Privacy policy

Lucas Fettes Financial Planning is committed to protecting your privacy and maintaining the security of any personal information received from you. We adhere to the requirements of the Data Protection Act (2018) in the UK.

Our privacy policy

We reserve the right to freely amend this policy as appropriate, however we shall only use your information as described by our privacy policy in place at the time that your data was collected.

This page was last updated in September 2023.

Information we gather about you

We do not collect any sensitive information about you unless you provide us with the information.

If you complete any of our contact forms, you will have provided us with a combination of your name, email address and/or telephone number.

  • In order to provide a financial planning service to you both initially and ongoing we will collect and hold certain information required regarding your financial and personal circumstances. This may also include special categories of personal data such as information about your health, if this is necessary for the provision of our services. This is also applicable to corporate clients, where we may need to be provided with company and/or employee data in order to suitably deliver our service.


As such, in both instances it is the client’s responsibility to keep us informed of their up-to-date information.

How we use your information

We use your information to:

  • respond to your questions via the contact forms on our website;
  • send you appropriate information you have requested;
  • ensure the appropriate expert contacts you if you have requested contact from us;
  • undertake internal marketing analysis;
  • keep your financial data and circumstances up-to-date in order to ensure that our advice continues to be in your best interest (where we have agreed to provide this service); and
  • where applicable, we will share your information with providers so that we can recommend and deliver the correct service for you and your circumstances. We will have contracts in place so that we agree how they may use your data.


These organisations may include; Virtual Cabinet, IRESS and Time4Advice, who host our online client portals and give access to our online valuation and/or secure document transmission services; IRESS, who host our online comparison quotation portal; Voyant, who host our online cash flow planning tool; and Selectapension, who host our online research tool.

  • Contact you with information we deem relevant to you. You reserve the right to unsubscribe at any time
  • If you apply for a vacancy with us, we shall use your information to assess your suitability and to respond to you

Information about connected individuals

We may need to gather personal information about your close family members and dependents in order to provide our services to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We can provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.

Data controllers

We are a data controller for all personal data collected about our private clients. We will only ever use your data for the purpose it was initially collected, unless we have a separate lawful basis. We will always be forthcoming about how we wish to use your information.

Employers we are providing services to will be the controller of data in respect of its employees. We will also act as a data controller.

Product providers and insurers that we share information with, for the purpose of providing our services, are not to be viewed as sub-processors, but as data controllers. They will have their own contracts with you for this.

Data processors

Data processors are third parties who provide elements of our service for us. We have contracts in place with our data processors which restricts the use of your data. By this we mean that they cannot do anything with your personal information unless we have instructed them to do it. We will never permit data processors to share your personal information with any organisation apart from us, unless it forms part of our service to you. Data processors will retain your information securely and are obliged to report any breach to us immediately, without hesitation – by which time we shall report it directly to the appropriate authority.

Data retention

Your information shall be retained by us for up to seven years, thereafter it shall be deleted unless we are required by law or regulatory rules to keep it for a longer period. Where ongoing advice and financial transactions have taken place we may retain records for longer than this period so that we are able to provide these to the regulator if required or demonstrate historical advice given.

Lawful basis for processing

To effectively provide our service to you we will conduct different processing activities which concern your data. In these instances, it is likely that we shall a have a different lawful basis for each processing activity.

We shall only provide communications to you that are not directly attributed to the core service we provide to you where there is legitimate interest. For these instances we will have conducted the appropriate Legitimate Interest Assessments (LIA). For communications which do form part of our core service, a lawful basis will not be required.

As aforementioned, where applicable, we will have a contractual or legislative obligation for data processing which will permit us to retain, share, or refuse access to, personal and financial information where we typically would not. Where this is the case you shall be informed as to why, as well as the contact details of who to contact should you wish to complain.

We will continue to ensure that we have the suitable measures in place to continue to use the appropriate lawful basis for our processing activities.

What will we not do?

  • We will never ask you for access to your passwords and will take every available action to protect your information. We recommend that you keep your password information safe always and refrain from sharing it with other individuals.
  • We will never sell, share or rent your personal information to any third party, other than approved service providers, without your express permission. We will never share your information internally, unless it is part of that individuals job role.
  • We will never send you material that does not form part of our core service to you without the presence of legitimate interest.

Individuals rights

Your full set of rights are:

  • the right to be informed of the data we hold concerning you and how we process that information;
  • the right of access to the information we hold concerning you (subject access request);
  • the right to request rectification of your information;
  • the right to be forgotten (erasure);
  • the right to restrict the processing of your data; and
  • the right to object to our processing activities/ or withdraw consent.


You hold the right to request access to any data we hold that concerns you, as well as the amendment and erasure of this. However, we do retain the right to deny a subject access request if it is manifestly excessive or unfounded.

Similarly, an erasure request will also be denied where we are obligated to keep the data. This includes through applicable legislation, at the regulator’s request or where there is risk to us. Where this is the case you shall be informed as to why. In addition, you shall be given the contact details of the correct supervisory body should you wish to complain.

Telephone calls

It is necessary for us to make a record all telephone calls where advice is given, an agreement is made or where we deem it necessary. This is so that we comply with the guidelines set out by our regulatory body and the applicable legislation. We reserve this right as a contingency concerning any potential future concerns.


Similar to our telephone policy, we reserve the right to store emails where we give advice or when an agreement is made. We may also retain emails where advice is not given if we deem this is required as a record for future reference. These emails will be stored by us for up to seven years, thereafter they shall be deleted unless we are required by law or regulatory rules to keep them for a longer period. All emails deemed to be unnecessary will be deleted prior to this period.

In order to continue to provide you with the highest level of service we may need to share your information with providers to ensure competitive rates. This will typically be through email.

For the communication of sensitive information through email, we utilise an external service which allows us to encrypt and password protect emails and subsequent attachments. This along with the ability to integrate the automatic expiration of an email after an agreed period of time, significantly reduces the risk of data breaches. This system also helps to protect us from receiving malicious emails.


We would like to send you information about our products and services. You have a right at any time to stop us from contacting you for marketing. If you no longer wish to be contacted for marketing purposes, please contact us by email or post, or by clicking here. Please ensure you include your full name and that of your financial planner/ employee benefits consultant.

For some of our relevant news and content updates we use a third party service, Mailchimp. This enables us to track statistics surrounding the opening of these emails and the overall engagement of the recipients with the featured content. For more information please view MailChimp’s privacy policy.

Similarly, to deliver tailored surveys and questionnaires to our clients we use third party service SurveyMonkey. This enables us to track the statistics surrounding the engagement of our audience with our content. For more information please refer to SurveyMonkey’s privacy policy.

Our website

When a visitor enters our website, we use Google Analytics (GA4) to monitor their behaviour. This allows us to track things such as pages visited, the length of time they spend within each section and how many visitors we receive. We use this to attempt to improve our website engagement and service as a whole, by no means do we acquire any specific, personal information related to any individual. If you complete a contact form on our website, you will have provided us with your name, email address and/or telephone number.


Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to make improvements. These cookies are categorised.

  • Strictly necessary  – Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
  • Analytical/performance – Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors. Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics (E.g. the number of visitors, bounce rate, and traffic source).
  • Functionality – These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
  • Advertisement – Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customised ads.
  • Other – Uncategorised cookies are those that are being analysed and have not been classified into a category as yet.


Upon entering our site, you will be given the choice to accept or reject all cookies or to customise your preferences. Alternatively, you can disable cookies through the privacy settings on your internet browser – you will find these settings in the tools menu.

For more general information about cookies, please visit or

Social media

We use third-party social media services LinkedIn, X/Twitter and Youtube.

If you send us a direct message it shall be stored until which time we deem it suitable to delete it. These messages will not be shared with any other organisation by us.

Job applicants

If you apply for a vacancy with us we will retain your information in order to assess your applicability for the role that you have applied for. This is applicable for the entirety of our recruitment process. Currently we retain candidate information for a maximum of 12 months after the end of our recruitment process, unless you request for us to keep your details or give consent for your details to be kept in our system.

We will never use the information we gather for recruitment for any other purpose; we may however, with your permission, keep your information for similar vacancies that may arise in the future if you are unsuccessful with your primary application(s).

All information is kept digitally, we do not hold paper files concerning candidates.


Our employees, suppliers and professional partners will only have access to information concerning you if it is part of their job role and only for the specific purposes outlined within this privacy policy.

Information security

We proactively undertake the appropriate technical and organisational security measures to protect against the loss, misuse or alteration of your data used by our system.

Data Protection Officer

We have a dedicated Data Protection Officer who is responsible for ensuring the security of any sensitive data that we handle. Our DPO regularly checks our data handling procedures to certify that the risk of data security breaches and the potential for misuse of data is minimalised.

In the case of a data breach, our DPO would report this to the appropriate authority immediately.

To contact our DPO please call 01603 706 820 or email Alternatively, address your letter to “Data Protection Officer” using the office address provided.

Links to other websites

This privacy policy does not cover the links from our website and content to other websites. In these instances we recommend and encourage you to read the privacy policy of each external website you visit.

What can you do if you are unhappy with how your personal data is processed?

You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:

  • Information Commissioner’s Office
  • Wycliffe House
  • Water Lane
  • Wilmslow
  • Cheshire
  • SK9 5AF

Policy amendments

For updates to our Privacy Policy please check our website regularly. Any considerable changes shall be conveyed via email or post, dependent on your preferences.

Contact us

If you are concerned about the information we hold about you, need to update your information, or have a query regarding our Privacy Policy, please contact us;

Email –
Telephone – 01603 706 820
Post –

  • Lakeside 500
  • Old Chapel Way
  • Broadland Business Park
  • Norwich
  • NR7 0WG

What our clients say

How do we do it?

Our processes ensure we maintain the highest standards and continue to deliver suitable outcomes for our clients.

Contact us

To find out how we can help you, please get in touch today by completing our short contact form.

We have offices in Norwich, Diss, Peterborough, Chichester and London. Other members of our expert team are also available remotely across the UK.