top of page

Privacy Policy

Who are we?

 

Hoyl Independent Advisers Limited is an independent firm of financial advisers, who are authorised to provide financial advice in respect of life and pensions, investments, insurances, and mortgages.

Create Financial Management is a trading style of Create FM Limited, an appointed representative of Hoyl Independent Advisers Limited, which is authorised and regulated by the Financial Conduct Authority (FRN 433927). We are an independent firm of financial advisers who are authorised to provide financial advice in respect of life and pensions, investments, insurances, and mortgages.

 

MacRobins Limited is an appointed representative of Hoyl Independent Advisers Limited, who provide the same products and services.

 

We’re committed to ensuring that your privacy is protected and adhere to the General Data Protection Regulations (UK GDPR).

 

This notice sets out how Hoyl Independent Advisers Limited, Create FM Ltd and MacRobins Ltd uses and protects information that you provide. For the purposes of GDPR, the data controller is Hoyl Independent Advisers Limited, and our registered address is: Upton House, St Margaret’s Road, Cromer, England, NR27 9DG. 

 

Why should you read this document?

 

As part of our work together, we will need to collect detailed personal information about your current circumstances, financial situation, and, in some cases, your health and family health history (referred to as “your personal data”). This notice is important as it explains how we will handle your personal data and outlines the rights you have in relation to it.

 

What do we mean by “your personal data”?

 

This refers to any information that describes or relates to your personal circumstances. This may include data that identifies you directly – such as your name, address, date or birth, or National Insurance number. It may also include information that identifies you indirectly, such as details about your employment, your physical or mental health history, or other information that could be linked to your cultural or social identity.

As we assist you with your financial needs, we may need to collect some of your personal data, which could include, but isn’t limited to:

  • Your title, full name, date of birth, gender, nationality, civil or marital status, contact information, residential addresses, and any documents required to verify your identity.

  • Your employment and income, such as your salary, bonus schemes, overtime, sick pay, other employment benefits, and your employment history.

  • Your bank account details, tax information, existing loans and credit commitments, personal credit history, sources of income and expenditure, as well as information about your family circumstances and any dependents.

  • Your health status and medical history, details of any treatments and prognoses, and relevant medical reports. (Further information is provided below regarding how we may process this special category of data.)

  • Any pre-existing financial products you hold, along with the associated terms and conditions.

Using your personal data: the legal basis and purpose

 

When we discuss your financial requirements, we do so on the understanding that the processing of your personal data is necessary for us to fulfil our contractual obligations to you. We’ll also seek your explicit consent to hold and process your personal data. Once given, this consent provides a lawful basis for us to retain and use your data, unless and until you choose to withdraw it.

For existing clients from whom we don’t currently hold explicit consent, your data will still be processed on the basis that a policy or plan is already in place. In such cases, the processing of your personal data is necessary for the performance of our contractual obligations, as we have a duty to service the plans held under our agency. To fulfil this duty and arrange the products you need, we’re entitled to use your personal data.

Alternatively, either during our initial discussions or after our contractual relationship has ended, we may continue to use your personal data provided where it’s necessary for our legitimate business interests and where doing so doesn’t override your rights. For example, we may need to respond to enquiries from mortgage lenders, insurance providers, or product providers regarding the advice we’ve given to you. We may also contact you to request feedback on the service you received.

 

At times, we may need to use your personal data to comply with legal obligations. This could include requirements from our regulator, The Financial Conduct Authority, or other legal or regulatory duties to which we’re subject. In such cases, the processing of your personal data is necessary to fulfil a legal, compliance, or regulatory obligation.

Where we’ve received your data as part of an asset purchase, we may contact you to support the continuation of the advice process, particularly where your previous adviser is no longer able to do so. We consider it to be in our legitimate business interests to ensure you continue to have access to financial advice and aren’t left with investments that can’t be serviced or reviewed.

Additionally, following an asset purchase, if we believe that one or more of your assets may be at risk due to the capital adequacy or liquidity position of the product provider(s), we may contact you to inform you of the potential risks. This may occur even if we don’t hold the servicing rights to the asset(s) in question. In such cases, your data will be processed to protect your vital interests. Wherever possible, we’ll refer you to your original or current adviser in the first instance for further guidance.

