placeholder

Privacy Notice

All companies within and connected to the group are aware of their obligations under the General Data Protection Regulation (GDPR) and are committed to respecting and protecting your privacy, through the secure and transparent processing of your personal data.

This Privacy Notice explains, in line with GDPR, how the group uses any personal information we collect about you to provide our services; it also explains how we handle and protect such information. Any organisations to whom we may pass your data will have their own obligations.

We work with Hubwise Securities Limited to provide TPO Invest, our investor platform service, and their Privacy Policy may be accessed here: www.ssctech.com/about/privacy

Our client portal, TPO Wealth, is powered by MoneyInfo Limited, whose privacy policy may be accessed here: www.moneyinfo.com/privacy-policy

Why do we need to collect and use your personal data?

To provide our services, we will need to collect and record information about your personal and financial circumstances. We take your privacy seriously and will only use your personal information to deliver our services or for legal, regulatory or insurance purposes related to our services.

Processing of your personal data is necessary for the performance of our contract for services with you and in meeting our legal obligations to preventing money laundering or terrorist financing. We rely on legitimate interest to retain relevant data for the purposes of assessing the appropriateness of our services, defending future complaints and meeting our Professional Indemnity Insurer’s expectations. Generally, these are the lawful bases on which we intend to rely for the processing of your data. (Please see the reference to special categories of data below). Our policy is to gather and process only that personal data which is necessary for the afore mentioned purposes.

We understand that clients may have concerns about how their information is used and stored, and in view of this (and to ensure our compliance with legislation and best practices) we have established policies in place to govern our handling of client information.

We will treat all clients’ personal information as private and confidential, even if our business relationship has ended. All employees are bound by our policies, which are regularly reviewed, and we deliver an ongoing staff training programme to ensure that each individual understands their obligations in this regard.

As technology advances, we are always seeking new and innovative ways of undertaking our identification checks, which may include facial recognition and use of other biometric data. We will take all reasonable steps to comply with prevailing and relevant legislation in this regard.

What personal information do we collect?

When you engage us to provide services, we obtain certain information relating to your personal and financial circumstances, and the following are examples of the types of information which might be collected, depending on the nature of the service:

  • your identity, such as age, date of birth, gender and national insurance number;
  • contact details, including your address, email, phone number and mobile number;
  • employment details;
  • family details;
  • information regarding your current health condition;
  • associated third party information, this includes your spouse, children or beneficiaries of trusts;
  • financial details, such as source of wealth, existing investments, savings accounts, tax returns, and bank details;
  • details concerning your attitude to investment risk, in some cases via an external profiling questionnaire;
  • lifestyle information (such as hobbies and interests);
  • account activity, generated and collected through the provision of our services to you through 3rd party providers;
  • Internal Protocol (IP) address, collected passively when you use our website or client portal.

We may also collect information when you complete surveys, provide feedback, or request literature, guides, or further details regarding our services.

As technology advances, we are always seeking new and innovative ways of undertaking our identification checks, which may include facial recognition and the use of other biometric data. We will take all reasonable steps to comply with prevailing and relevant legislation in this regard.

Information relating to usage of our website is collected using cookies, which are text files used for detecting the kind of device you are using in order to present content in the most appropriate manner, or for other purposes intended to enhance your experience. Further information pertaining to our website privacy is contained later in this Notice.

How we use and process your personal information

Please be assured that we, and any company associated with us will treat all data as confidential, and will not process it other than for lawful and legitimate purposes. Processing of data includes obtaining, recording and holding information or data. It also includes transferring it for legitimate purposes to other companies associated with us, product providers, the FCA or other statutory, governmental or regulatory body, solicitor, or debt collection agency.

Appropriate measures will be taken to ensure the information we hold is kept up to date, not retained for longer than necessary, kept secure against unauthorised or unlawful processing (in so far as we are able), and protected from the risk of accidental loss or destruction.

In the interests of continuing suitability and the ongoing provision of our agreed services, it is essential that the information we hold about clients is current and accurate, and so we ask you to notify us of any changes – for example, a change of address – at the earliest opportunity.

