Privacy Policy

This is the privacy policy of Coldrey Wealth Management (CWM).

In order to provide our services, we obtain information about your personal and financial situation and may collect the following information:

  • Identity details e.g. your name, date of birth, gender and national insurance number.
  • Personal and professional contact details e.g. your email, phone number, mobile number and address.

When you apply to be a client with us:

  • Employment details.
  • Family details.
  • Information regarding your current health condition.
  • Associated third party information, this includes your spouse, children or beneficiaries of trusts.
  • Financial details, this includes source of wealth, existing investments, tax returns, and bank details.
  • Details concerning your attitude to investment risk.
  • Lifestyle information (such as hobbies and interests).
  • Account activity. This information is generated and collected through the provision of our services to you.
  • Information on your children and dependants: Where a child is named as a beneficiary on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender).

We may be provided with the information listed above by:

  • Your relatives and other mutual contacts
  • Your parent(s) or legal guardian in relation to minors
  • Trustees of a trust you are connected with, and
  • Trust beneficiaries
  • Your registered agent or introducer

We have published this policy so that you understand what we do and why, and in order that, if you wish to challenge us, you have information about your rights.  This policy is not detailed with respect to all aspects of our processing of personal data because so much depends on your needs and individual circumstances.  We have given as much information as we can by way of default, and we supplement this where appropriate in other documentation.

The purposes are as follows:

  • Marketing to you as a prospective client
  • Accepting you as a client
  • Dealing with you as a client
  • Performing our services to clients which involve processing personal data about others associated with them, such as a spouse, parent, guardian, child, other family member, a representative of our client, or a trustee, settlor or beneficiary
  • Operating our business
  • We have included sections dedicated to describing your rights, our contact information generally and how you can make a complaint.


We have a legitimate interest in marketing our services to existing and potential clients.  We believe our services are of interest to a range of client types including but not limited to private individuals, corporate entities, trusts and charities.

Our efforts to attract potential clients bring us directly and indirectly into contact with them to communicate information about our services.  We are not intrusive and always respect the wishes of individuals once we are aware of them.

We use information you have provided us to:

  • Communicate directly with you via telephone, e-mail, and other forms of electronic communication such as email.
  • Send you materials about our business, events and information relating to investments and insurance products.

In addition to any information you have provided us, we may also obtain personal data for marketing purposes from reputable sources, including:

  • Referrals from existing clients
  • Social media such as LinkedIn
  • Relevant data in the public domain e.g. websites
  • Information from external data providers in relation to potential target clients only


Where you ask us to act for you there are preliminary steps we need to take before we enter into a contract with you.  The process of accepting you as a client has two main parts:

  • Compliance by us with legal obligations to know our clients and to prevent money laundering and terrorism financing.
  • Obtaining the information we need from you to act on your behalf and provide our services.
  • Verification documentation: We collect this from you to assist us with verifying your identity and contact details. We need to verify the information you provide to us in order to fulfil our legal obligations, and for this purpose we occasionally use public and privately available electronic information sources (we may use third party credit and identity check agencies for this purpose).


Once you have entered into a contract with us, we are able to act for you and carry out your instructions. However, we are also under legal obligations to:

  • Know our clients and to prevent money laundering and terrorism financing.
  • To monitor changes in our relationship with you and your affairs.

From time to time we must repeat the steps we take when accepting you as a client, and the same considerations apply in relation to the processing of personal data relating to you.

The nature of the information we need to provide our services depends on your instructions.  Our requirements are reflected in the forms we ask you or others to fill in, and in questions we ask in correspondence and e-mail, or when meeting you or others in person or speaking on the telephone.  However, we won’t collect information for which we don’t have a reasonable need to carry out your instructions.

Personal data relating to your health is only collected where it is necessary to fulfil your instructions.  We will ask you to consent to our obtaining of such information and to its processing for that purpose.

Unfortunately, if you don’t consent or we’re not provided with the information we need in full, we won’t be able to fulfil your instructions adequately or at all.


It is in the legitimate interests of our business to process personal data relating to people other than our clients where necessary to provide services to our clients.  In some cases, the processing is also in the interests of the third party.

The nature of the information we need to provide our services depends on your instructions.  Our requirements are reflected in the forms we ask you or others to fill in, and in questions we ask in correspondence and e-mail, or when meeting you or others in person or speaking on the telephone.  However, we won’t collect information for which we don’t have a reasonable need to carry out your instructions.

As above personal data relating to health is only processed where it is necessary to fulfil our client’s instructions.  We will ask you to consent to our obtaining of such information and to processing it for that purpose.


We use a number of systems to hold and process personal data.

