Privacy Policy
We take your privacy seriously and are committed to handling your personal information lawfully, fairly and transparently under the UK GDPR and the Data Protection Act 2018.
This privacy notice explains how we collect, use, share, store and protect your personal information – including where we use artificial intelligence (AI) or automated tools.
This privacy notice also explains how you can make a complaint with us about how we handle your personal information.
This privacy notice is intended for clients, prospective clients, website users, connected individuals and others whose personal information we process in connection with our services. Separate privacy information applies to employees, workers, contractors and job applicants.
Trusted Financial Advice is the trading name of Tom French & Associates Limited, a company registered in England and Wales under company registration number 3445703. We are based in Plymouth, Devon and provide financial advice services to individuals, families and businesses.
Tom French & Associates Limited is authorised and regulated by the Financial Conduct Authority. Our Financial Services Register reference number is 185513. Our registered office is Prudence House, Langage Business Park, Plympton, Devon, PL7 5JX.
For data protection purposes, Tom French & Associates Limited trading as Trusted Financial Advice is the data controller for the personal information described in this privacy notice. Our ICO registration reference is Z5443567.
We use your personal information to understand your circumstances, provide suitable advice, arrange products where appropriate, meet our legal and regulatory obligations, keep accurate records and support good customer outcomes.
Please contact us if you have any questions about our privacy policy or personal information, we hold about you.
Via Post
TFA Trusted Financial Advice
Prudence House
Langage Business Park
Plymouth
Devon
PL7 5JX
Via phone 01752 347070
Via email enquiries@tfagroup.co.uk
The information we collect depends on the services you ask us to provide. We collect only the information we need to provide our mortgage, protection and financial advice services, meet our legal and regulatory obligations, prevent fraud and financial crime, support good customer outcomes and maintain accurate records.
We may collect and use personal information including:
- Personal identification information, such as your name, previous names, date of birth, National Insurance number, passport details, driving license details, nationality and marital status.
- Contact information, such as your home address, correspondence address, email address and telephone numbers.
- Financial information, including income, expenditure, assets, liabilities, credit commitments, affordability information, bank account details, tax information, pensions, investments and existing financial arrangements.
- Employment, self-employment and professional information, including occupation, employer details, business information, income evidence and tax status.
- Mortgage and property information, including property details, mortgage requirements, purchase or remortgage information, deposit details and source of funds.
- Insurance and protection information, including existing policies, cover requirements, underwriting information and claims history.
- Identity verification, fraud prevention and anti-money-laundering information.
- Records of our communications with you, including emails, letters, meeting notes, telephone calls, video meetings, instructions and client portal activity.
- Call recordings, where calls are recorded for training, monitoring, compliance, record keeping or quality assurance purposes.
- Website and technical information, such as IP address, device information, browser type, website usage information and cookie preferences.
- Information about children, dependents, beneficiaries or other connected individuals where this is necessary for the advice or service requested.
Where relevant to the advice or service requested, we may also process special category information, such as health information, medical history, disability information, lifestyle information relevant to insurance underwriting, or information about vulnerability or additional support needs. We will only use this information where we have a lawful basis and an additional condition under data protection law, such as your explicit consent, where it is necessary for insurance purposes, or where it is necessary for the establishment, exercise or defense of legal claims.
We may also record information about vulnerability or additional support needs where this is relevant to the service we provide. This may include communication preferences, health or life events, accessibility needs, financial difficulty, bereavement, caring responsibilities or other circumstances that may affect how we support you. We use this information to tailor our communications, make reasonable adjustments, provide appropriate support and help us meet our regulatory obligations, including the FCA Consumer Duty.
We collect personal information directly from you when you contact us, complete forms, attend meetings, use our website, use our secure client portal, provide documents or communicate with us by email, telephone, post or video meeting.
We may also receive information from third parties where this is appropriate and lawful, including mortgage lenders, insurers, product providers, solicitors, accountants, surveyors, estate agents, employers, identity verification providers, fraud prevention agencies and publicly available sources such as the electoral roll, Land Registry and Companies House.
If you provide information about another person, such as a joint applicant, guarantor, attorney, trustee, beneficiary, family member or dependent, you should make sure they are aware that their information has been shared with us and that they can read this privacy notice.
Where we collect information about a child or dependent, we will only do so where it is necessary for the service requested, such as protection, trust, estate planning, beneficiary, family or dependent-related advice. We will use the minimum information needed and will apply appropriate safeguards.
We use your personal information to help us deliver the services you’ve asked for. This may include:
- Understanding your financial situation so we can give you the right advice
- Providing recommendations that meet FCA rules on suitability
- Applying for or arranging financial products on your behalf
- Carrying out identity, fraud and anti money laundering checks
- Keeping accurate and compliant records
- Communicating with you about your services, plans, policies or investments
- Investigating and responding to complaints
We may record or monitor telephone and video calls, emails, system activity, client portal use, website activity and cyber-security logs for training, quality assurance, compliance monitoring, complaint handling, record keeping, security, fraud prevention and to help us evidence instructions or advice. Where recordings or monitoring records are created, they will be handled securely and retained only for as long as necessary for the relevant legal, regulatory or business purpose.
