Sovereign Financial PlanningSovereign Financial Planning company logo

Privacy Policy

Sovereign Financial Planning Ltd understands its obligations in regard to your fundamental right to a private life and has implemented systems and controls to ensure your rights and freedoms are protected.

Sovereign Financial Planning Ltd undertakes to meet its obligations under the Data Protection Act 2018, the Privacy and Electronic Communications Regulations, the UK General Data Protection Regulation (UK GDPR), and Data Use and Access Act of 2025.

Sovereign Financial Planning Ltd will support customer understanding by ensuring any communication meets the information needs of customers and any person with a vulnerability is not disadvantaged with the use of format, layout, fonts and language used. Text should be easy to read and without jargon.

What personal data do we collect?

Sovereign Financial Planning Ltd will collect the following data, dependent upon the financial service required:

  • Data about a person’s identity such as their name, date of birth and contact details including address, contact telephone numbers, email address. Documents to evidence this will include but not be limited to, passport, driving licence, financial statements, council tax and utility bills.
  • Data concerning income - payslips, bank statements, business accounts, benefits statements.
  • Data relating to - criminal record information, existing pension information, life cover information, investment information, details of assets and liabilities, health information – life policies and long-term care information - annual expenditure and any other existing relevant policy.
  • Data connected to a product or service.
  • Data about your contact with us e.g. meetings, phone calls, emails / letters.
  • Information classified as ‘sensitive’ personal data e.g. relating to your health. This information will only be collected and used where it’s needed to provide a product or service you have requested or to comply with our legal obligations in matters of employment.
  • Information you may provide us about other people e.g. joint applicants or beneficiaries for products.
  • Information on children e.g. where a child is named as a beneficiary on the application for a policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender).

Different variations of data are required for each product so we may not be required to collect all of the data listed above for all products.

How we collect your personal data

You directly provide Sovereign Financial Planning Ltd with the personal data we collect by the following methods: Original physical copy, scanned certified email copy, Version 13 Oct 2025 scanned certified postal copy, telephone conversation, application form for a product or service, meeting with us.

Who will process your personal data?

Access to your personal data is permitted only for those employees who require it to fulfil their responsibilities on your behalf. Your personal data will be initially processed by Sovereign Financial Planning Ltd. Your personal data will be further processed by On-Line Partnership Group Limited on behalf of its subsidiary company The On-Line Partnership Limited who acts as our Principal for regulatory purposes. In the event of incapacity of your adviser, your data will be shared with an authorised On-Line Partnership Group Limited locum adviser in order to carry out the responsibilities within your service agreement. All parties will process your personal data in accordance with this Privacy Notice. All parties are subject to information security training to enforce and communicate best practice when handling information.

What happens if we want to process your personal data for other reasons?

Though there are some legal exceptions, if we wish to process your personal data for any other unrelated purpose than those we have informed you about we will notify you.

What are the consequences if you do not provide your personal data?

Your personal data is essential to enable us to take steps at your request prior to entering into a contract or to perform a contract to which you are a party. Without this information we will not be able to proceed to provide any financial service. Processing will only occur whereby it is necessary to protect the vital interests of our client.

What makes the processing lawful?

The lawful basis for the processing of your personal data as per Article 6(1) of the GDPR is:

  • Consent. You can remove consent at any time by contacting our Data Protection Representative (details below)
  • Necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract
  • For compliance with a legal obligation to which we are subject
  • For the purposes of the legitimate interests pursued by us.
  • For the purpose of recognised legitimate interest.

Keeping your personal data up to date

We will record your information exactly as you provide it. You may ask us to update it at any time and we will action your request promptly and notify relevant third parties of any changes.

What about sensitive personal data?