There may be occasions where we use real client scenarios to inform the case studies used in our marketing or literature. Any testimonials provided may be used for marketing purposes. Where this happens, we will remove information which could identify the individual(s) to a third party, but clients may recognise their own circumstances in scenarios presented.

To provide our service effectively, we may need to gather personal information about connected individuals, such as a client’s close family members and dependents. In such cases we will take the provision of their information as confirmation that the individual is aware of, and consents to us receiving and processing the information. If required, they should be provided with a copy of this privacy notice, or directed to our website.

Special categories of personal data

There are certain categories of personal data that are sensitive by nature. The categories include: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning health.

Depending on the nature of the products and services that you engage us for we may need to obtain your sensitive personal data particularly in relation to health. Our policy is that should we require any special category of personal data we will only gather this with your explicit consent.

If you are concerned about any aspect of our privacy arrangements, please speak to us.

Sharing of information and communicating with you

In order for us to facilitate or enhance our offering for clients, some services, such as information technology (including the use of artificial intelligence), legal services, compliance systems and regulatory advice, are provided to us by carefully selected third parties. Such parties may also need to process your personal data to enable them to perform their contracts with us.

Your personal information may be transferred electronically (e.g. by email or over the internet), and we, or any relevant third party may contact you in future by what we believe is the most appropriate means of communication at the time. The organisations to whom we may pass your data will have their own obligations in relation to handling your information appropriately.

In some cases, a product or service may be administered from a country outside Europe, and if this does apply, the organisation must commit to protecting the information we share with them.

Where we submit an application for a product or service, we will need to pass on certain personal information as required by the provider to complete the application. The information will then become subject to the policies and controls of that provider.

There will be occasions where we believe a client may benefit from the service provided by another firm within the ACL group, so information which is relevant and proportionate for this purpose may be shared between firms within the group.

Other than the above, your personal information will only be disclosed with your consent or where we are required to do so by law.

We, or any company associated with us may contact clients by any means of communication agreed to, for the purposes of fulfilling our contract and service agreements. Subject to receiving your consent for marketing, we may also actively contact you to discuss the merits of a particular product or service by means of an ‘unsolicited promotion’ should we believe it to be of interest or relevance.

Clients may, of course, choose to exercise their right to ‘opt out’ of any such contact by notifying us accordingly. Where a client chooses to opt out of marketing contact, we will continue to provide our periodic newsletter, on the basis that this forms part of our service proposition and is likely to contain relevant information and important updates from our Investment Committee.

Retention of your information

During the course of our relationship, we will collect and retain personal data that is necessary for us to provide our services to you, and take reasonable steps to keep the information we hold up to date.

In relation to some aspects of our business we are subject to regulations which require us to retain your data for specified minimum periods of time which are:

  • Five years for investment business;
  • Three years for insurance and mortgage business;
  • Indefinitely for pension transfers and opt outs.

These are minimum periods, and we do reserve the right to retain data for longer where we believe it is in our legitimate interests to do so. Outside of our regulatory obligations, we would typically seek to retain records for a period of 7 years after the date our relationship ends.

You do, however, have the right to request the deletion of your personal data, which we will comply with, subject to our regulatory obligations and legitimate interests as noted above.

Accessing your personal information

Subject to certain exceptions and exemptions, clients are entitled to request access to the data we hold. For more information about our obligations and the rights of clients under Data Protection regulations, please visit the Information Commissioner’s website at www.ico.org.uk.

If you are concerned about any aspect of our privacy arrangements please speak to us.

Acceptance of advice

Where several parties are advised jointly (for example a couple), we will offer the opportunity to nominate a ‘spokesperson’ who can be authorised to accept advice on behalf of both/all parties. This will authorise us to honour and act on any such instruction which is sent or purported to be sent by the nominated individual, and believed by us to be genuine. We shall not be liable for so acting in good faith upon any such instruction.

