Surrey Hills Financial Management Limited Privacy Policy
If you would like this document in larger print or in another format, please contact us
We take your privacy seriously and are committed to handling your personal information lawfully, fairly and transparency under the UK GDPR and the Data Protection Act 2018.
This privacy notice explains how we collect, use, share, store and protect your personal information – including where we use artificial intelligence (AI) or automated tools.
Contact details
Please contact us if you have any questions about our privacy policy or personal information, we hold about you.
Via post
Surrey Hills Financial Management Limited, Farley Heath Cottage, Farley Heath Road, Farley Heath, Guildford, Surrey, GU5 9EW
Via phone
01483 779917
Via email
Julie.hazlewood @surreyhillsfm.co.uk
What personal information we collect
We will collect or use your personal information when you engage us for financial planning / financial advice / investment management services.
This information may include:
• Personal identifiers – details that help us to confirm who you are, such as:
- Your name, date of birth, address, contact details - National insurance number
- Identification documents (passport, driving licence)
• Financial and professional information – Information that helps us understand your financial position including:
- Your income and regular spending - Details of your assets, liabilities, pensions & investments
- Tax information
- Bank account details
- Employment information
- We may also need to use special category information, but only, where relevant and with your explicit consent.
• Communications – to keep accurate records and meet regulatory requirements we may record:
- Emails, notes of telephone call, meeting notes - Records required to meet the FCA’s requirements
How we collect your personal information
We collect personal information from:
- Client meetings, calls, emails, online forms, completion of feedback surveys.
How we use your personal information
We use your personal information to help us deliver the services you’ve asked for. This may include:
• Understanding your financial situation so we can give you the right advice • Providing recommendations that meet FCA rules on suitability
• Applying for or arranging financial products on your behalf
• Carrying out identity, fraud and anti money laundering checks
• Keeping accurate and compliant records
• Communicating with you about your services, plans, policies or investments
Who we share your personal information with
To provide you with our services, we sometimes need to share your personal information with trusted third parties. These may include:
• Financial product providers such as insurers, investment platforms and pension providers
• Compliance consultants, auditors and professional advisers who help us meet regulatory requirements
• IT service providers and secure cloud platforms that support our systems
• Regulators and authorities such as the FCA, HMRC and the Financial Ombudsman Service
• Credit reference agencies, but only when necessary
We never sell your personal information to anyone.
Using artificial intelligence (AI) / automated tools to process your personal information
We may use AI tools to help us review information more efficiently and provide you with faster, more accurate services. The AI doesn’t make decisions about you on its own — a human always checks the results.
When we do:
Purpose of AI use
We may make use of AI-powered programmes in order to provide you with the services for which you engage us, such as the production of documentation.
We do not use any systems for making automated decisions. All outputs and decisions made by AI are subject to human review and approval before being used or relied on.
Purpose and lawful basis for processing
The primary purpose of using AI to process personal information is to enhance decision-making, improve efficiency, and provide personalised services.
Our lawful bases for using AI to process your personal information are:
UK data protection law requires us to have a valid legal reason—called a ‘lawful basis’—for collecting and using your personal information. The UK GDPR sets out the different lawful bases.
The lawful basis we rely on may affect which data protection rights apply to you. Below, we’ve listed your rights in brief.
You can read more about your data protection rights, including any exceptions, on the ICO’s website: For the public | ICO
We must have a valid legal reason (a ‘lawful basis’) for collecting and using your personal information. For the financial planning, financial advice, and investment management services we provide, we rely on the following lawful bases:
Contractual obligations
This is the main reason we use your personal information. We need certain details from you so we can deliver the services we’ve agreed to provide.
Legal obligations
Sometimes the law requires us to collect and use specific information. For example, UK anti money laundering laws require us to verify your identity.
Consent
In some situations, we may need your explicit consent to use special category information. We will always explain why we need this information and ask for your clear agreement before using it.
We also ask for your consent if you would like to receive updates about products or services that may interest you.
