Privacy Statement

Your personal information will be held by Forty Two Financial Planning Limited (Forty Two) for the purpose of the (GDPR). Forty Two is the controller of personal data relating to individuals and businesses who have signed up for our services and for prospective clients, for the purposes of relationship management, marketing and business development.

How we collect information about you.

Forty Two collects your personal data, including information provided in various ways. Some of this data is gained directly from you, including:

  • In emails, during telephone calls and conversations, from business cards, when registering for services, when participating in surveys.
  • In a client ‘fact find’ document and notes taken during conversations and meetings held with you.

Some personal data may also be gained from other sources, such as: Information gained from the providers of your existing pension, investments and insurance contracts.

What information we collect about you.

The data that we collect will depend upon our interactions with you and whether or not you choose to become a client.

Security of your information

Once Forty Two has received your information we are committed to ensuring we have all necessary technical and organisational controls in place to keep your information secure.

In order to prevent unauthorised access or disclosure Forty Two has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

How we use your personal data and the legal basis for this

Forty Two will only process your data where it has a legal basis for doing so.

Forty Two uses the data collected to communicate with you, and in the provision of our Financial Planning services.

We may also use your data to improve or maintain the services we offer to you and our website.

We will never share your data with any other third party, other than those stated in this policy, nor use your data for any other purpose, unless we firstly gain your consent to do so.

We may use your data for profiling in the context of segmentation and targeting for marketing purposes. We may use personal data such your previous financial activity or with our marketing communications to enable us to provide you with information and promotions that are likely to be relevant to you. We may also use data such as your name to personalise communications you receive from us.

You have the right to access rectify, erase, object and restrict the processing of your personal data, with the ability to choose which promotional communications you wish to receive and how you would like to receive them.

You also have the right to opt-out of receiving our marketing communications at any time.

Our legal basis for processing your personal data may rely on the basis of:

  • Our Contract with you for our Financial Planning Services or,
  • Your Legitimate Interest in similar services and communications as a result of your Contract for our Financial Planning Service and
  • Where you have not signed a contract, we may process your data on the basis of your express Consent.

Who we share your data with

Forty Two shares your data with the following third-party service providers. The data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA.

  • Voyant
  • GetBusy Plc (Virtual Cabinet)
  • MAXFocus (MAXBackup)
  • CraftSessionId is used by Craft CMS
  • Microsoft Office 365
  • The Financial Planning Group for support services
  • Acumen Financial Planning for support services

Forty Two will ensure that any third-party processor has adequate data protection measures in place that align with the requirements of the GDPR by conducting periodic due diligence.

Forty Two will not share your data with any third-party processor outside of the UK, EU, Australia or USA.

Forty Two does not sell your personal data or other information to any third-party.

Forty Two stores personal information on a secure database which is hosted on an encrypted server and backed up to a secure remote location (MAXBackup).

We may also be required to share your personal data with other parties in order to provide you with an effective service. This will include companies with which you have individual financial contracts, such as pensions, investments and life assurance, arranged.

In the provision of our services to you it may also be necessary for us to share information with companies providing us with services:

  • Our Holding Group company The Financial Planning Group
  • Our sister company within this group – Acumen Financial Planning Ltd
  • Our regulator, the Financial Conduct Authority
  • Our legal representatives – Shepherd & Wedderburn LLP
  • Our auditors – Maclay Murray & Spens LLP
  • Our insurers and their legal representatives. – Lockton Plc, AMTrust Europe Plc
  • Our external compliance consultants – Resources Compliance Group

In all cases your information will be used solely in connection with their work with Forty Two and will not be used to provide you with services or direct marketing.

How long we retain your data

Forty Two will only keep your personal data for as long as necessary for the purposes for which it was gained.

Personal data obtained for the purpose of a Contract between us for the provision of financial planning services or where we have another legal basis for processing may be retained indefinitely in line with our regulatory obligations.

Personal data obtained for the purposes of business development, such as where you have provided contact details to us through our website but have not chosen to continue with our services, will be held for a period of no more than 12 months.

Personal data collected from surveys, feedback and questionnaires, are held only for the duration of its usefulness i.e. the duration of a campaign. The data is then anonymised and retained for internal evidential purposes or deleted.

Forty Two will review the personal data we hold on you annually to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If your data becomes inaccurate, we will update it accordingly.

If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, where we are allowed to do so under FCA regulations.


Forty Two will be more than happy to help you should you have any complaints about the processing of your personal data. Under the GDPR, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissionaires Office (ICO), who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: or through their helpline: 0303 123 1113.