 

The basis upon which we'll process certain parts of your personal data

 

Where you ask us to assist you with your insurance needs – particularly in relation to life insurance or policies that provide support in the event of accident or illness - we may need to collect information about your ethnic origin, health, and medical history (referred to as “your special data”). We’ll record and use this special data to make enquiries with insurance providers about products that may suit your needs, and to offer you advice on the suitability of any products available to you.

If you have parental responsibility for children under the age of 18, it’s likely that we’ll also record information relating to those children, which may include their special data.

The arrangement of certain types of insurance may need you to disclose information relating to past or current criminal convictions or offences (referred to as “criminal disclosures”). This information is relevant to insurance-related activities such as underwriting, claims handling, and fraud management.

We’ll handle special data and any criminal disclosures in the same manner as your personal data, as outlined in this privacy notice.

The exchange of special data and criminal disclosures must be permitted between insurance intermediaries, such as our firm, and insurance providers. This is essential to ensure customers can obtain the insurance protection that best meets their needs.

 

How do we obtain or collect your personal data?

 

We collect and record your personal data from a variety of sources, mainly directly from you. This typically occurs during our initial meetings or conversations, where we gather information to understand your circumstances, needs, and preferences in relation to the financial advice we provide. You may share this information with us verbally or in writing, including via email or through our website.

We may also obtain certain personal information from third parties. These may include product providers, service providers, administrators, liquidators, or sale agents (particularly in cases where businesses are purchased or acquired). Additionally, we may collect information through credit checks, from your employer, or from publicly available sources such as the electoral register.

 

If we use technology solutions to assist in collecting your personal data – such as software that verifies your credit status – we’ll only do so with your explicit consent, either for us or a nominated processor to access your information in this way. In particular, for electronic ID checks, which are our preferred method of identity verification, we’ll always obtain your consent before proceeding.

Fact Finding, Call Recording and Transcription

We may record and transcribe telephone calls for purposes such as fact finding, ensuring service quality, supporting staff training, meeting regulatory requirements, and enhancing our services. To assist with transcription, we use trusted third-party providers who securely process call recordings and generate transcripts on our behalf.

In addition to call recordings and transcripts, we also collect and retain personal data through written fact finds, which are used to capture key information relevant to your needs, preferences, and circumstances. This may include your name, contact details, financial information, and other personal or sensitive data you choose to share with us.

All personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our third-party transcription provider acts as a data processor under a legally binding agreement that includes strict confidentiality and data protection safeguards.

Where personal data is transferred outside the UK, we ensure appropriate measures are in place, such as International Data Transfer Agreements (IDTAs) or other recognised safeguards – to maintain the security and integrity of your information.

By continuing with the call or using our services, you acknowledge that your data may be collected through recorded calls, transcription, or written fact-finding. If you have any concerns or prefer not to have your information recorded or transcribed, please inform us before the call begins or contact us using the details provided in this notice.

Here’s how we’ll handle your personal data after it’s been shared with us

As part of handling your personal data, we’ll:

  • Record and store it securely using our third-party provider Intelliflo, through our back-office system, Intelligent Office. Access to this information is strictly limited to authorised employees and consultants within our firm, and only when it’s necessary to deliver our services to you or to carry out related administration tasks.

  • We may also share it with product providers, mortgage lenders and other third-party service providers – either in paper form or securely online. Sharing this information is essential for us to progress any enquiries or applications on your behalf and respond to any follow-up questions or administrative requirements from those providers.

  • We may use your personal data to respond to any questions you have about financial products you’ve taken out, and keep you informed about any updates or changes related to those products or polices we become aware of.

  •  We may also share your data with carefully selected third parties if we believe their services could be of benefit to you. We’ll always do this thoughtfully and with your best interests in mind.

We only share your personal data with care

From time to time, we may share your personal data with certain third parties, as outlined below:

  • Investment and pension providers, mortgage lenders, finance lenders and insurance providers.

  • Intelliflo – who manage our back-office administration system, Intelligent Office. Your personal data is securely stored on their UK-based servers, ensuring it remains protected and compliant with data protection standards.

  • Conveyancing providers – if we believe a quote from them could help you compare costs and make an informed decision.

  • We may share your information with trusted claims management providers if, after discussing your situation with you, we believe you could benefit from their support – particularly in relation to a potential claim concerning financial advice you received from another firm.