We process personal data using the following principal systems and networks:

  • A client relationship management system which is the repository of all information we hold on current, past and potential clients.  This system is provided by a third party and is operated and maintained by CWM staff.
  • We use a web-based portal through which our clients can access and manage information relating to them and their investments and products.  The portal is operated by CWM staff and is hosted on our behalf by a third party.
  • Networks for the transmission of data within and between our site locations.  The communications services which form part of these networks are procured from a third party, and all data transmitted across the networks are transmitted by CWM staff or representatives or third-parties with whom we are dealing during the course of business.
  • Corporate systems for the processing of all other data.

CWM staff and representatives use computer and communications equipment to access these systems, to perform their duties, and in particular workstations, laptop computers, other mobile computing devices and mobile phones.

Personal data is stored on these devices appropriate to the use for the time being.

Additionally, we may use personal data for internal training purposes, corporate governance, management and reporting on a company and group-wide basis.

The legal basis on which we deal with people who are not clients or associated with a client depends on the circumstances. In all cases, we make sure that we have a legitimate reason to do so in connection with our business.

We communicate and deal with a number of people and organisations during the course of our ordinary business, such as regulators, other authorities, suppliers. While doing so, we will obtain and process personal data. We do not use the data for any purpose other than for which it was given to us.

The reasons why we disclose personal information and to whom depends on the services you’ve instructed us to provide and our legal obligations as a provider of financial advisory and investment services. Where we are unsure whether or not you are aware of the disclosure to be made, we will inform you beforehand wherever possible.  However, on occasion we disclose information to:

  • HM Revenue & Customs
  • Custodians of your assets
  • Members of your family, including your spouse, partner or other adult members of your family or dependants, where it has been agreed that our services will include these third parties.
  • Representatives, trustees, settlors or beneficiaries if you are one of our charity or trust clients, and in each case, where it has been agreed that our services will include these third parties.

On rare occasions, we are required by law to report matters to law enforcement agencies for the prevention and detection of crime, including the police, the National Crime Agency. In certain circumstances we are not permitted to inform you that we’ve done so or intend to do so.

To fulfil our commitments to you, we share your information with several third-party organisations who perform certain tasks on our behalf. Information is only shared with these third parties to the extent necessary to enable them to provide the services required on our behalf. These third parties act on our instructions and are processors of your information. These organisations include:

  • Financial crime prevention or credit reference services.
  • Firms such as registrars and custodians that hold your assets
  • Approved providers and administrators of financial products (including pension administration services (e.g. SIPPs), and insurance administration services)
  • Professional advice businesses such as our accountants, lawyers and compliance consultancies.

We also may share your information with third parties you have a direct contractual relationship with or to assist in facilitating your acquisition of a third party’s products and services. In these instances, the third party is likely to also be a controller of your information for their own purposes. We ensure that we have in place strong data sharing protocols with these third parties to govern and guide the sharing of your information in these circumstances.

The security and confidentiality of your information is extremely important to us.

All personal data which is collected and recorded, whether on paper or electronically, has appropriate safeguards applied in line with our legal obligations.

Data is protected by our internal policies and procedures designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees undertake regular training in relation to data protection and are subject to duties of confidentiality which apply to the personal data we obtain and process.

Our Information security controls are aligned to industry standards and good practice. This provides a secure control environment that effectively manages risks to the confidentiality, integrity and availability of information. Additionally, our controls ensure we can restore your data in situations where the data is corrupted or lost in a disaster recovery situation.

Where appropriate, we use encryption or other security measures which we deem appropriate to protect your information. We also review our security procedures periodically to consider appropriate new technology and updated methods. However, despite our reasonable efforts, no security measure can ever be perfect or impenetrable.

If you would like more details or are concerned about any particular issue, please contact our Data Protection Officer via the details below.

Your information is processed in the UK and European Economic Area (EEA).

Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as required by applicable data protection laws.

We have a legitimate interest to keep all records relating to our business for our internal purposes and to deal with queries or complaints which may arise.

As a regulated business we also need to keep records for a minimum period of 5 years or longer if required.

We keep personal data of clients only where and for so long as it is necessary to provide you with our products and services while you are a client and afterwards for so long as necessary to meet our legal or regulatory obligations or, if longer, for in relation to claims which could be made against us. Our standard practice is to keep client information for at least 5 years after you cease to be a client.

We record telephone calls and other electronic communications to monitor our communications, provision of our services and for audit and training purposes. We store call and other communication recordings securely in accordance with our retention policies and applicable laws. Access to those recordings is restricted to those individuals who have a need to access them for the purposes set out in this Privacy Policy.


We may collect and process personal data about you in the following circumstances:

  • When you complete the online contact forms on our website (“Site”) providing us with your name, address, email address and contact number.
  • Whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence.
  • When you visit our site, we will retain details such as traffic data, location data, weblogs and other communication data, and the resources that you access.
  • Whenever you disclose your information to us, or we collect information from you in any other way, through our Site.

We may also collect data in the following ways:

IP Address

We may collect information about your device, including where available your Internet Protocol (IP) address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

Contact us

Please get in touch to find out how we can help
Contact us