Privacy Policy

We obtain information about you in a few ways:

Directly from you:

When you use our website (e.g., fill out a contact form), communicate with us by phone, email, or post, or during our "getting to know you" process for advice or services.

From third parties:

With your consent, we may obtain information directly from investment providers, life assurance firms, or other financial services providers relevant to your existing investments or policies.

Automatically:

When you visit our website, we automatically collect certain technical data about your device and Browse actions.

Information may be obtained from you face-to-face, over the phone, through email, or via online documentation. As this information is crucial for us to provide our services, if you choose not to provide it, we may not be able to advise you.

The personal information we collect depends on how you interact with us:

When you visit our website we may collect your IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of your visits. This data helps us understand how our website is used and ensure its security.

If you are seek advice or other services from us we will undertake a comprehensive process to understand your needs. This will include obtaining detailed information about your personal and financial circumstances and objectives (e.g., name, contact details, date of birth, employment, income, assets, liabilities, family details). Where you have existing investments or policies, we will obtain information on these either from you or, with your consent, directly from the relevant providers. We will also assess your Attitude to Risk and Capacity for Loss and record this in our documentation. We will retain records of any investments or policies that you arrange through us.

If we provide an ongoing service, we will update this information as part of our regular review process.

Special Category Personal Data:

There may be situations where we need to collect and process a special category of personal data about you, such as health information. This occurs most commonly when we are arranging life assurance or protection products that require medical underwriting. In such cases, we will always explain why we need this data and obtain your explicit consent to process it.

Children's Personal Data:

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data relating to children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that information as quickly as possible.

Under UK data protection law, we must have a "lawful basis" for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. The specific lawful basis we rely on for processing your data may affect the data protection rights you have. You can find out more about lawful bases on the ICO’s website.

We rely on the following lawful bases for collecting and using your personal information to provide and improve products and services for clients:

Consent:

When we process your data based on your consent, we have obtained your clear permission after providing you with all the relevant information. You have the right to withdraw your consent at any time. When processing is based on consent, all of your data protection rights (listed below) may apply, except for the right to object.

Examples of use: Sending you marketing communications you've signed up for, processing special category data like health information for life assurance.

Contract:

We collect or use your information because it's necessary to enter into or carry out a contract with you, such as providing financial advice or arranging a product. When processing is based on contract, all of your data protection rights (listed below) may apply, except for the right to object.

Examples of use: Using your financial information to prepare advice, communicating with you about your ongoing service, sending your details to an investment provider to open an account for you.

Legal Obligation:

We collect or use your information because we have a legal obligation to do so, such as complying with regulations set by the Financial Conduct Authority (FCA), preventing fraud, or meeting tax requirements. When processing is based on legal obligation, all of your data protection rights (listed below) may apply, except for the right to erasure, the right to object, and the right to data portability.

Examples of use: Retaining records for specified periods as required by the FCA, carrying out anti-money laundering checks.

Legitimate Interests:

We may process your data where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests. We ensure these interests are balanced against your rights.

Examples of use: Monitoring website usage to improve user experience, internal analytics for business improvement, ensuring the security of our systems.

Your Data Protection Rights:

You have the following rights under UK data protection law. To make a data protection rights request, please contact us using the contact details provided in the 'Contact Us' section of this privacy notice. If you make a request, we must respond to you without undue delay and in any event within one month.

Your right of access:

You have the right to ask us for copies of your personal information. You can also request other information, such as details about where we obtained your personal information from and who we share it with. There are some exemptions which mean you may not receive all the information you ask for.

Your right to rectification:

You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

Your right to erasure (the 'right to be forgotten'):

You have the right to ask us to delete your personal information in certain circumstances. Please note that our legal and regulatory obligations (as outlined in section 4) may require us to retain certain information even if you request erasure.

Your right to restriction of processing:

You have the right to ask us to limit how we can use your personal information in certain situations. This means we may be able to store your data but not actively process it.

Your right to object to processing:

You have the right to object to the processing of your personal data where we are relying on legitimate interests as our lawful basis, or for direct marketing purposes.

Your right to data portability:

You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in a structured, commonly used, and machine-readable electronic format. This right applies when processing is based on consent or contract.

Your right to withdraw consent:

When we use consent as our lawful basis for processing your personal information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

We retain your personal information for no longer than is necessary for the purposes for which it was collected, as outlined in this Policy, or as required by law. The specific retention periods vary depending on the nature of the service provided and the type of information. This is primarily determined by:

Legal and regulatory obligations:

For example, Financial Conduct Authority (FCA) rules require us to retain records for specific periods, such as typically 5 years for investment advice, indefinitely for pension transfers and opt-out, and for the life of the policy for protection business.

The duration of our ongoing relationship with you:

We will retain data for the period you remain a client and for a reasonable period thereafter.

The necessity to defend or pursue legal claims:

We may retain data for the duration of any limitation periods for potential legal claims.

Our legitimate business needs:

For internal record-keeping, audit purposes, and to provide continuity of service.

We value your privacy and will not sell or rent your personal information to third parties. We also will not share your information with third parties for marketing purposes.