If we rely on your consent, you can withdraw it at any time.
Legitimate interests
We may keep certain personal information because we have a legitimate business reason to do so, for example, to check the suitability of our services, respond to any complaints in the future, or to meet the requirements of our Professional Indemnity insurer.
Human review
Any AI assisted output is reviewed by a human adviser before being used or relied on.
Data sharing and storage
Where AI tools are used, we will:
• Ensure only the minimum necessary personal information is processed
• Anonymise or pseudonymise, where possible, personal information
• Ensure processing occurs in secure, regulated systems
• Have signed data processing agreements with all third parties to ensure personal information is protected and that they cannot use this to improve their own AI products
• Personal information will not be transferred outside the UK/EEA without appropriate safeguards and consent being in place
Your data protection rights
You have several rights under data protection law. This helps you understand and control how your personal information is used.
• Right to be informed - You can ask us to explain how we collect, use, share, and store your personal information.
• Right of access - You can request a copy of the personal information we hold about you, along with details of how we use it.
• Right to rectification - If you think any of your information is wrong or incomplete, you can ask us to correct or update it.
• Right to erasure - In some situations, you can ask us to delete your personal information.
• Right to restrict processing - You can ask us to limit how we use your information in certain circumstances.
• Right to object - You can object to us using your personal information, for example for direct marketing.
• Right to data portability - You can ask us to send your personal information to you, or directly to another organisation, in a structured, commonly used electronic format.
• Rights related to automated decision making and profiling - If a decision about you is made without human involvement, you can challenge it and ask for someone to review it.
We will respond to any request you make about your data protection rights within one month.
To make a request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for processing your personal information
UK data protection law requires us to have a valid legal reason—called a ‘lawful basis’—for collecting and using your personal information. The UK GDPR sets out the different lawful bases.
The lawful basis we rely on may affect which data protection rights apply to you. Below, we’ve listed your rights in brief.
You can read more about your data protection rights, including any exceptions, on the ICO’s website.
We must have a valid legal reason (a ‘lawful basis’) for collecting and using your personal information. For the financial planning, financial advice, and investment management services we provide, we rely on the following lawful bases:
Contractual obligations
This is the main reason we use your personal information. We need certain details from you so we can deliver the services we’ve agreed to provide.
Legal obligations
Sometimes the law requires us to collect and use specific information. For example, UK anti money laundering laws require us to verify your identity.
Consent
In some situations, we may need your explicit consent to use special category information. We will always explain why we need this information and ask for your clear agreement before using it.
We also ask for your consent if you would like to receive updates about products or services that may interest you.
If we rely on your consent, you can withdraw it at any time.
Legitimate interests
We may keep certain personal information because we have a legitimate business reason to do so, for example, to check the suitability of our services, respond to any complaints in the future, or to meet the requirements of our Professional Indemnity insurer.
How long we keep your personal information
We keep the personal information we need to provide our services to you, and we take reasonable steps to make sure it stays accurate and up to date. Some information must be kept minimum periods set by our regulator, the Financial Conduct Authority (FCA):
• Investment business - 5 years • Pension transfers and opt outs - kept indefinitely
• Insurance business - 3 years
We also have to keep Identity verification documents (required under UK anti money laundering rules) for:
• At least 5 years after our relationship with you ends
• Up to 10 years if we still have an ongoing relationship
Because these are legal requirements, we cannot delete your information before these time periods have passed.
We may keep your personal information for longer if we have a legitimate business reason to do so, but however, we will not keep it for more than 7 years after our relationship with you, ends.
You can ask us to delete your personal information. We will do so unless we are required to keep it for legal or legitimate business reasons.
If you would like more information about how long we keep your personal information or how we decide this, please contact us.
Information about connected individuals
We may need to collect personal information about your close family members and dependents to provide our service(s) effectively. If this is the case, you are responsible for ensuring you have their consent to share this information with us.
