Your Personal Data

This notice applies to clients of Strabens Hall Ltd


Who we are and what does this cover?

Strabens Hall Ltd will be known as the “Controller” of the personal data you provide to us.

In the conduct of business with you we will need to collect information about you which we will hold as data controllers under the General Data Protection Regulation (GDPR).  We will use this information to ensure that our advice is suitable for your circumstances. Unless otherwise agreed, we will usually only collect basic personal data about you. If health, life insurance or enhanced annuity contracts are being applied for, we may request medical information including family medical history. This is known as “sensitive personal data”.  By confirming you are happy with this notice, you agree to its collection and confidential use in order to provide our advice service.

If you wish to see a list of data which we may hold about you, please contact our Data Protection Officer.


What we do with it?

We will use this information to ensure that our advice is suitable for your circumstances.  All the personal data we hold about you will be processed by our staff and selected third parties in the United Kingdom.  It may also be disclosed to the Financial Conduct Authority (FCA), who regulate us and Financial Ombudsman Service (FOS) which is an independent arbitrator and wherever there is a legal obligation that we do so, and possibly HMRC if requested to do so.  Additionally, it may also be disclosed to our Compliance Consultants, Haven Risk Management Ltd, who help to ensure that, in your interests, we abide by the rules of the Financial Services and Markets Act, (FSMA) 2000 and any other regulations.


How we store your information and keep it secure?

We are committed to ensuring the confidentiality of the personal data that we hold and we continue to review our security controls and procedures to ensure that your personal information remains secure.

When we contract with third parties, we ensure that appropriate due diligence has been completed and there are security, privacy and confidentiality agreements in place to ensure your personal information is kept secure.

Please be aware that your information may be stored on a cloud-based system whose services are located within the European Economic Area (EEA). There may be occasions where your data is transmitted outside of the EEA, but whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one or more of the following is implemented:

  • You have provided your explicit consent
  • The country receiving personal data is deemed to provide an adequate level of protection for personal data by the European Commission
  • Specific contracts approved by the European Commission are in place which give personal data the same protection it has in the EU.


How long will we keep it?

The FCA requires us to keep records of our business transactions for specified periods and as long as it is in your interests that we do so. We will generally keep your personal data for no less than for the duration of our business relationship.

Your data will be updated and amended if necessary at your regular review meetings and/or if you specifically notify us of any changes to your personal details.


Using your personal data for marketing purposes

We may contact you from time to time by post, e-mail, telephone and SMS to bring to your attention additional products or services which we think may be of benefit to you.

As part of our process of advising clients, Strabens Hall Ltd will ascertain and agree your marketing preferences in accordance with the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

You have the right to request we cease these marketing activities at any time.


What are your Rights?

Under the General Data Protection Regulation, you have various rights regarding the use of your personal data which are as follows:

  • The right to be informed – of any and all matters pertaining to your data.
  • The right of access – to any or all of your data at all times.
  • The right of rectification – of any mistakes or inaccuracies.
  • The right to erasure – of data we hold on you. Please note that this right is not absolute. If you wish for details of when the right to erasure does not apply, please contact our Data Protection Officer.
  • The right to restrict the processing of your personal data – if for example you have contested its’ accuracy and while this is being verified by us.
  • The right to data portability – to have your data transferred to another firm.
  • The right to object – to any aspect of how we use or handle your data.


Our Lawful Basis for Processing your Personal Data

  • Where processing your data is required to perform the contract we have entered into with you, or in order to take steps, at your request, prior to entering into the contract (“Contract Purposes”)
  • Where processing your data is required to comply with a legal or regulatory obligation (“Legal Purposes”)



Contract Purpose

  • To operate our relationship with you including taking steps, at your request, prior to agreeing our relationship with you
  • To communicate with you in the day-to-day running of our relationship with you
  • To update our records

Legal Purposes

  • To provide personal data to others where it is necessary in the running of our relationship with you and for legal and regulatory purposes and related disclosures (which may mean passing your personal data to other specific third party companies involved in the servicing of your relationship with us)
  • When you contact us regarding exercising your rights under data protection laws
  • We may keep your personal data after our relationship has ended in accordance with applicable laws and regulatory requirements
  • For prevention, detection, investigation and reporting of crime, which may include providing your personal data to fraud prevention agencies
  • For information security purposes
  • To contact you about our relationship with you
  • To comply with orders of the courts of competent jurisdictions, and for the establishment and defence of legal rights.

Legitimate Interests Purposes:

  • To ensure good and proper governance, administration, auditing, management of our business and our relationship with you
  • To conduct market research, analysis and to compile statistics to improve our services
  • To conduct marketing communications, subject to applicable laws


How to complain about the use of your data?

If you wish to raise a complaint about how we have handled your personal data, including in relation to any of the rights mentioned above, you can contact our Data Protection Officer by email ( and they will investigate your concerns.


If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office (ICO).  You can find further information about the ICO and their complaints procedure at the following link