  • IT service providers who support the day-to-day running of our business and help ensure our systems remain secure and efficient.

  • Trusted electronic signature service providers to facilitate the secure and efficient exchanges of contracts and other signed documents.

  • Confidential document shredding service providers to securely dispose of physical documents, as we maintain electronic records for our clients.

  • Subcontractors and other trusted individuals who assist us in delivering our services to you.

  • On-line ID verification service providers to carry out identity checks, as required by regulatory obligations.

  • Research tools that generate quotes, cash flow forecasts, and financial analysis to support us in making well-informed recommendations tailored to your needs.

  • In the event of a complaint or investigation, we may need to share your personal data with regulatory and oversight bodies such as the Financial Ombudsman Service (FOS), the Financial Services Compensation Scheme (FSCS), the Financial Conduct Authority (FCA), and our Professional Indemnity Insurers.

 

In all cases, your personal data will only be shared for the purposes outlined in this customer privacy notice – specifically, to progress your enquiry and to deliver our professional services to you. 

 

Please note that sharing your personal with third parties does not give them permission to send you marketing or promotional messages. We will never sell your personal data for marketing purposes. Any data shared is strictly for the purpose of fulfilling our responsibilities to you, as outlined in this Customer Privacy Notice.

 

We don’t anticipate that providing our services will require your personal data to be transferred outside of the European Union.

 

Security and retention of your personal data

 

Your privacy is important to us, and we’re committed to keeping your personal data secure in line with our legal obligations. We take reasonable steps to protect your data from unauthorised or malicious access by third parties.

 

We also ask that you take reasonable steps to protect your own privacy when sending information to us. This includes avoiding the use of unprotected email for confidential details, using password protection or encryption for email attachments, and choosing secure postal methods when sending original documents.

 

If we’ve engaged with you and collected your personal data, we’ll retain it for as long as you may legally bring a claim against us. Once our contractual relationship with you ends, we’ll continue to retain your personal data in accordance with our legal and regulatory obligations. 

 

Your rights in relation to your personal data

You can:

  • Request copies of the personal data we hold about you.

  • Ask us to explain in more detail how we use your personal data.

  • Ask us to correct or delete your personal data or request that we restrict or stop using it. We’ll explain the extent to which we can comply with your request at the time, based on our legal and regulatory obligations.

  • Ask us to transfer your personal data electronically to another organisation of your choice.

  • Amend or withdraw any consent you have previously given for us to market to you or process your personal data in the future (including full withdrawal of consent). To do this, simply contact us in writing, call us on

      01263-513016, or email us at optout@hoyl.co.uk.

Contacting us about your personal data

 

If you have any questions or comments about this document, or if you wish to exercise any rights outlined within it, please contact:

 

Karl Wetherell, Chief Compliance Officer

PO Box 46,

Upton House,

St Margaret’s Road,

Cromer, 

Norfolk,

NR27 9WX

 

Telephone: 01263-513016

    

Email: karl.wetherell@hoyl.co.uk

 

Website: www.hoyl.co.uk

If we believe we have a legal basis to refuse your request, or to respond to it in a manner different from that you have requested, we’ll inform you of this at the time.

If you or a third-party request copies of documents or information and we have already fulfilled that request, we reserve the right to treat any subsequent requests for the same documents or information as excessive. In such cases, we may charge an administration fee of £250.00.

If you become aware of any unauthorised disclosure of your personal data, please contact us as soon as possible so that we can investigate the matter and meet our regulatory obligations.

 

We review our Privacy Notice regularly, so please check it periodically to stay informed of any updates.

 

If you have any concerns or complaints as to how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner’s Office (ICO).

 

You can contact them via their website at https://ico.org.uk/global/contact-us/ or by writing to:

 

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Hoyl Independent Advisers Limited

Cromer, NR27 9DG

Tel: 01263 513016  Email: support@hoyl.co.uk

 

Hoyl Independent Advisers Limited is Authorised and Regulated by the Financial Conduct Authority.

Our Financial Services Register number is 433927 - FCA Register.

Registered in England, Company Number 05343956

Registered Address: Upton House, St Margarets Road, Cromer, England, NR27 9DG

Logo - Transparent.png

Cookie Policy | Privacy Policy

bottom of page