top of page

Privacy notice

1. Purpose

 

This privacy notice explains how Anchor Advisory collects, uses, shares and protects your personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

​

2. Data controller

​

Anchor Advisory is registered with the Information Commissioner’s Office (ICO) as a data controller for the personal information we collect. This means we determine the purpose and means of processing your personal data.

​

3. What information we collect, use, and why

​

​We collect or use the following information to provide and improve products and services for clients:

​

  • Names, addresses and contact details

  • Financial data (including income and expenditure)

  • Transaction data (including details about payments to and from you and details of products and services you have purchased)

  • Information relating to compliments or complaints

  • Records of meetings and decisions

​

​We collect or use the following personal information for the operation of client accounts and for dealing with queries, complaints or claims:

​

  • Names, addresses and contact details

  • Information about services provided to you and related correspondence

 

We collect or use the following personal information to comply with legal requirements:

​​

  • Names, addresses and contact details

  • Information about services provided to you and related correspondence

  • Any other personal information required to comply with legal obligations

 

​We do not sell or share your personal data for marketing purposes, or use it for automated decision-making.

​

4. Lawful bases and data protection rights

​

​Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

​

​Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

​​

  • ​Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.

  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

  • Your right to erasure - You have the right to ask us to delete your personal information.

  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.

  • Your right to object to processing - You have the right to object to the processing of your personal data.

  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

 

​To make a data protection rights request, please contact us.​

 

If you make a request, we must respond to you without undue delay and in any event within one month.

​

5. Our lawful bases for the collection and use of your data

​

Our lawful basis for collecting or using personal information to provide and improve products and services for clients and for the operation of client or customer accounts is:

​

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

 

Our lawful basis for collecting or using personal information to comply with legal requirements is:

​​

  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

Our lawful basis for collecting or using personal information for dealing with queries, complaints or claims is:

​

  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

​

  • Our legitimate interests are: To protect both parties in the event of disagreement and/or escalation. When relying on legitimate interests, we always balance our interests against your rights and freedoms. You have the right to object to processing based on legitimate interests. For more information on our use of legitimate interests as a lawful basis you can contact us.

​

6. Where we get personal information from

​

  • Directly from you

  • Publicly available sources

​

7. Data security

​

We take appropriate technical and organisational measures to keep your personal data secure, including encrypted storage, secure access controls, and regular review of data handling practices.

 

For more information on our data security practices, including how we protect digital files and access, please contact us.

​

8. How long we keep information

​

We retain information for 6 years in line with legal and regulatory requirements. 

​

For more information on how long we store your personal information or the criteria we use to determine this please contact us.

​

9. Who we share information with

 

We will never sell your data. We may share it with​:

​

  • Organisations we’re legally obliged to share personal information with, such as HMRC and other regulators.

  • Trusted third-party service providers who help us deliver our services (including secure cloud storage). These providers are contractually bound to keep your data secure and confidential.

​

10. International data transfers

​

We use Microsoft OneDrive cloud services, which may store or process personal data outside of the UK. In such cases, Microsoft is bound by the UK International Data Transfer Agreement (IDTA) and the UK Addendum to the EU Standard Contractual Clauses, as required by UK GDPR. These mechanisms provide safeguards to ensure your data continues to be protected in line with UK data protection laws.

​

We may also access personal data while working temporarily outside the UK. When this happens, we always use secure encrypted connections and follow robust data protection practices to ensure continued compliance with UK GDPR.

​

11. Cookies

 

We use cookies to help our website function and to understand how visitors interact with it. Cookies are small files stored on your device that allow the website to remember your preferences and improve your experience.

 

We use:

​​

  • Essential cookies, which are necessary for the site to work properly.

  • Analytics cookies (provided by Wix), which help us understand site traffic and usage patterns.

 

You can control or disable non-essential cookies through the cookie banner when you first visit the site, or by adjusting your browser settings.

 

For more information about the cookies used by Wix, you can refer to:
https://support.wix.com/en/article/cookies-and-your-wix-site

​

12. How to complain

 

If you have any concerns about our use of your personal data, please contact us to make a complaint. We aim to acknowledge them within 30 days and will investigate and respond without undue delay.

 

​If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO. The ICO’s address:

 

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

​Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

​

13. Contact

​​

contact@anchoradvisory.co.uk

​

Version

​

v1.0 (July 2025)

bottom of page