To provide you with our services, we sometimes need to share your personal information with trusted third parties. These may include:
- Financial product providers such as insurers, lenders, investment platforms and pension providers
- Compliance consultants, auditors and professional advisers who help us meet regulatory requirements
- Discretionary investment managers where relevant to your service
- IT service providers and secure cloud platforms that support our systems
- Regulators and authorities such as the FCA, HMRC and the Financial Ombudsman Service and, where appropriate, to support fraud prevention or safeguarding
- Legal advisers, professional indemnity insurers and other professional advisers where needed to handle complaints, regulatory enquiries, legal claims or insurance matters
- Potential business successors, transferees or purchasers where this is necessary in connection with a business sale, transfer, merger, restructuring, acquisition, adviser transfer or succession planning, and only where lawful and appropriate safeguards are in place
Some third parties we share information with, such as lenders, insurers, investment platforms and pension providers, may act as independent data controllers and will process your information under their own privacy notices.
We never sell your personal information to anyone.
To help us verify your identity, prevent fraud and financial crime, and meet our legal and regulatory obligations, we may obtain information from identity verification providers, fraud prevention agencies and public records. This may include electronic identity checks, sanctions screening, politically exposed person checks and ongoing monitoring.
We may use and share this information with lenders, insurers, product providers, fraud prevention agencies, regulators or law enforcement agencies where legally permitted or required. If you do not provide information needed for identity verification or anti-money-laundering checks, we may not be able to provide services to you.
We may use approved AI or automated tools to help us work efficiently and maintain service quality. These tools may be used to support tasks such as drafting or summarising internal documents, organising meeting notes, identifying patterns or inconsistencies in information, supporting compliance monitoring, improving business processes, maintaining cyber security and helping us evidence advice, instructions or customer outcomes.
We do not use AI or automated systems to make decisions about you without meaningful human involvement. Any AI-assisted output that may affect your advice, service, application or client record is reviewed by an appropriate member of staff before it is used or relied on.
We may use limited profiling or categorisation to help us provide appropriate services, identify potential support needs, meet regulatory obligations, monitor customer outcomes, manage risk and send relevant communications where permitted. We do not use profiling to make decisions that have legal or similarly significant effects without meaningful human involvement.
Our lawful basis for using personal information with AI or automated tools will depend on the purpose of the processing. This may include contract, legal obligation or legitimate interests, such as providing services, meeting FCA and data protection obligations, preventing fraud, maintaining accurate records, improving service quality and protecting the security of our systems. Where consent is required, we will ask for it.
Where AI or automated tools are used, we apply appropriate safeguards. We aim to use only the minimum necessary personal information, anonymise or pseudonymise information where possible, use secure and approved systems, restrict access to authorised users, and assess suppliers before using them. We do not knowingly use AI tools that use your personal information to train public models.
If this position changes in a way that materially affects how your personal information is used, we will update this privacy notice.
We aim to use suppliers who process personal information in the UK or in countries recognised as providing an adequate level of data protection. Some technology, cloud, communication or support providers may process information outside the UK. Where personal information is transferred outside the UK, we will take steps to ensure appropriate safeguards are in place, such as UK adequacy regulations, International Data Transfer Agreements, the UK Addendum or other approved transfer mechanisms.
We take appropriate technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration and destruction. These measures may include role-based access controls, secure systems, encryption where appropriate, multi-factor authentication, staff training, cyber-security monitoring, malware protection, backup and disaster recovery arrangements, incident response procedures, supplier due diligence, contractual confidentiality obligations and periodic review of our security controls. We also expect third-party suppliers who process personal information for us to apply appropriate security measures and only process information in line with our instructions or other lawful arrangements.
You have several rights under data protection law. This helps you understand and control how your personal information is used.
- Right to be informed – You can ask us to explain how we collect, use, share, and store your personal information.
- Right of access – You can request a copy of the personal information we hold about you, along with details of how we use it.
- Right to rectification – If you think any of your information is wrong or incomplete, you can ask us to correct or update it.
- Right to erasure – In some situations, you can ask us to delete your personal information.
- Right to restrict processing – You can ask us to limit how we use your information in certain circumstances.
- Right to object – You can object to us using your personal information, for example for direct marketing.
- Right to data portability – You can ask us to send your personal information to you, or directly to another organisation, in a structured, commonly used electronic format.
- Rights related to automated decision making and profiling – If a significant decision about you is ever made without meaningful human involvement, you have the right to request human review, ask for an explanation and challenge the decision.
We will respond to any request you make about your data protection rights within one month.
To make a request, please contact us using the contact details at the top of this privacy notice.
UK data protection law requires us to have a valid legal reason—called a ‘lawful basis’—for collecting and using your personal information. The UK GDPR sets out the different lawful bases.
