PrivacyNotice

Lathe and Co Wealth Advisers

Lathe and Co Wealth Advisers is authorised and regulated by the Financial Conduct Authority. This privacy notice explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: 27/01/2026

1. Who we are

Data Controller:

Lathe and Co Wealth Advisers
2/2A Throgmorton Avenue
London
EC2N 2DG

Contact details:

Email: mark.butterworth@latheandco.co.uk

Responsible for data protection:

Mark Butterworth

2. What Personal Information We Collect

We collect and process the following categories of personal information about you:

Identity and contact information:

• Name, title, date of birth, gender.
• Contact details (address, email, telephone numbers)
• National Insurance number
• Identification documents (passport, driving licence, national identity card)
• Government issued ID verification and address verification documents (council tax letters, bank statements, utility bills, benefit entitlement documents)

Financial information:

• Income, expenditure, and financial circumstances
• Bank account and payment details.
• Assets, liabilities, and investment holdings
• Tax status and tax identification numbers.
• Credit and lending information.
• Employment and pension details
• Previous and current investments
• Existing plan details and policy information

Lifestyle and objectives information:

• Information about your lifestyle and personal circumstances
• Your investment goals and financial objectives
• Attitude to investment risk
• Copies of your will (where relevant)
• Information about any trusts you have established.

Family and dependant information:

• Information about family members and dependants
• Details of beneficiaries
• Business associates or partners (where relevant)

Communication records:

• Records of our meetings, advice, and correspondence
• Telephone call recordings (where calls are recorded)
• Email correspondence.
• Feedback and survey responses

Technical information:

• Website usage data (via cookies)
• IP addresses and browsing history.

Verification and compliance information:

• Information obtained from carrying out identification checks.
• Sanctions list and politically exposed persons (PEP) screening results
• Bankruptcy orders and insolvency information
• Information gathered from publicly available sources (electoral roll, Companies House, Land Registry, court judgments, internet search engines, social media sites)

Special category data (where necessary for our services):

• Health information (for protection and life insurance advice)
• Information about criminal convictions (for regulatory compliance)
• In limited circumstances: information relating to trade union membership, ethnicity, or political opinions (only where you have disclosed it and it's relevant to our advice)

3. Information About Connected Individuals

To provide our services effectively, we may need to collect personal information about your family members, dependants, or other connected individuals (such as beneficiaries, trustees, attorneys, or business partners).

Your responsibility: When you provide us with information about other individuals, you must ensure that you have their consent to share their information with us and that you have made this privacy notice available to them.

We will process their information only for the purposes of providing services to you, and they have the same rights as set out in this notice.

4. How We Collect Your Information

We collect personal information through:

• Information you provide directly when engaging our services.
• Application forms, fact-finds, and questionnaires
• Meetings, telephone calls, emails, and correspondence
• Identity verification checks conducted by third-party agencies (such as Experian)
• Financial product providers and platforms
• Publicly accessible sources (e.g., Companies House, Land Registry, electoral roll, court judgments, insolvency registers)
• Credit reference agencies.
• Your existing financial product providers (with your consent)
• Our website through cookies and analytics
• Sanctions and PEP screening services

5. Legal Basis for Processing Your Personal Data

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following:

5.1 Contractual Necessity

We need to process your personal information to perform our contract with you and deliver the financial services you have engaged us to provide, including financial planning, investment advice, mortgage advice, and ongoing portfolio management.

5.2 Legal Obligation

We are required by law and regulation to collect and process certain information, including:

• Verifying your identity under anti-money laundering regulations
• Conducting sanctions and PEP screening
• Assessing suitability and appropriateness under FCA rules
• Maintaining records as required by financial services regulations.
• Reporting to regulatory authorities where required

5.3 Consent

For special category data (such as health information for insurance purposes), we will obtain your explicit consent before processing this information.

You have the right to withdraw your consent at any time by contacting us. However, this will not affect the lawfulness of processing before withdrawal, and we may still need to retain the information to comply with our legal obligations.

