At Roberts Mackie Winstanley, we are committed to protecting and respecting your privacy.

This Privacy notice explains when and why we collect personal information about people who seek our services or visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this policy from time to time so please check our website occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this policy.

If there’s something you do not understand, please ask us to explain it.

This Privacy notice explains how Roberts Mackie Winstanley uses any personal information we collect about you.

If you have any questions about our Privacy notice or the information we hold about you, please do not hesitate to contact us:

Telephone: 01603 628403

In writing: GDPR
Roberts Mackie Winstanley
Jonathan Scott Hall
Thorpe Road

What do we mean by your ‘Personal Data’?

Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example: Your name, address, date of birth or National Insurance number. Your Personal Data may also identify you indirectly, for example: Your employment situation, your physical and mental health history or any other information that could be associated with your cultural or social identity.

In the context of providing our financial planning service, the Personal Data we process may include:

• Title, names, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity

• Employment and remuneration information (including salary/bonus schemes/overtime/sick pay/other benefits) and employment history

• Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependants

• Health status and history, details of treatment and prognosis and medical reports (further details are provided below specifically regarding the processing we may undertake in relation to this type of information)

• Any pre-existing investment, mortgage, finance or insurance products and the terms and conditions relating to these Where we provide an ongoing service to you, we will update the information we hold as part of our review process and retain notes for our records.

Special Category Personal Data (Sensitive Personal Data)

Some of the information we require may be classed as a ‘Special Category Personal Data’ under data protection legislation. The categories of Personal Data that are deemed to be sensitive by nature include: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning health.

Where you ask us to assist you with your insurance needs for example (in particular life insurance and insurance that may assist you in the event of an accident or illness), we will ask you for information about your ethnic origin, your health and your medical history. This type of information is considered Special Category Personal Data.

We will record and use your Special Category Personal Data to make enquiries of insurance providers in relation to insurance products that may meet your needs and to provide you with advice regarding the suitability of any product that may be available to you.

If you have parental responsibility for children under the age of 13, it is also very likely that we will record information on our systems that relates to those children and potentially, to their Special Category Personal Data.

The arrangement of certain types of insurance may involve disclosure by you to us of information relating to historic or current criminal convictions or offences (known as ‘Criminal Disclosures’). This is relevant to insurance-related activities such as underwriting, claims and fraud management.

We will use Special Category Personal Data and any Criminal Disclosures in the same way as your Personal Data generally, as set out in this Privacy notice.

Information on Special Category Personal Data and Criminal Disclosures must be capable of being exchanged freely between insurance intermediaries such as our Firm and insurance providers, to enable customers to secure the insurance protection that their needs require.

Information about connected individuals

We may need to gather personal information about your close family members and dependants to enable us to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We will provide a copy of this Privacy notice to them or, where appropriate, ask you to pass our privacy information to them.

How do we collect your Personal Data?

We will collect and record your Personal Data from a variety of sources, but mainly directly from you. You will usually provide information during our initial meetings or conversations with you to establish your circumstances, needs and preferences in relation to investment and insurance. You will provide information to us verbally and in writing, including via email. We may also obtain some information from third parties, for example, information from your employer, and searches of information in the public domain such as the electoral register. With regards to electronic ID checks, we do not require your consent to verify your identity using an online identity verification system. Our Client agreement sets out how such software operates and the purpose for which it is used.

We may also collect information when you voluntarily complete client surveys or provide feedback to us.

Information relating to usage of our website is collected using cookies. These are text files placed on your computer to collect standard internet log information and visitor behaviour information. We will use your information collected from the website to personalise your repeat visits to the site.

Why do we need to collect and use your Personal Data?

The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. Without collecting your Personal Data, we would also be unable to fulfil our legal and regulatory obligations.

Where Special Category Personal Data is required, we will obtain your explicit consent to collect and process this information.

How will we use the information we collect about you?

We collect information about you in order to provide you with the services for which you engage us.

We will use your information to:

• Act as the basis for any advice we provide

• Carry out our obligations arising from any contracts entered into by you and us

• Provide information to investment providers or life assurance firms for the purposes of arranging products and services for you

• Provide our ongoing service to you

• Meet our regulatory obligations in the services we provide to you.

Who do we share your information with?

We will not sell or rent your information to third parties.

We will not share your information with third parties for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law.

In order to deliver our services to you effectively, we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you and life assurance firms, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf such as paraplanning and compliance support.

