIN) describes how the three main credit reference agencies in the UK use and share personal data. The CRAIN is available on the credit reference agencies’ websites.
In some circumstances we may share your information, or information about your spouse/partner or other members of your household with credit reference check agencies for the following reasons:
Your information held by credit reference agencies may be linked to people who are associated with you. For example, your spouse/partner or other members of your household. These linked records are called associated records. Enquiries we make to a credit reference agency may be answered from both your own record and any associated records. Another person’s record will be associated with yours when:
An associated record will be considered for all future applications made by either or both of you. The association continues until one of the associated persons files and is successful in a ‘disassociation’ request. You can check for any associations with you by getting your credit record direct from the credit reference agencies.
We, and fraud prevention agencies, may also share your personal data with law enforcement agencies to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or products. Fraud prevention agencies can hold your personal data for different periods of time. We will keep your data for 5 years after the relationship has ended.
International data transfers
Your personal data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.
We have taken appropriate steps to ensure that the personal data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:
How long do we keep hold of your information?
During the course of our relationship with you we will retain personal data which is necessary to provide services to you or for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We are also subject to regulatory requirements to retain your data for specified minimum periods. We will take all reasonable steps to keep your personal data up to date throughout our relationship. Once our relationship with you has ended, we will only keep your personal data for a period of time that is appropriate for the type of personal data, and what we hold it for.
In general, we will not keep your personal data for longer than seven years after our relationship with you has ended or your death, with the exception of occupational pension transfer, opt out and Free Standing Additional Voluntary Contributions (FSAVC) advice which must be retained indefinitely in accordance with the Financial Conduct Authority’s record keeping rules.
In some circumstances you have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
How do we keep your data secure?
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our Group and authorised third parties. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place policies and procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Individuals are provided with legal rights governing the use of their personal data. These rights are known as ‘individual rights’ under the UK GDPR and the Data Protection Act 2018. The following list details these rights:
You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
You have the right to receive a copy of the personal data we hold about you.
You have the right to have any incomplete or inaccurate information we hold about you corrected.
You have the right to ask us to delete your personal data.
You have the right to object to us processing your personal data. If you object to us using your personal data for marketing purposes, we will stop sending you marketing material.
You have the right to restrict our use of your personal data.
You have the right to ask us to transfer your personal data to another party.
You have the right not to be subject to a decision based solely on automated processing which will significantly affect you..
If you have provided your consent for us to process your personal data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
You can exercise your rights at any time. In accordance with the law, we will not charge you for responding to your request unless we consider it to be repetitive, unfounded, or excessive when we may charge an administration fee. Alternatively, we could refuse to comply with your request in these circumstances.
In exercising your rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes. We will notify you of these legal reasons, if applicable, at the time of your request.
You should understand that when exercising your rights, a substantial public or vital interest may take precedent over any request you make. Where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
The flow of data within the financial services sector is complex and we ask you to keep this in mind when exercising your rights of access to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.
If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’.
The methods we use for analysing personal data in relation to our services involves profiling. This means that we use software that can evaluate your personal circumstances and other factors to predict outcomes or risks. We may also use such profiling, or other automated methods, to make decisions about you in relation to the following:
These activities are known as ‘automated decision-making’ and are only allowed if there is a legal reason for this type of decision-making. We may make automated decisions about you in the following situations:
How automated processing makes decisions
Protecting us against criminal or fraudulent activity
We will assess several factors, such as whether you have provided false information in the past or other information about your credit history, to decide whether if you are a fraud or financial-crime risk (for example, if offering services to you may not be in line with financial sanctions).
We may decide that you are a fraud or money laundering risk if the automated processing finds that your behaviour is consistent with money laundering or known fraudulent behaviour or you appear to have deliberately provided false information. If we, or a fraud prevention agency, so decide we may:
Where we make solely automated decisions you have the right:
If at any point you wish to query any action that we take on the basis of this or wish to request ‘human intervention’ to review the action, you have the right to do so. Please contact us to find out more.
We would like to send you information about our products and services and those of other companies in our group which may be of interest to you. When we carry out direct marketing activities, we rely on your consent. If you have agreed to receive marketing information, you may opt out at a later date. We do not pass your details to third parties for their marketing purposes.
You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the group. Please note you may withdraw your consent to the use of your personal data for receipt of marketing communications at any time. If you no longer wish to be contacted for marketing purposes, you can opt out by completing our unsubscribe form: www.ascotlloyd.co.uk/marketingpermissions or by post addressed to: Marketing Preferences, Ascot Lloyd, 45 Church Street, Birmingham, B3 2RT.
This does not include information that we send to you as part of our initial or ongoing service or in relation to a financial product you hold with us, for example a valuation or statement, which we must send you as part of our contractual obligations with you.
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result. For more information see our Cookies Policy.
For further information visit www.allaboutcookies.org.
What can you do if you are unhappy with how your personal data is processed?
Data TeamAscot Lloyd45 Church StreetBirminghamB3 2RT
You also have a right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk):
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Informing us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You can find a previous version of this notice here.
How to contact us and our Data Protection Officer?
Data Team Ascot Lloyd 45 Church Street Birmingham B3 2RT
We have also appointed a Data protection Officer (“DPO”). Our DPO Evalian Limited can be contacted as follows:
West Lodge, Leylands Business Park, Colden Common, Hampshire, SO21 1TH
Please mark your communications FAO the ‘Data Protection Officer’.