5.4 Legitimate Interests

We may process your personal data where necessary for our legitimate interests, including:

• Maintaining records to defend against potential complaints or claims.
• Meeting our Professional Indemnity Insurance requirements
• Assessing the ongoing appropriateness of our advice
• Conducting annual suitability reviews
• Improving our services
• Preventing fraud and financial crime
• Business administration and management
• Recording and monitoring communications for quality, training, and security purposes

We will always balance our legitimate interests against your rights and will not process your data in this way if we believe it would be unfair to you.

6. How We Use Your Information

We use your personal information for the following purposes:

• Providing financial planning, advice, and investment management services
• Assessing your needs, circumstances, and suitability for financial products
• Arranging, administering, and reviewing financial products on your behalf
• Conducting annual reviews and ongoing suitability assessments
• Ongoing monitoring and management of your investments and financial arrangements
• Communicating with you about your services
• Meeting our legal and regulatory obligations
• Verifying your identity and preventing fraud and financial crime
• Conducting sanctions and PEP screening
• Maintaining records and managing complaints
• Recording and monitoring communications (telephone, email, written correspondence) for quality assurance, training, compliance, and security purposes
• Improving our services through customer feedback and satisfaction surveys
• Defending legal claims and managing professional indemnity matters
• Applying for and claiming on our Professional Indemnity Insurance

7. Who We Share Your Information With

To provide our services effectively, we may share your personal information with:

Financial product and service providers:

• Investment platforms and fund managers
• Pension providers
• Insurance companies
• Mortgage lenders and banks.
• Discretionary fund managers
• Product providers and portfolio managers

Professional advisers and service providers:

• Compliance consultants
• Accountants and auditors
• Legal advisers
• IT service providers and cloud storage providers
• Document storage and management providers.
• Back-office system providers
• Actuaries

Regulatory and legal bodies:

• Financial Conduct Authority
• Financial Ombudsman Service
• HM Revenue & Customs
• Law enforcement agencies (where required by law)
• Data protection authorities

Identity verification and fraud prevention:

• Credit reference agencies.
• Anti-money laundering verification services (such as Experian)
• Sanctions and PEP screening providers
• Fraud prevention agencies

Other parties:

• Our Professional Indemnity insurers
• Any successor or potential successor to our business
• Third parties with your explicit consent

Data Processor Safeguards

Where we engage third parties to process your data on our behalf, we ensure:

• A written contract is in place governing the processing.
• They process data only in accordance with our instructions.
• They maintain appropriate security measures.
• They have confidentiality obligations.
• They assist us in meeting our UK GDPR obligations.

Security of Data in Transit

When sharing your information with third parties, we use appropriate security measures including:

• Password-protected documents
• Encrypted email transmission
• Secure file transfer protocols
• Encrypted cloud storage solutions

8. International Transfers

Some of our service providers may process your data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including:

• Adequacy decisions confirming the recipient country provides adequate protection.
• Standard Contractual Clauses approved for UK GDPR compliance.
• Other mechanisms approved by the Information Commissioner's Office

We will only transfer your data internationally where we are satisfied that adequate levels of protection are in place to protect your information.

9. How Long We Keep Your Information

We retain your personal information for as long as necessary to provide our services and comply with our legal and regulatory obligations.

Minimum Regulatory Retention Periods

• Investment business: 5 years from the end of our relationship
• Mortgage business: 3 years from the end of our relationship.
• Insurance business: 5 years from the end of our relationship
• Pension transfers and pension opt-out business: Indefinitely.
• Anti-money laundering records: 5 years from the end of our relationship

Extended Retention

We may retain your information beyond the minimum periods where:

• It is necessary for our legitimate interests (such as defending complaints or claims)
• You have consented to longer retention.
• We are required to retain it by law.

In practice, we typically retain client records for up to 7 years after our relationship ends, except for pension transfer and opt-out business where we retain records indefinitely due to the long-term nature of pension advice and the regulatory requirement to maintain these records.