If you act as a trustee or attorney, we may also need information about the relevant beneficiaries or donor(s).
We will give them a copy of this privacy notice or ask you to pass it on if that’s more appropriate.
Using cookies
We use cookies to:
• Understand how visitors use our website • Help us create reports and improve our site
If you’d like to learn more about cookies, you can visit:
http://www.allaboutcookies.org/
You can change your browser settings to block or delete cookies at any time. The website above explains how to do this. Please note that if you choose to block cookies, some parts of our website may not work as expected.
Marketing
We may contact you with information about our products and services, as well as those from other companies in our group that we think you might find useful.
If you’ve agreed to receive marketing from us, you can change your mind at any time. Just get in touch using the contact details at the top of this privacy notice.
Other websites
Our website may include links to other sites.
Please remember that this privacy notice only covers our website, so we recommend checking the privacy policies of any other sites you visit.
If you need to make a complaint
If you have any concerns about how we use your personal information, you can contact us using the details at the top of this privacy notice.
If you are not satisfied with our response, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website:
https://www.ico.org.uk/make-a-complaint
Last updated
This privacy notice was last updated on 27/04/2026.
Via post
Surrey Hills Financial Management Limited, Farley Heath Cottage, Farley Heath Road, Farley Heath, Guildford, Surrey, GU5 9EW
Via phone
01483 779917
Via email
Julie.hazlewood @surreyhillsfm.co.uk
- National insurance number
- Identification documents (passport, driving licence)
- Details of your assets, liabilities, pensions & investments
- Tax information
- Bank account details
- Employment information
- We may also need to use special category information, but only, where relevant and with your explicit consent.
- Records required to meet the FCA’s requirements
• Providing recommendations that meet FCA rules on suitability
• Applying for or arranging financial products on your behalf
• Carrying out identity, fraud and anti money laundering checks
• Keeping accurate and compliant records
• Communicating with you about your services, plans, policies or investments
• Financial product providers such as insurers, investment platforms and pension providers
• Compliance consultants, auditors and professional advisers who help us meet regulatory requirements
• IT service providers and secure cloud platforms that support our systems
• Regulators and authorities such as the FCA, HMRC and the Financial Ombudsman Service
• Credit reference agencies, but only when necessary
We do not use any systems for making automated decisions. All outputs and decisions made by AI are subject to human review and approval before being used or relied on.
UK data protection law requires us to have a valid legal reason—called a ‘lawful basis’—for collecting and using your personal information. The UK GDPR sets out the different lawful bases.
The lawful basis we rely on may affect which data protection rights apply to you. Below, we’ve listed your rights in brief.
You can read more about your data protection rights, including any exceptions, on the ICO’s website: For the public | ICO
• Ensure only the minimum necessary personal information is processed
• Anonymise or pseudonymise, where possible, personal information
• Ensure processing occurs in secure, regulated systems
• Have signed data processing agreements with all third parties to ensure personal information is protected and that they cannot use this to improve their own AI products
• Personal information will not be transferred outside the UK/EEA without appropriate safeguards and consent being in place
• Right to be informed - You can ask us to explain how we collect, use, share, and store your personal information.
• Right of access - You can request a copy of the personal information we hold about you, along with details of how we use it.
• Right to rectification - If you think any of your information is wrong or incomplete, you can ask us to correct or update it.
• Right to erasure - In some situations, you can ask us to delete your personal information.
• Right to restrict processing - You can ask us to limit how we use your information in certain circumstances.
• Right to object - You can object to us using your personal information, for example for direct marketing.
• Right to data portability - You can ask us to send your personal information to you, or directly to another organisation, in a structured, commonly used electronic format.
• Rights related to automated decision making and profiling - If a decision about you is made without human involvement, you can challenge it and ask for someone to review it.
• Pension transfers and opt outs - kept indefinitely
• Insurance business - 3 years
• At least 5 years after our relationship with you ends
• Up to 10 years if we still have an ongoing relationship
• Help us create reports and improve our site
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF