Privacy Policy | Allonby + Partners

Privacy notice for Allonby + Partners

We take your privacy seriously and are committed to handling your personal information lawfully, fairly and transparently under the UK GDPR and the Data Protection Act 2018.

This privacy notice explains how we collect, use, share, store and protect your personal information – including where we use artificial intelligence (AI) or automated tools.

Contact details

Please contact us if you have any questions about our privacy policy or personal information, we hold about you.

Via post

14 Buckingham Street

London

United Kingdom

WC2N 6DF

Via phone

07572 974 041

Via email

info@allonbyandpartners.co.uk

What personal information we collect

We will collect or use your personal information when you engage us for financial advice services.

This information may include:

Personal identifiers – details that help us to confirm who you are, such as:

Your name, date of birth, address, contact details
National insurance number
Identification documents (passport, driving licence)

Financial and professional information – Information that helps us understand your financial position including:

Your income and regular spending
Details of your assets, liabilities, pensions & investments
Tax information
Bank account details
Employment information
We may also need to use special category information, but only, where relevant and with your explicit consent. This could include:
- Health information (for example, when providing insurance advice)
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic information
- Biometric information (where used to identify someone, such as for access or payment purposes)
- Sex life information
- Sexual orientation information

Communications – to keep accurate records and meet regulatory requirements we may record:

Emails, notes of telephone calls, meeting notes
Records required to meet the FCA’s requirements

How we collect your personal information

We collect personal information from:

Information you provide directly to us, such as when you complete enquiry forms, fact finds, client agreements or other documentation, contact us by phone, email or in person, or use our services.
Information received from third parties acting on your behalf, such as accountants, solicitors, employers, trustees, attorneys or other professional advisers.
Information obtained from financial institutions and product providers, including pension providers, investment platforms, insurers and banks.
Information collected as part of identity verification, anti-money laundering and regulatory checks.
Information generated through our ongoing relationship with you, including meeting notes, correspondence and records of transactions or recommendations.
Information collected through our website or digital systems, including where you submit enquiries or interact with online services.
Publicly available information and electronic verification sources where permitted by law.

How we use your personal information

We use your personal information to help us deliver the services you’ve asked for. This may include:

Understanding your financial situation so we can give you the right advice
Providing recommendations that meet FCA rules on suitability
Applying for or arranging financial products on your behalf
Carrying out identity, fraud and anti-money-laundering checks
Keeping accurate and compliant records
Communicating with you about your services, plans, policies or investments

Who we share your personal information with

To provide you with our services, we sometimes need to share your personal information with trusted third parties. These may include:

Financial product providers such as insurers, investment platforms and pension providers
Compliance consultants, auditors and professional advisers who help us meet regulatory requirements
Discretionary investment managers where relevant to your service
IT service providers and secure cloud platforms that support our systems
Regulators and authorities such as the FCA, HMRC and the Financial Ombudsman Service
International transfers - Some of our suppliers or service providers may process personal information outside the UK or EEA. Where this happens, we ensure appropriate safeguards are in place in accordance with UK data protection law.
Credit reference agencies, but only when necessary

We never sell your personal information to anyone.

Using artificial intelligence (AI) / automated tools to process your personal information

We may use AI tools to help us review information more efficiently and provide you with faster, more accurate services. AI tools are not used to make decisions about you without meaningful human involvement.

When we do:

Purpose of AI use

AI tools may be used to:

Draft or summarise internal documents (e.g., meeting notes and suitability reports)
Identify patterns or errors in data
Enhance compliance monitoring
Support risk assessments or vulnerability detection (non-decision-making)

We do not use any systems for making automated decisions. Relevant AI-assisted outputs are subject to appropriate human review and oversight before being relied upon.

Purpose and lawful basis for processing

The purpose of processing your personal information using AI is to assist with administrative and advisory functions, including document drafting, report preparation, summarisation, data analysis, meeting note generation, quality checking and improving the efficiency and consistency of our client services. AI tools are used to support, and not replace, human review and professional judgement.

Our lawful basis / bases for using AI to process your personal information are:

The performance of a contract, where processing is necessary to provide financial advice and related services requested by you;
Compliance with legal and regulatory obligations to which we are subject; and
Our legitimate interests in operating and improving our business efficiently, provided these interests are not overridden by your rights and interests.

Where special category personal data is processed, we will also rely on an appropriate additional condition under UK data protection law where required.

Human review

Any AI assisted output is reviewed by a human adviser before being used or relied on.

Data sharing and storage

Where AI tools are used, we will:

Limit the personal information processed to what is reasonably necessary for the relevant task;
Anonymise or pseudonymise personal information where reasonably practicable before it is processed using AI-assisted tools;
Use secure systems and suppliers that maintain appropriate technical and organisational security measures;
Maintain appropriate contractual and data protection arrangements with relevant suppliers;
Undertake proportionate due diligence on suppliers’ data protection, confidentiality and information security standards;
Implement appropriate safeguards where personal information is transferred outside the UK or EEA in accordance with applicable data protection laws; and
Ensure that AI-assisted outputs are subject to appropriate human review and oversight where relevant.

