Proudly B Corp™
Employee Owned
20+ Years Experience
01275 370 670
Money matters but life matters more
Last updated: May 2026

Privacy Policy

Paradigm Norton Financial Planning Ltd (‘Paradigm Norton’, ‘we’, ‘us’, ‘our’) is committed to protecting your privacy and the personal information that you share with us (or that others share about you).

This Privacy Notice explains what personal information we collect, why we collect it, how we use it, who we share it with, how we keep it safe, how long we keep it, and the rights you have under UK data protection law.

For the purposes of UK data protection law, Paradigm Norton is the ‘controller’ of your personal information (meaning we decide why and how it is used).

 

Why we collect personal information

From our first contact with you, we will collect personal information with a view to entering into (and then delivering) a contract to provide financial planning and/or tax planning services.

The information we collect is essential for us to deliver the services you ask us to provide effectively and to meet our legal and regulatory obligations (for example, FCA rules and anti‑money laundering requirements).

If we cannot collect the information we need, we may be unable to provide advice, arrange products, or continue to service you. See ‘If you choose not to provide information’ below.

 

How your information is protected

As a regulated firm, we are governed by a strict code of conduct and must maintain appropriate security over the information we hold. We use organisational and technical measures designed to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your information to employees, agents, contractors and third parties who have a genuine business need to know. All such persons are subject to confidentiality obligations.
We have procedures to deal with suspected personal data breaches and will notify you and the relevant regulator where we are legally required to do so.

 

What information we collect

To provide you with financial and/or tax planning, we need to understand your circumstances, objectives and preferences. We may collect information such as:

  • Personal information: Your name, marital status, National Insurance number, tax code, date of birth.
  • Contact details: Your address, phone number(s), email address(es), and how you would prefer us to contact you.
  • Financial details: Your income and expenditure, savings, existing investments, pensions, protection arrangements, assets and liabilities, goals and ambitions.
  • Family relationships: Information about your partner and dependents where relevant to your planning.
  • Official documents: For example, a copy of your driving license, passport, birth certificate, marriage certificate, wills and other relevant documents.
  • Your other advisers and connected parties: For example solicitors, accountants, attorneys under a power of attorney, trustees, beneficiaries, and other relevant professional connections.
  • Special category information: Some information is particularly sensitive and receives extra protection under the law. This includes, for example, information about your health. Where we need to process special category information to provide an effective service, we will do so only where an appropriate lawful basis and condition applies under UK data protection law. We rely on your explicit consent to process special category information, particularly where health information is required for protection planning or wider financial planning.

 

Where we collect your information from

You

You are our primary source of information. You provide information when you speak with us, write to us, email, text, complete forms, and use our website.

We record information in documents created for collection and assessment (for example fact finds, risk profiles and application forms) and in our meeting and call notes.

Call recording and meeting recording

Calls to and from our offices may be recorded for business purposes, including training, quality assurance, and accurate record keeping. We may also audio‑record meetings for the same purposes.

Other organisations

Sometimes it is necessary to obtain your information from other organisations so that we can better understand your position and provide appropriate advice. For example, we may contact organisations where you hold pension, investment or protection arrangements (whether arranged by us or a previous adviser), HMRC, the Department for Work and Pensions, a previous tax adviser/accountant, or other organisations where regulations require us to do so.

In these situations, we will make you aware of the contact. The organisation releasing your information will normally require your authority before it is provided.

We may also receive information from providers of payment services, and from providers of client identification, credit referencing and anti‑money laundering verification services.

Information you provide about other people

During our discussions you may provide information about other individuals who will not be entering into a contract with us, but whose information may be relevant to providing you with best advice (for example, your partner, dependants, trustees, attorneys or professional connections).

Where you provide information about someone else, please ensure you have their permission (or another appropriate authority) to share it with us. Where required, we will provide privacy information to those individuals directly, or we may ask you to share our privacy information with them.

When we receive information from other sources

Where we obtain your information from other sources, you will have the same or equivalent rights to those set out under ‘Your rights’.

We may not always be able to notify you where: (i) you are already aware we have the information; (ii) we are prohibited by law or professional standards; or (iii) providing the information would render impossible or seriously impair the achievement of the purposes for which the information is processed. In such cases, we will take steps to protect your rights and freedoms.

Client surveys

We may also collect information when you voluntarily complete client surveys or provide feedback to us.

 

If you choose not to provide information

We may need to collect certain information because it is required by law or to enter into or perform our contract with you. If you choose not to provide this information, it may prevent us from meeting our legal or contractual obligations. This may mean that we cannot provide advice, arrange products, or continue to manage your financial or tax planning arrangements.

Similarly, if we are unable to collect or use information about any relevant individual (as described above), this may affect our ability to provide advice or manage your arrangements.

 

Advice relating to children

We will not enter directly into a contract with a child (a person under 18). However, there may be occasions where our services are engaged for a child’s benefit. In these cases we will require the express consent of a legal guardian and we will interact with the legal guardian until the child reaches 18. We will take appropriate measures to protect a child’s information in accordance with this notice.

