Our Privacy Policy


Lucas Fettes Financial Planning is committed to protecting your privacy and maintaining the security of any personal information received from you. We adhere to the requirements of the Data Protection Act (2018) in the UK.

We reserve the right to freely amend this policy as appropriate, however we shall only use your information as described by our Privacy Policy in place at the time that your data was collected. This was last updated in April 2019.


Information we gather about you


We do not collect any sensitive information about you unless you provide us with the information.

If you complete any of our contact forms, you will have provided us with a combination of your name, email address and/or telephone number.

  • In order to provide a financial planning service to you both initially and ongoing we will collect and hold certain information required regarding your financial and personal circumstances. This may also include special categories of personal data such as information about your health, if this is necessary for the provision of our services. This is also applicable to corporate clients, where we may need to be provided with company and/or employee data in order to suitably deliver our service.

As such, in both instances it is the client’s responsibility to keep us informed of their up-to-date information.


How we use your information


We use your information to:

  • Respond to your questions via the contact forms on our website
  • Send you appropriate information you have requested
  • Ensure the appropriate expert contacts you if you have requested contact from us
  • Undertake internal marketing analysis
  • Keep your financial data and circumstances up to date in order to ensure that our advice continues to be in your best interest (where we have agreed to provide this service)
  • Where applicable we will share your information with providers so that we can recommend and deliver the correct service for you and your circumstances. We will have contracts in place so that we agree how they may use your data

These organisations may include; Virtual Cabinet, IRESS and moneyinfo Limited, who host our online client portals and give access to our online valuation and/or secure document transmission services; IRESS, who host our online comparison quotation portal; Voyant, who host our online cash flow planning tool; and Selectapension, who host our online research tool.

  • Contact you with information we deem relevant to you. You reserve the right to unsubscribe at any time
  • If you apply for a vacancy with us, we shall use your information to assess your suitability and to respond to you

Information about connected individuals


We may need to gather personal information about your close family members and dependents in order to provide our services to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We can provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.

Data Controllers


We are a Data Controller for all personal data collected about our private clients. We will only ever use your data for the purpose it was initially collected, unless we have a separate lawful basis. We will always be forthcoming about how we wish to use your information.
Employers we are providing services to will be the controller of data in respect of its employees. We will also act as a Data Controller.
Product providers and insurers that we share information with, for the purpose of providing our services, are not to be viewed as Sub-processors, but as Data controllers. They will have their own contracts with you for this.

Data Processors


Data processors are third parties who provide elements of our service for us. We have contracts in place with our data processors which restricts the use of your data. By this we mean that they cannot do anything with your personal information unless we have instructed them to do it. We will never permit Data Processors to share your personal information with any organisation apart from us, unless it forms part of our service to you. Data Processors will retain your information securely and are obliged to report any breach to us immediately, without hesitation – by which time we shall report it directly to the appropriate authority.

Data retention


Your information shall be retained by us for up to 7 years, thereafter it shall be deleted unless we are required by law or regulatory rules to keep it for a longer period. Where ongoing advice and financial transactions have taken place we may retain records for longer than this period so that we are able to provide these to the regulator if required or demonstrate historical advice given.

Lawful basis for processing


To effectively provide our service to you we will conduct different processing activities which concern your data. In these instances, it is likely that we shall a have a different lawful basis for each processing activity.

We shall only provide communications to you that are not directly attributed to the core service we provide to you where there is Legitimate Interest. For these instances we will have conducted the appropriate Legitimate Interest Assessments (LIA). For communications which do form part of our core service, a lawful basis will not be required.

As aforementioned, where applicable, we will have a contractual or legislative obligation for data processing which will permit us to retain, share, or refuse access to, personal and financial information where we typically would not. Where this is the case you shall be informed as to why, as well as the contact details of who to contact should you wish to complain.

We will continue to ensure that we have the suitable measures in place to continue to use the appropriate lawful basis for our processing activities.

What will we not do?


  • We will never ask you for access to your passwords and will take every available action to protect your information. We recommend that you keep your password information safe always and refrain from sharing it with other individuals.
  • We will never sell, share or rent your personal information to any third party, other than approved service providers, without your express permission. We will never share your information internally, unless it is part of that individuals job role.
  • We will never send you material that does not form part of our core service to you without the presence of legitimate interest.

Individuals rights


Your full set of rights are:

  • The right to be informed of the data we hold concerning you and how we process that? information
  • The right of access to the information we hold concerning you (Subject Access Request)
  • The right to request rectification of your information
  • The right to be forgotten (Erasure)
  • The right to restrict the processing of your data
  • The right to object to our processing activities/ or withdraw consent.

You hold the right to request access to any data we hold that concerns you, as well as the amendment and erasure of this. However, we do retain the right to deny a Subject Access Request if it is manifestly excessive or unfounded.

