Privacy Notice

Finli Group Limited is committed to protecting the individual privacy rights and choices of all our clients, visitors to our sites and the personal information you share with us.

Print version

Our privacy notice contains important information about the types of personal information we collect and process; what we do with it; who we may share it with and why; and your rights when it comes to the personal information you provide us with. We may need to make changes to our privacy notice in line with regulatory requirements; so please check our website for updates from time to time. If there are significant changes such as where your personal data will be processed; we will contact you to let you know. This version of our privacy notice was last updated on 1st July 2024.

Who we are

We are Finli Group Limited (referred to as ‘Finli’), an advice and wealth management business delivering holistic and hybrid advice to UK clients with market-leading investment solutions. Our services are provided through a network of national and regional financial advisers and an investment management firm.  

This privacy notice describes how personal information is processed by our joint data controllers across the Finli Group, made up of our subsidiaries and affiliates (the legal trading companies that manage the products and services Finli Group offers to its UK customers), incorporating:

  • The Beaufort Group of Companies Limited
  • Finli Advice Holdings Limited
  • Beaufort Financial Planning Limited and it’s Appointed Representatives as per the FCA Register
  • Beaufort Asset Management Limited
  • Finli (G&P) Ltd
  • Finli (G&PH) Ltd
  • Finli (GPGFS) Ltd
  • Finli (GPHerts) Ltd
  • Finli (GPS) Ltd
  • Finli (GPC) Ltd
  • Finli (FA92) Ltd
  • Finli (Thames Valley) Ltd
  • Milestone Financial Planning Limited
  • PDB Wealth Partners Limited
  • Independent Financial Strategies Limited
  • YOU Investment Group Limited
  • Gale and Phillipson Investment Services Ltd

How to contact us

We have appointed an independent Data Protection Officer (DPO) through the outsourced services of Spencer West LLP. This is to ensure the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 18) are adhered to across all Data Controllers in our group of companies, with the data subject placed at the centre of our business. If you have any questions about our Privacy Notice or the information we collect or use about you, please contact us at:

The Data Protection Manager

Finli Group Limited,
PO Box 894,
Stockport Central Delivery Office,
Green Lane,
Stockport, SK4 2HQ.



Our website uses cookies to distinguish you from other users of our website. This helps us to continually improve our site and optimise your browsing experience.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:






Used by the content network, Cloudflare, to identify trusted web traffic.


The Cross-Site Request Forgery (CSRF) Cookie protect against attacks that forces authenticated users to submit a request to a Web application against which they are currently authenticated.



Registers a unique ID that is used to generate statistical data on how the visitor uses the website.


Used by Google Analytics to limit the collection of data on high traffic sites  


Registers a unique ID that is used to generate statistical data on how the visitor uses the website


Registers a unique ID that is used to generate statistical data on how the visitor uses the website


Remembers the users preferences on which cookies have been agreed to within the content management system.


Collect (Google Analytics)

Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.


This cookie is used by Google Ad Services to debug ads.



The PHPSESSID cookie is native to PHP and enables websites to store serialised state data.

Collecting your information

Types of information we collect and use

Depending on how you choose to interact with us, the information about you that we collect and process includes:

Information we collect and process


Prospective clients

How to contact you – your title, name, home or correspondence address, telephone numbers and email addresses. 

Your contact with us – audio-visual recordings of meetings, video or phone calls, emails / letters.

Information that is automatically collected, for example via cookies when you visit one of our websites (please see our section on cookies).

Marketing and communication preferences – this includes promotion entries and client feedback, responses to surveys and complaints.

Images captured by CCTV when you visit one of our offices.

Who you are – your date of birth, marital status, relationships with other people (where you have a joint policy or plan) and country of residence / citizenship.


Financial information connected to your product or service with us - your bank account details, details of income, tax bands and liabilities, assets and other liabilities, quotes, claims histories, policies and schemes where relevant.


Information to uniquely identify you – government issued identification documents and numbers such as your Passport, Driving License and National Insurance Number.


Criminal offence, fraud and sanctions data – as part of our regulatory obligations for combatting financial crime we may perform checks against fraud databases, sanctions lists (for politically exposed persons or their immediate family / close associations), or from other publicly available sources such as media outlets or social networking sites.


Information classified as special category personal information relating to your health, biometric information (fingerprints, voice or facial images used to uniquely identify or authenticate you), marital or civil partnership status. This information will only be collected and used where it is needed to provide the products or services you have requested or to comply with our legal or regulatory obligations.


Information relating to vulnerabilities – health, life events, resilience, and capability when this has been provided by you as part of a discussion about your overall financial circumstances.


Information you may provide to us about other people such as joint applicants or beneficiaries for products you have with or through us.


Information on children for example where a child is named as a beneficiary on a policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender).


Demographic information such as postcode, preferences and interests.


Information from other organisations such as banking services, investment / pension / insurance / mortgage providers, where you have provided authority for them to share information relating to your existing plans.


Information from your professional advisers such as accountants, where you have provided authority for them to share information.