This facility will be made available on an ‘opt in’ basis and authority may be withdrawn by you or TPO at any time without notice or reason. The ongoing appropriateness of this arrangement will be assessed and renewed (where applicable) during the annual review process.

Information about connected individuals

To provide our services effectively, we may need to gather personal information about your close family members and dependents. In such cases, we rely on you to have obtained the consent of the people concerned, to pass their information on to us. We will be happy to provide them with a copy of this Notice upon request.

How we protect information

The security and confidentiality of your personal information is extremely important to us.

All personal data which is collected and recorded, whether on paper or electronically, has appropriate safeguards applied in line with our legal obligations.

Data is protected by our internal policies and procedures, which are designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees undertake regular training in relation to data protection and are subject to duties of confidentiality which apply to the personal data we obtain and process.

Our information security controls are aligned to industry standards and good practice. This provides a secure control environment that effectively manages risks to the confidentiality, integrity and availability of information. Additionally, our controls ensure we can restore your data in situations where the data is corrupted or lost in a disaster recovery situation.

Where appropriate, we use encryption or other security measures which we deem suitable to protect your information. We also review our security procedures periodically and will consider relevant new technologies and updated methods. But, despite our reasonable efforts, no security measure can ever be perfect or impenetrable.

If you would like more details or are concerned about any particular issue, please contact us (see later section ‘How to contact us’ for details).

Where your information is processed

Your information is mainly processed in the UK and European Economic Area (EEA). Where processing takes place outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as required by applicable data protection laws.

Handling telephone calls and other electronic communications

We retain copies of electronic communications for record keeping, monitoring and quality purposes, the provision of our services and for audit and training purposes. We may record telephone or internet/video calls, access to which is restricted to those individuals who have a need to access them for the purposes set out here.

Our websites

Our websites are published, hosted and maintained by carefully selected business partners on our behalf, who will not collect personal data about individuals, except where it is specifically and knowingly provided by them.

When you visit our websites, the web servers will collect basic information such as your internet service provider’s domain name, the areas of our website you visited, and when.

Our websites may contain links to other third-party websites which we believe may be of interest. It is important to note that these links will direct you away from our website, to other sites over which we have no control. We cannot, therefore, be responsible for the processing and privacy of your information by third-party websites, and would refer you to their respective Privacy Notices and Policies. In some cases, we may receive remuneration from the providers of third party links displayed on our websites.

The websites may also use sharing tools, which allow you to share content through social networks such as Facebook or X (formerly Twitter). When you use one of these buttons, the social networking site may place a cookie on your computer – if you require additional information about how these third parties use cookies, you should check their cookie policy.

Cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic, which is used to tailor the experience to visitors’ needs, and improve our website. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages are found useful and by whom. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. Further information may be found at www.allaboutcookies.org

You can choose to accept or decline cookies, and most web browsers now require users to make that choice. You can usually modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the website. The main types of cookies are explained below:

  • Required cookies are critical to the functionality of our websites, for example, to keep a user logged in to their account.
  • Functional cookies are used to track visitors to our websites, helping us understand how websites are being used and help us improve the experience for others.
  • Marketing cookies are used to track the number of people who click on third party links displayed in our websites, and provide statistical information.

Google Analytics

We may use Google analytics to help us understand how our websites are being used. It generates statistical information about website use by means of ‘cookies’ which are stored on users’ computers.

The information generated relating to our websites is used to create reports about the use of the website. Google stores this information. Google’s privacy policy is available at: https://policies.google.com/privacy

Marketing

We would like to send you information about our firms, services and other relevant information, including invitations to events we feel may be of interest, and require your express consent for us to be able to do so.

Where this consent has been given, you have the right to ask us to stop contacting you for marketing purposes at any time. For existing clients, opting out of marketing will not change how we communicate with you in the course of delivering our agreed services.

Where a client chooses to opt out of marketing, this will not supress communications such as our periodic newsletter, because this forms part of our service proposition and contains important information, including updates from our Investment Committee and Regulatory team.