Similarly, an erasure request will also be denied where we are obligated to keep the data. This includes through applicable legislation, at the regulator’s request or where there is risk to us. Where this is the case you shall be informed as to why. In addition, you shall be given the contact details of the correct supervisory body should you wish to complain.

Telephone calls


It is necessary for us to make a record all telephone calls where advice is given, an agreement is made or where we deem it necessary. This is so that we comply with the guidelines set out by our regulatory body and the applicable legislation. We reserve this right as a contingency concerning any potential future concerns.



Similar to our telephone policy, we reserve the right to store emails where we give advice or when an agreement is made. We may also retain emails where advice is not given if we deem this is required as a record for future reference. These emails will be stored by us for up to 7 years, thereafter they shall be deleted unless we are required by law or regulatory rules to keep them for a longer period. All emails deemed to be unnecessary will be deleted prior to this period.

In order to continue to provide you with the highest level of service we may need to share your information with providers to ensure competitive rates. This will typically be through email.

For the communication of sensitive information through email, we utilise an external service which allows us to encrypt and password protect emails and subsequent attachments. This along with the ability to integrate the automatic expiration of an email after an agreed period of time, significantly reduces the risk of data breaches. This system also helps to protect us from receiving malicious emails.

For some of our relevant news and content updates we use a third party service, Mailchimp. This enables us to track statistics surrounding the opening of these emails and the overall engagement of the recipients with the featured content. For more information please view MailChimp’s Privacy Policy.

Similarly, to deliver tailored surveys and questionnaires to our clients we use third party service SurveyMonkey. This enables us to track the statistics surrounding the engagement of our audience with our content. For more information please refer to SurveyMonkey’s Privacy Policy.

Our website


When a visitor enters our website we use Google Analytics to monitor their behaviour. This allows us to track things such as pages visited, the length of time they spend within each section and how many visitors we receive. We use this to attempt to improve our website engagement and service as a whole, by no means do we acquire any specific, personal information related to any individual.

If you complete a contact form on our website, you will have provided us with your name, email address and/or telephone number.



A cookie is a small file that can be placed on your device that allows us to recognise and remember you. It is sent to your browser and stored on your computer’s hard drive, tablet or mobile device. When you visit out site we may collect information from you automatically through cookies or similar technology. This helps us to count the number of unique visitors to our site and see how visitors move around the site.

In turn helping us to improve the way our website works, looks and can help us to adjust the site accordingly. Our cookie doesn’t collect any personal information about you and does your computer no harm at all.

If you do not want us to set this cookie on your computer, you can disable cookies through the privacy settings on your internet browser – you will find these settings in the tools menu.

Social Media


We use Hootsuite, a third party service, to schedule and upload posts to LinkedIn and Twitter.

If you send us a direct message it shall be stored by Hootsuite until which time we deem it suitable to delete it. These messages will not be shared with any other organisation by us. For further information please read Hootsuite’s Privacy Policy.

Job applicants


If you apply for a vacancy with us we will retain your information in order to assess your applicability for the role that you have applied for. This is applicable for the entirety of our recruitment process. Currently we retain candidate information for a maximum of 12 months after the end of our recruitment process, unless you request for us to keep your details or give consent for your details to be kept in our system.

We will never use the information we gather for recruitment for any other purpose; we may however, with your permission, keep your information for similar vacancies that may arise in the future if you are unsuccessful with your primary application(s).
All information is kept digitally, we do not hold paper files concerning candidates.



Our employees, suppliers and professional partners will only have access to information concerning you if it is part of their job role and only for the specific purposes outlined within this Privacy Policy.

Information security


We proactively undertake the appropriate technical and organisational security measures to protect against the loss, misuse or alteration of your data used by our system.

Data Protection Officer


We have emplaced a dedicated Data Protection Officer who is responsible for ensuring the security of any sensitive data that we handle. Our DPO regularly checks our data handling procedures to certify that the risk of data security breaches and the potential for misuse of data is minimalised.

In the case of a data breach, our DPO would report this to the appropriate authority immediately.

To contact our DPO please call 01603 706 820 or email info@lffp.co.uk. Alternatively, address your letter to “Data Protection Officer” using the office address provided.

Links to other websites


This Privacy Policy does not cover the links from our website and content to other websites. In these instances we recommend and encourage you to read the Privacy Policy of each external website you visit.


What can you do if you are unhappy with how your personal data is processed?


You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:

  • Information Commissioner’s Office
  • Wycliffe House
  • Water Lane
  • Wilmslow
  • Cheshire
  • SK9 5AF

Policy amendments


For updates to our Privacy Policy please check our website regularly. Any considerable changes shall be conveyed via email or post, dependent on your preferences.

Contact us


If you are concerned about the information we hold about you, need to update your information, or have a query regarding our Privacy Policy, please contact us;

Email: info@lffp.co.uk
Telephone: 01603 706 820


  • Lakeside 500
  • Old Chapel Way
  • Broadland Business Park
  • Norwich
  • NR7 0WG
Request call back
close slider