We will only process sensitive personal data, such as data concerning health, with your explicit and informed consent for specific processing activities. In such cases you will be asked to sign a separate consent form to evidence this and that you understand the purpose(s) of the processing of such data. Your consent may be withdrawn at any time. The processing is in order to:

  • to carry out obligations in respect of FCA requirements
  • To carry out obligations in respect of financial application requirements on your behalf
  • to protect your vital interests e.g. we may pass on information about medical conditions to paramedics if you are unable to give consent due to illness.

Sensitive personal data may include data revealing racial or ethnic origin, data concerning health or data relating to criminal convictions or offences.

We will only process special category data (sensitive data) where we have an Article 9 exception and DPA 2018’s Schedule 1 exemption allowing us to do so.

How will we further use your personal data (our legitimate interests)?

  • To contact you to ensure that our records of your personal information are correct and up to date
  • To respond to questions or complaints you may have about our services
  • To update you with changes in our terms
  • For statistical or research analysis relating to the performance of our business or that of our principal and understanding the changing needs of our clients
  • To review, improve and develop services we offer or handle complaints
  • To evidence company practices, for example to fulfil our legal requirement to provide independent audit undertakings.
  • To evidence the standards and processes carried out conform to the company's ethical standards and expectations
  • For direct marketing activities
  • To protect the business from risks which might be introduced by an individual.

You have the right to object to processing for these purposes and we shall cease unless we can show we have compelling legitimate grounds to continue.

Where legitimate interest is identified as a lawful basis, we will undertake a legitimate interest assessment which is a three-part test covering:

The purpose test – to identify the legitimate interest

Necessity test – to consider if the processing is necessary for the purpose identified

Balancing test – considering the individual’s interests, rights or freedoms and whether these override the legitimate interests identified.

Where processing is based on recognised legitimate interest, we would not conduct a balancing exercise of legitimate interest assessment.

Processing when performing a task carried out in the public interest

We will use your personal data to protect members of the public against dishonesty, money laundering or fraudulent activities. This must necessarily be carried out without your explicit consent to ensure this function is not prejudiced. Part of this processing involves verifying your identity using third parties such as GB Group Plc or Creditsafe Business Solutions Ltd.

What personal data is required?

We only collect data that is necessary to carry out the purposes listed above. This includes data you supply and data we receive from reference agencies. Where practical and lawful we will inform you about any of your personal data we receive from third parties that you may be unaware of.

How secure will your personal data be?

We will ensure that your data is only accessible to authorised people in our firm and will remain confidential at all times. Appropriate security measures are in place to prevent unauthorised access, alteration, disclosure, loss, damage or destruction of your information. If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal information, we’ll make sure they give reassurances regarding appropriate security measures in place and only process your data in the way we’ve authorised them to. These organisations won’t be entitled to use your personal data for their own purposes. If necessary, our security teams will check them to make sure they meet the security requirements we’ve set. Please contact our Data Protection Representative below if you would like further information.

Will we share your personal data with anyone else?

We may share your data with:

  • Appropriate staff such as those who carry out financial or compliance functions.
  • Organisations that need your data because we are required to provide it by law (e.g. The FCA, ombudsman services, HMRC, etc...
  • Organisations that help us process your personal data to establish your personal characteristic. This is necessary if we are to provide you with the best possible advice and service.
  • Organisations that carry out credit references or identity checks such as GB Group Plc or CreditSafe Business Solutions Ltd. These organisations may keep a record of the information and may disclose the fact that a search of its records was made to its other customers for the purposes of assessing the risk of giving credit, to prevent fraud and to trace debtors.
  • Sometimes other authorised firms with specialist advisers, such as pension specialists or paraplanners, who assist us in providing suitable financial advice and services. You will be provided with their details if this applies.
  • Law enforcement agencies, courts or other public authorities if we have to, or are authorised to by law.
  • Product providers we use to provide financial services or for direct marketing (see below).
  • Where we or our Principal go through a business transaction, such as a merger, being acquired by another company or selling a portion of its assets, your data will, in most instances, be part of the assets transferred.