Deletion Requests

You have the right to request deletion of your personal data. We will comply with such requests unless we have a lawful basis to retain the information, such as ongoing regulatory obligations or legitimate interests in defending claims.

10. Your Rights

Under UK GDPR, you have the following rights:

10.1 Right of Access

You have the right to request a copy of the personal information we hold about you. We will provide this free of charge, normally within one month of your request.

10.2 Right to Rectification

If you believe any information, we hold about you is inaccurate or incomplete, you have the right to request correction. We have an obligation to ensure your information is accurate and up to date.

10.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, subject to our regulatory retention obligations and legitimate interests.

10.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of the data.

10.5 Right to Data Portability

Where your data is processed by automated means and the legal basis is consent or contractual necessity, you have the right to request that we transfer your data to another organisation in a structured, commonly used, and machine-readable format.

10.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop such processing unless we can demonstrate compelling legitimate grounds that override your interests.

10.7 Rights Related to Automated Decision-Making

We do not use fully automated decision-making or profiling that produces legal or similarly significant effects. All advice and recommendations are made by our qualified advisers based on professional judgment. However, we may use profiling tools to assist with:

• Risk assessment and investment strategy recommendations.
• Client segmentation for service delivery
• Identifying relevant financial planning opportunities

In all cases, human oversight and professional judgment remain central to our advice process.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in Section 18.

11. Marketing Communications

We would like to send you information about products and services that may be of interest to you, including:

• Updates on financial planning opportunities
• Information about new services we offer.
• Educational content and market updates
• Invitations to client events

Your Marketing Preferences

We will only send you marketing communications if:

• You have given us consent, or
• You are an existing client, and the communication relates to similar services.

You have the right to opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email.
• Contacting us by email or post (see Section 18)
• Informing us during any communication

Even if you opt out of marketing, we will still send you important service-related communications about your ongoing arrangements.

12. Communication Monitoring and Recording

To maintain quality standards, ensure compliance, and protect both your interests and ours, we may monitor and record communications with you, including:

• Telephone calls to and from our office.
• Email correspondence.
• Written correspondence
• Face-to-face meetings (with your knowledge)

Purposes of monitoring and recording:

• Quality assurance and training
• Regulatory compliance verification
• Prevention and detection of crime and fraud
• Resolving queries and complaints
• Verifying instructions and agreed actions.

We will retain these recordings in accordance with our retention policy outlined in Section 9.

13. Automated Decision-Making and Profiling

What is Automated Decision-Making?

Automated decision-making refers to decisions made solely by automatic means (using algorithms or computer software) without human involvement. We do not make decisions about your financial advice using fully automated processes.

What is Profiling?

Profiling is automated processing of personal information to evaluate certain personal aspects. We may use profiling tools to assist in:

• Risk assessment: Using information such as your age, income, and financial objectives to determine appropriate investment risk profiles.
• Investment strategy recommendations: Analysing your financial circumstances to suggest suitable wealth management approaches.
• Client segmentation: Categorising clients by financial needs to ensure appropriate service levels.
• Suitability assessment: Evaluating whether specific products align with your circumstances.

Important: All profiling activities are subject to human oversight. Our qualified financial advisers review all outputs and make final recommendations based on professional judgment and personal interaction with you.

14. Use of Artificial Intelligence (AI)

We are committed to transparency about our use of artificial intelligence technologies.

Our Use of AI

We may use AI tools to support our business processes and improve service delivery, including:

• Data analysis and pattern recognition
• Generating insights and recommendations to support (but not replace) adviser judgment.
• Enhancing operational efficiency
• Document processing and information extraction.
• Customer service support

Key Safeguards:

• Human oversight is always maintained over AI-generated outputs.
• AI assists but does not replace professional financial advice.
• Qualified advisers review and validate all advice and recommendations.
• We ensure AI processing does not prevent you from exercising your data rights.
• We continuously assess AI tools for accuracy, fairness, and compliance.