 

How we use your information and our lawful bases

We will only use your personal information where the law allows us to do so. Our main lawful bases are:

  • Contract – where processing is necessary to enter into and perform our contract with you.
  • Legal obligation – where we must process information to comply with law or regulatory requirements.
  • Legitimate interests – where processing is necessary for our legitimate interests (or those of a third party) and does not override your rights.
  • Consent – we may ask for consent in specific circumstances (for example, where we need to process certain special category information). You can withdraw consent at any time where we rely on it.

 

Generally, we do not rely on consent as the legal basis for most processing, because much of what we do is necessary to provide our services and meet regulatory requirements. Where we do rely on consent, we will make this clear at the point we ask for it.

We may use your information to:

  • Provide you with a comprehensive financial planning service, including (typically) an annual planning meeting to review your circumstances and ensure our recommendations remain suitable;
  • Provide personal tax compliance and business services, including annual taxation and corporate regulatory requirements;
  • Comply with Know Your Client (KYC) and other requirements designed to combat fraud, money laundering and other criminal activities;
  • Use systems that generate outputs based on information we enter (for example, cash‑flow planning tools or risk profiling tools) to support our advice;
  • Respond to legal requests for information from regulators and law enforcement, or pursuant to an order of a court or tribunal;
  • Comply with requirements in relation to our professional conduct, including participation in audits and reviews conducted by or on behalf of the FCA and maintaining records of client and transaction histories;
  • Manage our business effectively, including record‑keeping, responding to your queries, investigating and resolving complaints, preparing statutory accounts and completing tax returns;
  • Deal with legal proceedings in which you or we may be involved (including obtaining legal advice and defending, pursuing or settling claims);
  • Provide you with information and updates relevant to the services we provide.

 

We will only use your information for the purposes for which we collected it, unless we reasonably consider we need to use it for another reason that is compatible with the original purpose. If you would like an explanation of compatibility, please contact us.

If we need to use your information for an unrelated purpose, we will notify you and explain the lawful basis that allows us to do so.

Please note that we may process your information without your knowledge or consent where this is required or permitted by law.

 

Anti‑money laundering and identity verification

We have a regulatory requirement to ensure that our services are not being used for financial crime. Where appropriate, we may use a credit reference agency or other verification provider to help confirm your identity.

We will share only the information necessary to conduct the search (normally your full name, address, national insurance number and date of birth). This helps us confirm your identity, prevent financial crime, comply with regulations and fulfil our contract with you.

We will ensure we have appropriate contractual terms in place with verification providers to protect your information (see ‘Who we share your information with’ below).

 

AI‑assisted tools (meeting notes and communications)

We may use AI‑enabled tools to help us transcribe and summarise meetings and calls, and to help our team draft or improve routine client communications (for example, meeting follow‑ups or general updates).

These tools are used to support our employees. Any transcript, summary or draft produced by an AI tool is reviewed by a member of our team before it is saved to your file or sent to you. We remain responsible for the content we keep and the communications we send.

We do not make decisions about you that produce legal or similarly significant effects solely by automated means. If this changes, we will put safeguards in place, including providing information about the decision, enabling you to make representations, and allowing you to obtain human intervention and to contest the decision.

If you would prefer that we do not record or transcribe your meeting using AI‑assisted tools, please tell us. We can take manual notes instead.

 

Mailing software

We occasionally use mailing software. Our communications are of a generic nature, but the software may collect information such as your email address, whether an email was opened, how it was opened and the type of device used (e.g. mobile phone, tablet or PC).

 

Website analytics and cookies

Our websites use cookies and similar technologies. Some cookies are strictly necessary to provide our website and online services. Other cookies (for example, analytics cookies) help us understand how our website is used so we can improve it.

Where required, we will ask for your consent before placing non‑essential cookies on your device, and you can change your preferences at any time via our cookie settings.

Google Analytics: We use Google Analytics to help analyse how visitors use our website. Information collected may include your IP address and information about your device and browsing activity on our website. Google may process this information on servers located outside the UK.

You can find out more about Cookies in our Cookie Policy.

 

Who we share your information with

To deliver our services effectively, we may share your information with other organisations such as professional compliance, accountancy, regulatory or legal advisers, IT support providers, system and software providers, insurance brokers, and product and platform providers used to arrange financial products for you.

Where another organisation processes your information on our behalf, we will put a contract in place to ensure: (i) the nature and purpose of the processing is clear; (ii) they protect your information and treat it in accordance with the law; (iii) they have appropriate safeguards; (iv) they do not use the information for their own purposes; and (v) they only process it for specified purposes.

Where it is necessary to transfer your information to another organisation, we use appropriate security measures to protect it in transit.

 

International transfers

The information we collect may be transferred to and stored outside the UK in the provision of services agreed in your contract with us (for example, where a supplier uses data centres located overseas).