We take reasonable steps to ensure that personal information is not used to train public or shared AI models without appropriate contractual protections in place.

Your data protection rights

You have several rights under data protection law. This helps you understand and control how your personal information is used.

Right to be informed - You can ask us to explain how we collect, use, share, and store your personal information.
Right of access - You can request a copy of the personal information we hold about you, along with details of how we use it.
Right to rectification - If you think any of your information is wrong or incomplete, you can ask us to correct or update it.
Right to erasure - In some situations, you can ask us to delete your personal information.
Right to restrict processing - You can ask us to limit how we use your information in certain circumstances.
Right to object - You can object to us using your personal information, for example for direct marketing.
Right to data portability - You can ask us to send your personal information to you, or directly to another organisation, in a structured, commonly used electronic format.
Rights related to automated decision-making and profiling - If a decision about you is made without human involvement, you can challenge it and ask for someone to review it.

We will respond to any request you make about your data protection rights within one month.

If you are unhappy with how we use your personal information, you have the right to complain to the Information Commissioner’s Office (ICO). Further information is available at www.ico.org.uk.

To make a request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for processing your personal information

UK data protection law requires us to have a valid legal reason—called a ‘lawful basis’—for collecting and using your personal information. The UK GDPR sets out the different lawful bases.

The lawful basis we rely on may affect which data protection rights apply to you. Below, we’ve listed your rights in brief.

You can read more about your data protection rights, including any exceptions, on the ICO’s website: For the public | ICO

We must have a valid legal reason (a ‘lawful basis’) for collecting and using your personal information. For the financial planning, financial advice and investment management services we provide, we rely on the following lawful bases:

Contractual obligations

This is the main reason we use your personal information. We need certain details from you so we can deliver the services we’ve agreed to provide.

Legal obligations

Sometimes the law requires us to collect and use specific information. For example, UK anti-money-laundering laws require us to verify your identity.

Consent

In some situations, we may need your explicit consent to use special category information (listed below). We will always explain why we need this information and ask for your clear agreement before using it.

Special category information (used only when relevant and only with your explicit consent):

Health information (e.g. for insurance advice)
Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic information
Biometric information used for identification (e.g. access or payment systems)
Sex life information
Sexual orientation information

We also ask for your consent if you would like to receive updates about products or services that may interest you.

If we rely on your consent, you can withdraw it at any time.

Legitimate interests

We may keep certain personal information because we have a legitimate business reason to do so, for example, to check the suitability of our services, respond to any complaints in the future, or to meet the requirements of our Professional Indemnity insurer.

How long we keep your personal information

We keep the personal information we need to provide our services to you, and we take reasonable steps to make sure it stays accurate and up to date. Some information must be kept minimum periods set by our regulator, the Financial Conduct Authority (FCA):

Investment business - 5 years
Mortgage business - 3 years
Pension transfers and opt-outs - kept indefinitely
Insurance business - 3 years

We also have to keep Identity-verification documents (required under UK anti-money-laundering rules) for:

At least 5 years after our relationship with you ends
Up to 10 years if we still have an ongoing relationship

Because these are legal requirements, we cannot delete your information before these time periods have passed.

We may keep your personal information for longer if we have a legitimate business reason to do so; however, we will generally not keep it for longer than 7 years after our relationship with you ends, unless we are required to retain it for longer to comply with legal, regulatory or professional obligations.

You can ask us to delete your personal information. We will do so unless we are required to keep it for legal or legitimate business reasons.

If you would like more information about how long we keep your personal information or how we decide this, please contact us.

Information about connected individuals

We may need to collect personal information about your close family members and dependents to provide our service(s) effectively. If this is the case, you are responsible for ensuring you have their consent to share this information with us.

If you act as a trustee or attorney, we may also need information about the relevant beneficiaries or donor(s).

Using cookies

We use cookies and similar technologies on our website to help it function effectively, improve user experience and understand how visitors use our website.

These may include:

Essential cookies required for the operation of the website;
Analytics cookies used to understand website usage and improve performance; and
Functional cookies used to remember preferences and settings.

Where required by law, we will ask for your consent before placing non-essential cookies on your device.

You can control or disable cookies through your browser settings at any time. However, please note that some parts of the website may not function properly if cookies are disabled.

Further information about cookies can be found at: http://www.allaboutcookies.org/

Other websites

Our website may include links to other sites.

Please remember that this privacy notice only covers our website, so we recommend checking the privacy policies of any other sites you visit.

Last updated

This privacy notice was last updated on 13/05/2026.

Privacy notice for Allonby + Partners​