Within Rainbird Financial Ltd, your information may be accessed by your financial adviser, our support staff for the purposes of providing our services to you, and senior managers. Additionally, our compliance consultants (or the FCA) may access your data for regulatory oversight, to ensure compliance with our obligations, and to review the quality of our advice.

We use various carefully selected third-party service providers (also known as data processors) to help us deliver our services efficiently and securely. These include:

• Investment houses and life assurance firms to arrange and administer the products and services you choose.
• Paraplanning and compliance support services to assist with detailed advice preparation and regulatory adherence.
• IT support and cloud hosting providers for the secure storage and management of our IT infrastructure and data.
• Client Relationship Management (CRM) software providers to manage client records and interactions.

When we use third-party service providers, we only disclose the personal information that is necessary for them to perform their specific service. We have robust contracts (Data Processor Agreements) in place with these third parties that require them to:

• Keep your information secure and confidential.
• Process the data only on our instructions.
• Not use your information for their own direct marketing purposes.

We will not release your information to third parties beyond these essential service providers, unless you have specifically requested us to do so, or if we are required to by law (for example, by a court order or for the purposes of prevention of fraud or other crime).

We will contact you as appropriate to provide the agreed services. Where this includes our ongoing service, we will contact you at the agreed intervals to undertake our review. We may also contact you in between agreed intervals if we believe you need to take action (e.g., if you should consider making ISA or pension contributions before a tax year end) or be aware of significant changes in the economic situation relevant to your financial planning. Our lawful basis for these service communications is the performance of our contract with you.

We will not contact you for marketing purposes by post, email, phone, or text message unless you have given your prior consent. You can change your marketing preferences at any time.

When you give us personal information, we take steps to ensure that it is retained securely and processed in a confidential manner. We implement appropriate technical and organisational security measures, including:

Encryption:

To protect data during transmission and at rest where appropriate.

Access Controls:

Limiting access to personal information only to authorised personnel who have a business need to know.

Firewalls and antivirus software:

To protect our systems from unauthorised access and malicious software.

Regular security assessments:

To identify and address potential vulnerabilities.

Your information may be accessed by your adviser and our support staff for the purposes of providing our services to you. In addition, it may be accessed by senior managers and our compliance consultants (or the FCA) for the purposes of ensuring compliance with our regulatory obligations and reviewing the quality of our advice.

Information transmitted over the Internet can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information that passes between us, and you should consider this inherent risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Our website uses cookies to help improve your experience and understand how our site is used. 'Cookies' are small text files sent by a website to your computer and stored on your hard drive, allowing the website to recognise you on subsequent visits. They collect statistical data about your browse actions and patterns.

We use cookies for:

Strictly Necessary Cookies:

These are essential for our website to function correctly (e.g., managing your session, ensuring security). We do not require your consent for these.

Analytics/Performance Cookies:

These help us understand how visitors interact with our website, showing us which pages are popular and where we can improve.

Functionality Cookies:

These allow the website to remember choices you make (e.g., your country preference) to provide enhanced, more personal features.

Your Cookie Choices:

For all non-essential cookies (like analytics and functionality cookies), we obtain your explicit consent before they are placed on your device. You can manage your cookie preferences at any time through our [Link to Cookie Consent Tool / Cookie Settings] or by adjusting your web browser settings to refuse cookies. Please be aware that turning off cookies may affect certain functionalities when using our website.

When you visit our website, we use cookies (as described in Section 9) to assign you a randomly generated unique identifier. We log your activity on our website against this identifier. This information is added to your user profile to monitor your website activity and understand user behaviour. We use this data to analyse trends, administer the site, track users’ movements around the site, and gather demographic information about our user base as a whole.

This is used to improve our website, tailor content, and understand user engagement, with a Lawful Basis and our legitimate interests in continually improving our business and services (UK GDPR Article 6(1)(f)) we do not use this profiling for automated decision-making that produces legal effects concerning you or similarly significantly affects you.

Our website may contain links to other websites run by other organisations. This Privacy Policy applies only to our website. Therefore, we encourage you to read the privacy statements on any other websites you visit. We cannot be responsible for the privacy policies and practices of other sites, even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site, and we recommend that you check the policy of that third-party site.

As part of the services offered to you, the personal information we collect may be transferred to, and stored at, a destination outside the United Kingdom ('UK'). This may happen if, for example, any of our service providers' servers are located in a country outside of the UK. These countries may not have data protection laws that are as comprehensive as those in the UK.

When we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government (e.g., through an adequacy regulation).

Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. These include the International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses (SCCs).

The transfer is necessary for the performance of a contract between you and us, or for pre-contractual steps taken at your request (UK GDPR Article 49(1)(b)).

The transfer is made with your explicit consent after you have been informed of the possible risks of such transfers (UK GDPR Article 49(1)(a)).

By providing your personal data, you acknowledge that such transfers may take place under these safeguards. If you use our services while you are outside the UK, your information may be transferred outside the UK in order to provide you with those services.

If you believe that we are not handling your information correctly or are unhappy with any dealings with us regarding your information, you have the right to complain to the Information Commissioner's Office (ICO), the UK's independent authority for data protection.

You can contact the ICO via their website: https://ico.org.uk/concerns or by calling 0303 123 1113.

We keep this Privacy Policy under regular review. This Policy was last updated in June 2025.