Where third parties are involved in processing your data, we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions. We will not release your information to third parties outside of this firm to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

To fulfil our obligations in respect of the prevention of money laundering and other financial crime, we may send your details to third-party agencies for the purposes of identity verification.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it is retained securely and processed in a confidential manner. Your information may be accessed by your adviser and our support staff for the purposes of providing our services to you. In addition, it may be accessed by senior managers and our compliance consultants (or the FCA) for the purposes of ensuring compliance with our regulatory obligations and reviewing the quality of our advice.

Information may be transmitted normally over the internet, and this can never be guaranteed to be 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information that passes between us, and you should consider the risk of this. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We endeavour to take all reasonable steps to protect your Data, including the use of encryption technology, but cannot guarantee the security of any Data you disclose online. You accept the inherent security implications of dealing online over the Internet and will not hold us responsible for any breach of security unless we have been negligent or in wilful default.

If we email you, our email will be encrypted. However, unless you have encryption software, your response may not be.

Transferring your information outside of Europe

We do not envisage that the performance by us of our service will involve your Personal Data being transferred outside of the European Economic Area (EEA).

If in the future, the information that you provide to us is transferred to countries outside the EEA (by way of example, this could happen if any of our third-party providers’ servers were located in a country outside of the EEA), you accept the inherent security implications of dealing with such countries, which may not have similar data protection laws to the UK. By submitting your Personal Data, you’re agreeing to this potential transfer, storing or processing. If we or a third-party provider were to transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

How long will we hold your information for?

We will retain the Personal Data that is necessary to provide our services to you for the course of our relationship with you. We will take all reasonable steps to keep your Personal Data up to date throughout our relationship.

We are also subject to regulatory requirements to retain your Personal Data for specified minimum periods. These are, generally:

• Five years for investment business

• Indefinitely for pension transfers and opt-out business

• Three years for insurance business

These are minimum periods, during which we have a legal obligation to retain your records. Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or, in instances whereby we have the legal right to or a legitimate interest in such information, we will retain our records indefinitely, but will cease future processing at your request.

You have the right to request the deletion of your Personal Data. We’ll comply with this request subject to the restrictions of our regulatory obligations and legitimate interests as noted above.

How can I access the information you hold about me?

Subject to certain exceptions, you have the right to have access to and/or correct any personal information that Roberts Mackie Winstanley holds about you (your ‘Personal Data’): This is known as a ‘Subject access request’.

If you wish to make a Subject Access Request to view a copy of some or all of your personal information, please telephone, email or write to us using the contact details provided in this document. We will be happy to send you our Subject access request form, which confirms the information we will need to complete your request. You are not obliged to use this form but, if you do not, please ensure that you provide us with all the information necessary, including proof of identity, to enable us to complete your request.

The accuracy of your information is important to us. Where we provide an initial advice service only, the information we hold will reflect your situation at that time and we will not normally update this (apart from a change of contact information). Where we are providing an ongoing service, we will update the information as appropriate when we undertake a review with you. If you change your contact information between reviews, please notify us and we will update our records.

We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.


We would like to send you information about our products and services that may be of interest to you. If you agree to receive marketing information, you have the right at any time to stop us from contacting you for marketing purposes.

If you no longer wish to be contacted for marketing purposes, please contact us using the details set out at the end of this notice.


We use cookies to track visitor use of our website and to compile statistical reports on website activity. It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website. More information about our Cookie policy is provided on our website: For further information on cookies, including how to turn them off and how to remove them, visit:

Links to other websites

Our website may contain links to other websites run by other organisations. This Privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.

What if you are unhappy with the way your Personal Data is processed?

You have the right to lodge a complaint with the supervisory authority for data protection if you are unhappy with the way we have processed your Personal Data. In the UK this is:

Telephone: 0303 123 1113 (local rate)

In writing: Information Commissioner’s Office
Wycliffe House
Water Lane

You can find out more at:

Changes to our Privacy notice

We keep our Privacy notice under regular review and we may update this policy from time to time by publishing a new version on our website. If we make a material change to our Privacy notice we will inform you. Our Privacy notice is available on our website at By using our website, you’re agreeing to be bound by this policy. This Privacy notice was last updated on 4 November 2019.

Contact us

The Data Privacy Officer
Roberts Mackie Winstanley
Jonathan Scott Hall, Thorpe Road
Norwich, Norfolk NR1 1UH

T: 01603 628403
F: 01603 661223
Find us at:

© 2019 Roberts Mackie Winstanley