Key Safeguards:

Some of our service providers may use AI technologies in delivering services to us. Where this occurs:

• We approve such use in writing beforehand.
• We ensure human oversight of AI-generated decisions.
• We verify that AI usage complies with data protection requirements.
• We maintain the ability to intervene in automated processes.

Your Rights: Our use of AI does not affect your rights to access, correct, or delete your personal data, or to object to processing.

15. Cookies and Website Usage

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. We use cookies to:

• Remember your preferences.
• Understand how you use our website.
• Improve your user experience.
• Compile statistical reports on website activity.

Types of Cookies We Use

• Essential cookies: Necessary for the website to function properly (e.g., security, navigation)
• Analytics cookies: Help us understand how visitors use our website (e.g., Google Analytics)
• Functional cookies: Remember your preferences and choices.
• Performance cookies: Collect information about how you use our site to help us improve it.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to help us analyse how users interact with our site. The information generated (including your IP address) is transmitted to and stored by Google on servers which may be located outside the UK.

Google uses this information to:

• Evaluate your use of the website.
• Compile reports on website activity.
• Provide other services relating to website and internet usage.

Google may transfer this information to third parties where required by law or where such third parties process the information on Google's behalf.

Opting out of Google Analytics: You can opt out by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout

Managing Cookies

You can control and delete cookies through your browser settings. For more information about cookies and how to manage them, visit www.allaboutcookies.org

Please note that disabling certain cookies may affect the functionality of our website.

16. Security of Your Information

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures, including:

Technical measures:

• Secure, encrypted storage systems
• Encrypted data transmission
• Regular security assessments and updates
• Secure backup and disaster recovery systems
• Access controls and authentication requirements
• Firewall and intrusion detection systems.

Organisational measures:

• Staff training on data protection and confidentiality
• Confidentiality clauses in employment contracts
• Clear data handling procedures and policies
• Regular security audits
• Secure destruction of physical records when no longer required.
• Business continuity and disaster recovery plans
• Incident response procedures

Data Breach Notification: While we implement robust security measures, no data transmission over the internet is 100% secure. In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay and inform the Information Commissioner's Office as required by law.

17. Job Applicants

If you apply for employment with us, we will process your personal information in accordance with this section.

What Information We Collect

• Personal contact information (name, address, email, phone number)
• CV, cover letter, and application form information
• Education history and qualifications
• Employment history and references
• Right to work documentation
• Information collected during interviews.
• Professional accreditations and memberships

How We Use This Information

We process applicant information to:

• Evaluate your suitability for the role.
• Verify your qualifications and experience.
• Conduct reference and background checks.
• Comply with our legal obligations (right to work checks)
• Communicate with you about your application.

How Long We Retain Applicant Data

• Unsuccessful candidates: We retain your information for 6 months from the conclusion of the recruitment process.
• Successful candidates: Your application information becomes part of your employment record.

Your Rights

All rights outlined in Section 10 apply to job applicants. You can request access to, correction of, or deletion of your application information at any time.

18. Links to Other Websites

Our website may contain links to other websites. This privacy notice applies only to our website and services. When you link to other websites, you should read their own privacy policies, as we are not responsible for their privacy practices.

19. Changes to This Privacy Notice

We keep this privacy notice under regular review to ensure it remains accurate and compliant with legal requirements. Any updates will be posted on our website (and/or) inform you of any changes when they occur.

The date of the last update is shown at the top of this notice.

20. How to Contact Us

If you have any questions about this privacy notice, how we handle your personal information, or wish to exercise any of your rights, please contact us:

Email: mark.butterworth@latheandco.co.uk

Post:
Lathe and Co Wealth Advisers
2/2A Throgmorton Avenue
London
EC1A 9HF

21. How to Complain

If you are unhappy with how we have processed your personal data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113

Website: www.ico.org.uk

Email: casework@ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first if possible.