Transferring your personal data outside the UK / European Union

We do not usually transfer any of your personal data outside of the UK or EU except when we need to perform pre-contractual measures (credit and identity checks) or because the checks we request are necessary for important reasons of public interest. Some companies, like Creditsafe Business Solutions Ltd, may transfer data outside of the EU to countries which do not, in the view of the EU Commission, offer an adequate level of protection. In such cases Creditsafe encrypts any data it sends to other agencies and only transfers information necessary to carry out checks. (A list of countries used to perform checks include Germany, Netherland, Belgium, France, Sweden, Norway, Finland, Luxembourg, Switzerland, Liechtenstein, Spain, USA, Estonia, Latvia, Lithuania, Poland, Slovakia, Czech Republic, Hungary, Slovenia, Bosnia, Serbia, Montenegro, Croatia, Macedonia, Kosovo, Albania, Bulgaria, Romania, Ukraine, Austria, Denmark, Moldova, Portugal, Italy, Canada, Brazil, Greenland, China, India, Australia, Russia, South Korea, Taiwan, Mexico, South Africa, New Zealand, Hong Kong, UK.) Furthermore, we will occasionally use third parties for the processing of personal data in third countries. However, we shall put in place appropriate safeguards such as SCC’s and IDTAs in compliance with Article 46 to ensure your data is safe before such transfers.

What about direct marketing?

We will use your personal data now and in the future to carry out direct marketing activities as these are legitimate interests pursued by us. Sometimes this includes, with your consent, sharing data with product providers for their marketing activities. You can choose which method you’d prefer us to use to contact you (by email, telephone, SMS or post) and you have the right to object at any time to the use of your personal data for this purpose and we will cease marketing activity. Just let the person who gave you this form know about your preferences.

Telephone & video call recording

In line with The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 we may record incoming or outgoing telephone and video conversations for the following purposes:

  • Establishing facts and evidence for business transactions.
  • Ensuring compliance with regulatory or self-regulatory practices.
  • Ascertaining and demonstrating that standards are being met.
  • Preventing or detecting crime.
  • Investigating or detecting the unauthorised use of that or any other telecommunication system.
  • Safeguarding the effective operation of the telecommunications system.

How long will we keep your personal datafor?

The Financial Conduct Authority lays down rules relating to how long your personal data should be held for and we will keep your data to meet these requirements. We will not keep your personal data for longer than is necessary.

Requesting a copy of your personal data we hold

You may at any time ask for a copy of the personal data we hold about you – it is your legal right. We will provide you with a copy of any non-exempt personal data within one month unless we ask you for an extension of time. To protect your personal data, we will ask you to verify your identity before we release any data. We may refuse your request if we are unable to confirm your identity. Information will be provided to you in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.

Important rights

You have the right, on grounds relating to your situation, at any time to object to processing which is carried out as part of our legitimate interests or in the performance of a task carried out in the public interest. We will no longer process your personal data unless we can demonstrate there are compelling legitimate grounds which override your rights and freedoms or unless processing is necessary for the establishment, exercise or defence of legal claims. You have the right to object at any time to processing your personal data for marketing activities. In such a case we must stop processing for this purpose.

What are your other legal rights?

In addition to the rights above the additional following rights:

  • Where you have given consent, you have the right to withdraw previous consent to processing your personal data at any time.
  • You have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning your data
  • You have the right to receive data you have provided to us in a structured, commonly used and machine- readable format and in a concise, transparent, intelligible, and easily accessible form, using clear and plain language
  • You have the right to object
  • You have the right to data portability
  • You have the right to lodge a complaint with the regulator (see below).

To exercise any of these rights please contact our Data Protection Representative.

How to contact our data protection representative or make a complaint

Your trust is important to us. That is why you can contact our Data Protection Representative about any data protection, marketing issues or complaint by:

  • Writing to:

The Data Protection Representative
22 The Waterfront
Sovereign Harbour
Eastbourne
East Sussex
BN23 5UZ

How do you make a complaint to the regulator?

By writing to:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Version 13 Oct 2025