There may be occasions where we use real client scenarios to inform case studies used in our marketing material and literature, and any testimonials provided may be used for marketing purposes. Where we do so, we will endeavour to remove information which could identify individuals to a third party, but you may recognise your own circumstances in scenarios presented.

Your rights in relation to Data Protection

You have various rights under data protection laws in relation to how we process your information. These are summarised below, and if you would like to find out more about our obligations, please visit the Information Commissioner’s website at www.ico.org.uk

If you are concerned about any aspect of our privacy arrangements please speak to us, or you may contact the Information Commissioner’s Office at:

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate)

Right to be informed

You have a right to receive clear and easy to understand information on what personal information we have, why we have it, and who we share it with.

Right to access your information

Subject to certain exceptions and exemptions, you are entitled to request a copy of the information we hold about you.

Where your personal data is processed by automated means, you have the right to request that we move your personal data to another organisation for their use.

We have an obligation to ensure that your personal information is accurate and up to date, so please ask us to correct or remove any information you feel is incorrect.

Right to request erasure

You can ask for your information to be deleted or removed, which will be done where there is not a compelling or regulatory/legal reason for us to retain it.

Right to restrict processing

You can ask to block or suppress the processing of your personal data for certain reasons. This means that we are still permitted to keep your information but only to ensure we do not use it in the future for those reasons you have restricted.

Right to data portability

You can ask for a copy of your personal data for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way; for example, if you were moving your pension or savings account to another provider.

Right to object or withdraw consent

You can object to us processing your personal data, in which case we must cease to do so unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or for the establishment, exercise or defence of legal claims.

Where we are processing your personal data with your consent, this can be withdrawn at any time. This might, however, limit or remove our ability to act in accordance with the prevailing terms of engagement between us.

How to contact us

If you have any questions about this Privacy Notice, the personal data we will obtain and process, you wish to opt out of direct marketing, or wish to exercise any other of your rights as a Data Subject, please contact us:

  The Private Office/ TPO Wealth TPO Invest
Enquiries enquiries@theprivateoffice.com support@tpoinvest.com
Marketing marketing@theprivateoffice.com support@tpoinvest.com
By telephone 0333 323 9060 0333 323 9067
In writing No 2 The Bourse, Leeds, LS1 5DE No 2, The Bourse, Leeds, LS1 5DE

Changes to our privacy notice

We keep our privacy notice under regular review and will publish updates on our websites. This notice was last updated in November 2025.

Latest news and insights

insights
Rachel Reeves carrying a red case

Key changes from Rachel Reeves’ Budget 2025

26th November 2025

Many of the rumoured changes did not materialise, but the combination of further frozen income tax bandings, increases to dividend, saving and property income tax and reduced cash ISA allowances, will make financial planning more important than ever.

news
Blue box with Citywire NMA logo in white

Citywire NMA Top 100 Firm for 7th Year

25th November 2025

The Private Office has once again been recognised as one of Citywire New Model Adviser’s Top 100 Firms for 2025, marking our seventh consecutive year on this prestigious list.

news
Winners and CEO on stage with trophies

Abigail Banks and Emma Clement Celebrate Wins at WIFA 2025

24th November 2025

We are thrilled to congratulate Abigail Banks and Emma Clement on their impressive achievements at the Women in Financial Advice Awards 2025.

Bring your retirement plans to life

Can you afford to retire today?

Try our calculator

Tools

Subscribe

Sign up to our financial insights newsletter:

Sign up for for free

Follow us on...

The Private Office, TPO, TPO Wealth, and TPO Invest are trading names of The Private Office Limited (company number 10226899), which is authorised and regulated by the Financial Conduct Authority (FCA), firm reference number 789482. 

Investment Champion Online Limited is an Appointed Representative of The Private Office Limited, which is authorised and regulated by the FCA. Both companies are registered in England and Wales with a registered office at 2 The Bourse, Leeds LS1 5DE. 

Our details may be checked on the FCA Financial Services Register at https://register.fca.org.uk/. Please note that the Financial Conduct Authority (FCA) does not regulate cash flow planning, estate planning, tax or trust advice.