Privacy Policy
Financial Fortress Ltd Privacy Policy
Last updated: 11 February 2026
1. Introduction
Financial Fortress Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, store, share and protect personal data in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
This policy applies to:
- Visitors to our website
- Enquiries and prospective clients
- Existing and former clients
- Professional contacts and introducers
2. Who We Are (Data Controller)
Financial Fortress Ltd is an independent financial adviser firm authorised and regulated by the Financial Conduct Authority (FCA).
- Legal Name: Financial Fortress Ltd
- Trading Name: Financial Fortress
- Registered Address: Investment House, Bold Square, Chester, CH1 3LZ
- Company Registration Number: 09180267
- FCA Reference Number: 753489
- ICO Registration Number: ZA243478
- Telephone: 01244 319962
We are the Data Controller for the personal data we process.
3. How to Contact Us About Data Protection
If you have questions about this policy or wish to exercise your data protection rights, please contact:
- Email: marketing@financialfortress.co.uk
- Post: Investment House, Bold Square, Chester, CH1 3LZ
- Telephone: 01244 319962
4. The Personal Data We Collect
We collect and process personal data relevant to the services we provide.
Identity Data
- Full name
- Date of birth
- National Insurance number
- Passport or driving licence details
- Other identification documents
Contact Data
- Residential address
- Email address
- Telephone numbers
Financial Data
- Income and expenditure
- Assets and liabilities
- Pension values
- Investments
- Mortgage information
- Bank account details
Employment & Business Data
- Employer
- Job title
- Salary
- Business interests
Technical Data
- IP address
- Browser type and version
- Device information
- Website usage data
Marketing Data
- Communication preferences
- Newsletter subscriptions
- Event registrations
Special Category Data (where necessary)
- Particularly for protection or insurance advice:
- Health information
- Medical disclosures
We only collect personal data that is necessary for the purposes described in this policy.
5. How We Collect Your Data
We collect personal data through:
- Website enquiry forms
- Telephone, email and in-person communications
- Client onboarding and fact-find forms
- Financial planning meetings
- Mortgage and insurance applications
- Identity verification and AML processes
- Website cookies and analytics tools
- Third-party providers (e.g. product providers, compliance firms)
- Publicly available sources (e.g. Companies House)
6. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis to process your personal data.
Contractual Necessity
We process data where necessary to:
- Provide financial advice
- Arrange pensions, investments, mortgages and insurance
- Conduct suitability assessments
- Manage ongoing client relationships[i]
Legal Obligation
We process data to comply with regulatory and legal requirements, including:
- FCA rules and record-keeping
- Anti-money laundering regulations
- Fraud prevention
- Tax reporting obligations
Legitimate Interests
We process data where necessary for our legitimate interests, provided your rights do not override these interests. These include:
- Business administration
- Service improvement
- IT security
- Fraud prevention
- Responding to enquiries
- Managing professional relationships
Consent
We rely on consent for:
- Marketing communications (where required under PECR)
- Non-essential cookies
- Processing special category health data (where explicit consent is required)
- You may withdraw consent at any time.
Legal Claims
We may process data where necessary to establish, exercise or defend legal claims.
7. Special Category Data
Where protection or insurance advice is provided, we may process health information.
This is processed under:
- Explicit consent
- Legal claims
- Regulatory requirements
We implement enhanced security measures to protect special category data.
8. How We Use Your Personal Data
We use personal data to:
- Provide regulated financial advice
- Arrange financial products
- Conduct suitability and affordability assessments
- Perform anti-money laundering and identity checks
- Communicate with product providers
- Maintain client records
- Manage billing and payments
- Improve our services
- Send marketing communications (where permitted)
We do not sell personal data.
9. Data Sharing & Third Parties
We may share personal data with:
- Pension providers
- Investment platforms
- Mortgage lenders
- Insurance companies
- Compliance consultants
- IT service providers
- CRM and cloud storage providers
- Identity verification providers
- Professional advisers (legal/accounting)
- Regulators including the FCA
- Marketing platforms (e.g. MailerLite)
- Technology providers (e.g. Google Workspace, Microsoft 365)
- Some third parties act as data processors on our behalf under written agreements compliant with Article 28 UK GDPR. Others act as independent data controllers (e.g. product providers).
10. International Data Transfers
Some of our service providers may process data outside the UK.
Where this occurs, we ensure appropriate safeguards are in place, such as:
- UK adequacy regulations
- UK International Data Transfer Agreements (IDTA)
- Standard contractual clauses
- Google Workspace and Google Analytics
- Microsoft 365
11. Data Retention
We retain personal data only as long as necessary to fulfil the purposes for which it was collected and to comply with regulatory requirements.
Financial Fortress retention periods:
- Client advice records: minimum 6 years
- Pension transfer advice: potentially indefinite
- Mortgage records: minimum 6 years
- AML documentation: 5 years after end of relationship
- Marketing records: until consent withdrawn
- Website enquiries: up to 24 months unless converted to client
Retention periods may be extended where required for legal or regulatory reasons.
12. Data Security
We implement appropriate technical and organisational measures, including:
- Secure client management systems
- Encryption in transit and at rest
- Access controls and authentication procedures
- Staff data protection training
- Secure document storage
- Regular IT security monitoring
- Incident response procedures
13. Cookies & Website Tracking
Our website uses cookies including:
- Strictly necessary cookies
- Analytics cookies (e.g. Google Analytics)
- Marketing cookies (where applicable)
- Non-essential cookies are only placed with your consent.
You may manage your cookie preferences via our cookie consent banner or browser settings.
14. Automated Decision-Making & Profiling
We do not make decisions based solely on automated processing that produce legal or similarly significant effects.
However, we may use risk profiling tools as part of our advisory process. These are always reviewed by a qualified adviser.
15. Your Rights Under UK GDPR
You have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request erasure (where applicable)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
- Object to direct marketing
- Challenge automated decision-making
Requests should be made in writing to the contact details above.
We will respond within one month, subject to statutory provisions.
We may request proof of identity before fulfilling a request.
16. Complaints
If you are dissatisfied with how we handle your data, please contact us first.
You also have the right to complain to:
Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, WIlmslow, Cheshire, SK9 5AF
Website: www.ico.org.uk
Telephone: 0303 123 1113
17. Links to Other Websites
Our website may contain links to third-party websites. We are not responsible for their privacy practices.
18. Changes to This Policy
We may update this policy from time to time. The latest version will always be available on our website.