The lawful basis we rely on may affect which data protection rights apply to you. Below, we’ve listed your rights in brief.
You can read more about your data protection rights, including any exceptions, on the ICO’s website: For the public | ICO
For the financial planning, financial advice, mortgage advice and investment management services we provide, we rely on the following lawful bases:
Contractual obligations
This is the main reason we use your personal information. We need certain details from you so we can deliver the services we’ve agreed to provide.
Legal obligations
Sometimes the law requires us to collect and use specific information. For example, UK anti money laundering laws require us to verify your identity.
Consent
In some situations, we may need your explicit consent to use special category information (listed below). We will always explain why we need this information and ask for your clear agreement before using it.
Special category information (used only when relevant and only with your explicit consent):
- Health information (e.g. for insurance advice)
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic information
- Biometric information used for identification (e.g. access or payment systems)
- Sex life information
- Sexual orientation information
We also ask for your consent if you would like to receive updates about products or services that may interest you.
If we rely on your consent, you can withdraw it at any time.
Legitimate interests
We may keep certain personal information because we have a legitimate business reason to do so, for example, to check the suitability of our services, respond to any complaints in the future, or to meet the requirements of our Professional Indemnity insurer.
Recognised legitimate interest
In limited cases, we may rely on recognised legitimate interests for specific public interest purposes, such as fraud prevention or safeguarding. This is narrowly defined and unlikely to apply to most of our routine services, but where used, we will ensure the processing is necessary and appropriate.
We keep the personal information we need to provide our services to you, and we take reasonable steps to make sure it stays accurate and up to date. Some information must be kept minimum periods set by our regulator, the Financial Conduct Authority (FCA):
- Investment business – 5 years
- Mortgage business – 3 years
- Pension transfers and opt outs – kept indefinitely
- Insurance business – 3 years
We also have to keep certain records to meet UK anti money laundering requirements. These include identity verification documents and other information used to confirm your identity.
- We will keep this information for at least 5 years after our relationship with you ends.
- Some records relating to transactions may be kept for longer where this is necessary to meet legal, regulatory or business requirements.
Because these are legal and regulatory requirements, we cannot delete your information before these minimum time periods have passed.
We may keep your personal information for longer if we have a legitimate business reason to do so, but we will not keep personal information for longer than necessary and will assess appropriate retention periods based on the purpose for which the information is held.
We may also retain personal information for longer where this is necessary to establish, exercise or defend legal claims, respond to complaints, deal with regulatory enquiries, support professional indemnity insurance arrangements, protect our legal rights, or support lawful business continuity, succession planning or transfer activity.
You can ask us to delete your personal information. We will do so unless we are required to keep it for legal or legitimate business reasons.
We regularly review the information we hold to ensure it is not kept for longer than necessary.
If you would like more information about how long we keep your personal information or how we decide this, please contact us.
We may need to collect personal information about your close family members and dependents to provide our service(s) effectively. If this is the case, you are responsible for ensuring you have their consent to share this information with us.
If you act as a trustee or attorney, we may also need information about the relevant beneficiaries or donor(s).
We will give them a copy of this privacy notice or ask you to pass it on if that’s more appropriate.
We use cookies and similar technologies to help our website work properly, understand how visitors use our website, create reports, improve our site and remember cookie preferences where applicable.
Some cookies may be necessary for the website to function. Other cookies, such as analytics cookies, may require your consent. Where consent is required, you can choose whether to accept or reject those cookies.
Where we use analytics tools, such as Google Analytics or similar services, these may collect information about how visitors use our website, such as pages viewed, time spent on the site, browser or device information and general usage patterns. Where consent is required for analytics cookies, we will ask for it before using them.
You can also control or delete cookies through your browser settings at any time. Please note that if you choose to block some cookies, parts of our website may not work as expected.
We will only send marketing communications where we are allowed to do so under data protection and electronic communications rules.
We may contact you with information about our products and services, or those from other companies in our group, where we think this may be relevant to you and where we are permitted to do so.
Where we rely on your consent for marketing, you can withdraw that consent at any time. You can also ask us to stop sending marketing communications by contacting us using the details at the top of this privacy notice.
We will not sell your personal information to third parties for marketing purposes.
Our website may include links to other sites.
Please remember that this privacy notice only covers our website, so we recommend checking the privacy policies of any other sites you visit.
If you have any concerns about how we use your personal information, you have the right to raise a data protection complaint with us using the contact details at the top of this privacy notice. You do not need to follow a specific process or use particular wording.
You can raise a complaint through any of our usual contact channels, including email, telephone or post. We will:
- Acknowledge your complaint promptly and at least within 30 days of receiving it
- Investigate and respond without undue delay
- Keep you informed where appropriate
Further details of our complaints process are available on request.
If you are not satisfied with our response, you have the right to escalate your complaint to the Information Commissioner’s Office (ICO).
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
We review this privacy notice at least annually and sooner where there are material changes to law, regulation, our services, systems, suppliers or business operations.
This privacy notice was last updated on 24 June 2026.