Where we transfer personal information outside the UK, we will ensure that appropriate protection is in place in line with UK data protection law (for example, where the UK has issued an adequacy decision for the destination country, or by using appropriate contractual safeguards). You can contact us for more information about the safeguards we use.

 

Communication methods and marketing preferences

From your initial contact with us, you can choose how you would prefer us to communicate with you (for example by phone, text, email, post or via an online portal) and, where possible, you can control what you receive. Your preferences will also be reflected in our engagement documentation, and you can change them at any time.

We may occasionally send you communications about significant events (e.g. volatile market movements, budget summaries, year‑end tax planning articles, and changes in regulatory or legal requirements). We consider these to be part of our contractual service to you.

You may opt out of marketing communications at any time by clicking ‘unsubscribe’ (where provided) or emailing .

 

Email encryption

We encrypt email communications wherever possible. We enforce Transport Layer Security (TLS) for email communications to protect data in transit between our systems and yours.

If your email service does not support an encrypted connection, the email may default to a less secure connection, although most modern email services support TLS.

 

Archiving information

We regularly review the information we process. Where, in our opinion, information has ceased to be ‘active’, we may archive it and process it only as archived information.

Access to archived information is restricted to personnel with specific duties and training. Archived information will only be used where necessary, for example in response to legal proceedings or a request from law enforcement bodies.

All storage of information (active or archived) will follow good industry practice and incorporate appropriate organisational and technical measures.

 

How long we keep your information (retention)

We keep your information for as long as necessary for the purposes we collected it for, including to provide services to you and to meet legal and regulatory requirements. We review our records regularly to ensure they remain accurate and up‑to‑date.

Because financial planning is typically long‑term, we need to retain your information throughout our relationship. When our contract ends, we may need to keep certain records for a period of time for regulatory, legal, or business reasons (for example, in case of a complaint or query).

Our regulator requires us to retain certain records for at least:

  • Five years for investment business;
  • Indefinitely for pension transfers and opt‑out business;
  • Three years for insurance business.

 

We retain records relating to tax compliance services (including calculations, filings and supporting documentation) for at least six years from the end of the relevant tax year or accounting period, in line with HMRC record-keeping requirements, and may retain them for longer where necessary to meet legal, regulatory or professional obligations.

These are minimum periods during which we have a legal obligation to retain your records. We may retain information for longer where we believe it’s in our legitimate interests to do so or as part of our contractual obligations to you.

 

Your rights

UK data protection law provides you with certain rights in relation to your personal information, in specific circumstances. These include:

  • Right of access: You can ask us to confirm whether we are processing your information and request a copy.
  • Right to rectification: You can ask us to correct inaccurate information or complete incomplete information.
  • Right to erasure: You can ask us to delete information we no longer need, subject to legal and regulatory limitations.
  • Right to restrict processing: You can ask us to restrict processing in certain circumstances.
  • Right to data portability: In some situations, you can ask for your information to be provided to you or another organisation in a structured, commonly used, machine‑readable format.
  • Right to object: You can object to processing based on legitimate interests in certain circumstances.
  • Right to withdraw consent: Where we rely on consent, you can withdraw it at any time.
  • Right to object to direct marketing: You can tell us to stop using your information for direct marketing at any time.

 

To exercise your rights, please contact us using the details in ‘How to contact us’.

You will not usually have to pay a fee to access your information (or to exercise any other rights). However, we may charge a reasonable fee or refuse to comply if a request is repetitive or excessive.

We may need to request specific information to confirm your identity. This is a security measure to ensure personal information is not disclosed to someone who has no right to receive it.

We aim to respond to legitimate requests within one month. The Data (Use and Access) Act 2025 clarifies that we will carry out reasonable and proportionate searches when responding to access requests. It also introduces a ‘stop the clock’ provision: if we reasonably need more information to process your request, the response time is paused until we receive it.

You also have the right to complain to the Information Commissioner’s Office (ICO). Their contact details are set out below.

 

Data protection complaints (how to complain to us)

If you have any concerns about how we use your personal information, please contact us first so we can try to resolve the issue. Under the Data (Use and Access) Act 2025, organisations are required to have a data protection complaints process.

How to complain: You can complain by email, post or phone using the contact details provided under ‘how to contact us’.

What we will do: We will review your complaint, make appropriate enquiries, keep you informed where appropriate, and tell you the outcome without undue delay.

You can also complain to the ICO at any time, but we encourage you to contact us first so we can address your concerns quickly.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

Website: https://ico.org.uk/

 

Changes to this Privacy Notice

We keep this Privacy Notice under regular review. We will update it on our website and, where appropriate, share changes with you by email or post. Minor updates may not be communicated individually.

 

How to contact us

If you have any questions about this Privacy Notice or the information we hold about you, please contact us:

Paradigm Norton Financial Planning Limited, Paradigm House, Macrae Road, Ham Green, Bristol, BS20 0DD

Tel: 01275 370670

Email: