The Legal Stuff

Privacy Policy

March 6 '26

In Summary

We collect and use Personal Data so we can: (1) deliver the products and services you request; (2) meet our legal and regulatory responsibilities; (3) understand how our website and services are used; and (4) send marketing communications where permitted. We take confidentiality, integrity and availability of your data seriously and apply appropriate technical and organisational measures to keep it secure.

DATA AND HOW WE USE IT

Your personal data includes things such as your name, your address and when we’ve been in touch. We use data like this to help us deliver our services, to let people know about any changes to our services and other purposes set out in the ‘in detail’ section below.

If you engage with the Cooper Parry Wealth’s ‘BiggerPicture’ financial planning process, we will collect your personal financial information, such as bank account details, assets, and other relevant personal and financial circumstances.

OUR RESPONSIBILITIES

As a professional services business, we have to keep your data for lots of lawful reasons too. We’ll usually keep your Personal Data for up to six years after we’ve stopped working with you.
We might supply your data to other people we work with too, but we only give them what they need, and only then with strict confidentiality agreements in place.

YOUR RIGHTS

You have lots of rights when it comes to your data. You can see what data we have about you at any time. In some circumstances, you can withdraw your consent for us to keep it too. And of course, you can ask us a question about it at any time.

You can do this by sending an email to our Risk and Compliance Partner, Simon Atkins, at simona@cooperparry.com.

More information about your rights is set out in the ‘In detail’ section below.

Who We Are and Scope

This Privacy Notice applies to Cooper Parry Group Holdings Limited and the other companies in our group, including Cooper Parry Wealth Limited (together, ‘Cooper Parry’, ‘we’, ‘us’ or ‘our’). We act as the Data Controller when we collect and process Personal Data described in this Notice. This website is not intended for children.

Group Companies (Data Controllers)

3RP Ltd, Astute Finance & Lifestyle Planning, Astute Financial & Lifestyle Planning Ltd, Camdown Consulting Limited, Chamberlyns Group Limited, Chamberlyns Limited, Chamberlyns (Leicestershire) Limited, Cloud Orca Limited, Cooper Parry Advisory Limited, Cooper Parry Audit Holdings Limited, Cooper Parry Audit LLP, Cooper Parry Digital Limited, Cooper Parry Group Holdings Limited, Cooper Parry Group Limited, Cooper Parry Holdings Limited, Cooper Parry Law LLP, Cooper Parry Trustees Limited, Cooper Parry Wealth (TW) Limited, Cooper Parry Wealth Limited, Fellwood Advisory Ltd, Future Perfect Financial Planning (UK) Limited, Future Perfect Solutions (UK) Limited, Future Perfect Solutions Limited, Horizon Accounts Limited, Hutcheon Mearns Limited, Kinaroo Ltd, LCF Associates Ltd, Liberty CF Limited, Liberty CF International Ltd, Lonsdale Financial Consulting Limited, MacroFin International Ltd, MacroFin Limited, Snapshot Software Limited, Chamberlyns (Leicestershire) Ltd

This website is not intended for children.

Depending on the service, the relevant company above will be your Data Controller. We may also provide supplementary privacy notices for specific services or engagements.

It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements any other notices and privacy policies and is not intended to override them.

We collect and process your Personal Data, we are the Data Controller and are responsible for your Personal Data.

We’ll only use your Personal Data for the purposes set out in this Privacy Notice, which includes:

  1. To deliver the products and services you’ve requested from us,
  2. To meet our legal responsibilities,
  3. To understand how you are using our website, and
  4. To send marketing communications to you.

Personal Data We Collect

Personal Data means any information about an individual from which that person can be identified (excluding anonymised data). We may collect, use, store and transfer the following types of information:

  • Identity data – name, username, title, date of birth, gender, marital status, job title, national insurance number or similar identifiers.
  • Contact data – postal address, email address, telephone numbers.
  • Financial data – personal financial information, such as bank account details, assets, and other relevant personal and financial circumstances
  • Technical data – IP address, device identifiers or provider, operating system and platform, browser type and version and other technology used to access our website.
  • Transaction data – details about payments to and from you and other details of services purchased from us.
  • Profile data – purchases or orders, interests, preferences, feedback and survey responses.
  • Usage data – details of how you use our website and any services you receive from us.
  • Communications data – our correspondence and communications with you (including information about any complaints and questions).
  • Marketing data – information from research, surveys and marketing activities, and your preferences for receiving marketing from us and our third parties.
  • Special category data – details about your health, race or ethnicity, religion, sexual orientation, and genetic and biometric data (handled with extra care and appropriate safeguards).
  • Enrichment data and information from other sources – publicly available information, information provided by your employer or our clients, credit reference agencies, and Companies House.

If you fail to provide Personal Data where we are obliged to collect Personal Data by law, or under the terms of the contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

How We Collect Your Personal Data

  • Direct interactions – when you request a proposal or engage us to provide services; create an account; or contact us via forms, email, phone, post, social media or live chat.
  • Automated technologies – when you visit our website, we may collect technical and usage data and use cookies/consent tools (see Cookies section).
  • Third parties and publicly available sources – for example your employer, product providers, identity verification agencies and Companies House.

How We Use Your Personal Data and Our Lawful Bases

We will only use your Personal Data when the law allows us to. Most commonly we rely on: performance of a contract; compliance with a legal obligation; our legitimate interests (balanced against your interests, rights and freedoms); and consent (which you can withdraw at any time). Where we process special category data, we will do so in accordance with law and with suitable safeguards, typically on the basis of your explicit consent (Article 9(2)(a) UK GDPR).

PurposeType of Personal DataLawful basis
Onboard you as a new clientIdentity; Contact; FinancialPerformance of a contract; Legal obligation
Deliver our services and manage our relationship (incl. changes to terms/services and understanding your needs)Identity; Contact; Financial; Transaction; Special category data (where relevant)Performance of a contract; Legitimate interests (to recover fees); Legal obligation; Explicit consent (for special category data)
Set you up with an account on our websiteIdentity, ContactPerformance of a contract
Administer and protect our business and websiteIdentity; Contact; TechnicalLegitimate interests (running our business, preventing fraud, reorganisation); Legal obligation
Deliver relevant website content/ads and measure effectivenessIdentity; Contact; Profile; Technical; Usage; Communications; MarketingLegitimate interests (develop our services and website, inform marketing)
Use analytics to improve our website, services, marketing and relationshipsTechnical; Usage; Publicly available enrichment dataLegitimate interests (keep our website relevant and inform marketing)
Manage recruitment and assess suitability for employmentIdentity; ContactPerformance of a contract; Legal obligation; Legitimate interests; Consent
Direct marketing and recommendationsIdentity; Contact; Technical; Usage; Profile; Communications; Marketing; Public enrichmentLegitimate interests (grow our business) or Consent
Manage our recruitment process and assess an applicants suitability for employment with usIdentity, ContactPerformance of contract, Comply with legal obligations, Legitimate interest (to consider our application to join us), Consent

How Long We Keep Your Personal Data

We retain Personal Data only for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Typically, we keep Personal Data for at least six years after we stop acting for you (often measured from the end of the relevant accounting period). For some services (e.g., certain pension transfer matters or insolvency-related records), we may be required to keep data for longer, and in some cases indefinitely. If you would like details about retention for a specific service, please contact us.

Change of Purpose

If we need to use your Personal Data for a purpose other than that for which it was collected, we will only do so where the new purpose is compatible with the original purpose or where we have a lawful basis to do so. We will inform you and remind you of your rights before any new processing begins.

Who Has Access to Your Personal Data

We may share Personal Data with: (i) other companies in our group; (ii) service providers acting as processors (e.g., IT, cloud and identity verification services, and product providers assisting with our recommendations); (iii) HM Revenue & Customs, regulators and other authorities; and (iv) third parties to whom we may sell, transfer or merge parts of our business or assets. New owners may use your data in the same way as set out in this Notice. We do not sell or rent your Personal Data. Access is limited to those who need to know and who are subject to confidentiality obligations.

Let’s be clear – we won’t sell or rent your personal information to third parties.

Any of our people with access to your information have a duty of confidentiality under the ethical standards that we are held to by the Financial Conduct Authority, which we’re all required to follow. We will require any of our people with access to your information to respect the security of your personal data and treat it in accordance with the law.

Third Party Service Providers Working on Our Behalf

In some cases, we use other people or business (we call them “Third Party Service Providers”) to deliver professional advice and cloud-based information storage facilities.

Third Party Service Providers includes other third parties that provide us with services such as IT and cloud services, third party agencies for identity verification purposes or product providers to help us with any recommendation.

Whenever we use Third Party Service Providers, we disclose only the personal information that’s necessary to deliver the service. We also have a contract in place that requires them to keep your information secure and not to use it for their own purposes.

All of our Third Party Service Providers are required to put in place appropriate security measures to protect your personal data.

We’ll not release your information to other third parties unless:

  • you’ve requested that we do so
  • we choose to sell, transfer or merge parts of our business or assets
  • we’re required to do so by law (for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption).

Security

We implement technical and organisational measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access is limited to personnel and third parties with a business need to know, who act on our instructions and are subject to confidentiality. We have procedures to deal with suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.

International Transfers

Although we usually process Personal Data in the UK, some of our service providers are based outside the UK. Where data is transferred outside the UK (including to the EEA and, in some cases, other countries), we ensure an adequate level of protection and implement appropriate safeguards in line with applicable data protection laws. Contact us if you would like details of the specific transfer mechanisms used.

Your Duty to Inform Us of Changes

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes.

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data, including to:

  • request access to your personal data – you can ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully. This is more commonly known as a ‘data subject access request’
  • request correction of your personal data – you can ask us to correct any inaccurate personal data that we hold about you and complete any incomplete personal data that we hold on you
  • request erasure of your personal data – you can ask us to delete or remove your personal data where there is no good reason for us to continue processing it. This one’s a little tricky! If, for some reason, we still hold your personal data, but without good reason, at your request we’ll delete it. To be honest, this is a pretty unusual scenario, because we’re pretty hot on getting rid of data we’re not obliged to hold! We may not always be able to comply with your request for erasure for specific legal reasons, in which case, we will notify you of such reasons at the time of your request
  • object to us processing your personal data – this applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data
  • ask for the restriction of the processing of your personal data – this means you can ask us to suspend the processing of personal data about you where you want us to establish the accuracy of the personal data; where our use of the personal data is unlawful but you do not want us to erase it; where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise of defend legal claims ; or where you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use such personal data.
  • ask for the transfer of your personal data to you or another data controller – if the processing is based on consent, carried out by automated means and this is technically possible
  • withdraw consent for processing – we’ve got a special section on this below

If you wish to exercise any of these rights, please get in touch with us. Our contact details are below.

We try to respond to all legitimate requests within one month but if we are unable to, we will notify you of this and keep you updated.

At this point it’s worth mentioning you usually won’t have to pay a fee to exercise any of these rights, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive and whilst it’s not like us, we might even decline to comply with the request in such circumstances. It’s also possible that we may not be able to comply with the request for compliance reasons.

As a final note, if you choose to exercise any of these rights, without exception we will ask you to confirm your identity, which means we might need to request specific information from you. This is to make sure your personal information isn’t disclosed to anyone who has no right to receive it.

Your right to withdraw consent

Where you have previously provided consent to our processing your data, you have the right to withdraw your consent at any time. To withdraw your consent, please get in touch using the contact details below.

Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to. That’s unless we have another lawful basis for doing so.

Cookies and Consent Management

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

  • Your consent status or the withdrawal of consent
  • Your anonymised IP address
  • Information about your Browser
  • Information about your Device
  • The date and time you have visited our website
  • The webpage url where you saved or updated your consent preferences
  • The approximate location of the user that saved their consent preference
  • A universally unique identifier (UUID) of the website visitor that clicked the cookie banner

If You Fail to Provide Personal Data

Where we need to collect Personal Data by law, or under a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract (for example, to provide services to you) and may have to cancel a product or service. We will notify you if this is the case at the time.

Contact Details and Complaints

If you have any questions about this Notice or how we process your Personal Data, please contact our Risk & Compliance Partner, Simon Atkins (simona@cooperparry.com). For matters specifically relating to Cooper Parry Wealth, you can also contact our Risk & Compliance Manager, Abi Thomas (abit@cooperparry.com). You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (https://ico.org.uk/concerns, tel: 0303 123 1113; post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF).

Changes to This Privacy Notice

We keep this Notice under regular review and will post updates on our website. Paper copies are available on request.