Where we collect your information

We may collect your personal information directly from you, or from a variety of sources, including:

  • application forms for products or services
  • electronic ID verification services – we use this data to verify and authenticate client identities for anti-money laundering and fraud detection / prevention
  • credit reference agencies
  • recorded video or telephone conversations with your IFA or us
  • emails or letters you send to us
  • meetings with your financial or mortgage adviser
  • registering for one of our events, either in person or online webinars
  • participating in research surveys or feedback forms to help us understand you better and improve our products and services
  • our online services such as websites, newsletters, social media and mobile device applications (‘Apps’)
  • from other organisations such as banking services, investment / pension / insurance / mortgage providers, where you have provided authority for them to share information relating to your existing plans.
  • from your professional advisers such as accountants, where you have provided authority for them to share information.

If you use a financial or mortgage adviser from our group of companies, the information we collect and use will most likely have been provided by them on your behalf. We may also collect personal information on you from places such as business directories and other commercially or publicly available sources e.g. to verify your identity, to comply with our anti-money laundering and financial crime obligations, check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.

What we collect your information for 

We take your privacy seriously and we will only ever collect and use information that is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only where:

  • you have given us your permission [consent] to send you information about products and services offered by Finli, its subsidiaries and / or selected third parties we have chosen to work with which we believe may be of interest and benefit to you, or;
  • it is necessary to provide the products or services you have requested e.g. if you wish to take out any of the pensions, investments, mortgages, loans or insurances available through the Finli Group. Typically to facilitate this we will require personal information including your name, address, date of birth, and financial details, or;
  • it is necessary for us to meet our legal or regulatory obligations e.g. to ensure the suitability of our recommendations to your needs, to send you Annual Review Letters or Statements, tell you about changes to Terms and Conditions or for the detection and prevention of fraud and other types of financial crime, or;
  • it is in the legitimate interests of Finli and / or its subsidiaries e.g. so we can deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product or investment as well as to better understand you and your needs so we can send you more relevant communications about the products you have with us and to develop new products and services;
  • it is in the legitimate interests of a third party e.g. sharing information with the providers of products or services you have chosen through us.

If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our products or services. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • where we need to perform the contract we are about to enter into or have entered into with you.
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • where we need to comply with a legal or regulatory obligation such as anti-money laundering or combatting financial crime.

In order to process applications you choose to make through one of our subsidiaries, we may supply your personal information to credit reference agencies (CRAs)who will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

For more information about CRAs, please visit or

Click here to find out more about the types of lawful basis that we will rely on to process your personal data.

We rely on consent as a legal basis for processing your personal data only in relation to sending third party or direct marketing communications to you.  You have the right to withdraw consent to marketing at any time by contacting us.

Automated decision-making systems

We sometimes use systems to make automated decisions based on personal information we have – or are allowed to collect and use from others – about you. These automated decisions can affect the products, services or features we offer you now or in the future. We use automated decisions in the following ways:

  • to tailor products and services e.g. placing you in groups with similar customers to make decisions about the products and services we may offer you to help meet your needs
  • to design and enhance our online services to help meet your requirements for ongoing guidance and support.

For further information on your rights relating to automated decisions, please see the section on YOUR INDIVIDUAL RIGHTS.

Who we may share your information with

We may share your information with third parties for the reasons outlined in ‘What we collect and use your information for.’ These third parties include:

  • companies within the Finli Group  
  • your financial or mortgage adviser
  • companies we have chosen to support us in the delivery of the products and services we offer to you and other customers e.g. research, consultancy or technology companies; or companies who can help us in our contact with you
  • our Regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO)
  • law enforcement, credit and identity check agencies for the detection and prevention of crime
  • HM Revenue & Customs (HMRC) e.g. for the processing of tax relief on pension payments or the prevention of tax avoidance
  • In some cases, we may choose to buy or sell assets. In these business transfers, client information is typically one of the business assets that are transferred. Moreover, if all or substantially all of our business assets were acquired, or in the unlikely event that we go out of business or enter into bankruptcy, client information would be one of the assets that is transferred or acquired by a third party. These transfers are a legitimate interest.

Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notice applicable to the website in question.

Processing, protecting and storing your information

Where your information is processed

The majority of your information is processed in the United Kingdom.  However, some of your information may be processed by us or the third parties we work with outside of the UK, such as the EEA, the US, Australia and India.

Where your information is being processed outside of the UK, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.

Our security controls are aligned to industry standards and good practice; providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information.

How we protect your information

We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded, or processed in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection responsibilities.

Your information is protected by controls designed to minimise loss or damage through accident, negligence, or deliberate actions. Our employees are trained to protect sensitive or confidential information when storing or transmitting data in any medium including electronically and must undertake annual refresher exercises on this.

How long we keep your information for

We will keep your personal information where it is necessary to provide you with our products or services while you are a customer with us and where it is reasonably required for the purposes set out in this Privacy Notice.  We are also subject to regulatory requirements to retain your data for specified minimum periods.  These are, generally:

  • Five years for investment business
  • Three years for mortgage and insurance business
  • Indefinitely for pension transfers and opt outs

We may also keep your information after this period but only where it is required to meet our legal, regulatory, tax or accounting obligations. For example, we are required to retain accurate records of your dealings with us to respond to any complaints, challenges, litigation or queries that you or others may raise in the future. Therefore, length of time we keep your information for these purposes will vary depending on the obligations we need to meet and can be viewed in our data retention policy.

    Your individual rights

    You have several rights in relation to how Finli processes your information. They are:

    The right to be informed You have a right to receive clear and easy to understand information on what personal information we have, why we have it and who we share it with. This can be found in our Privacy Notices.

    The right of access You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a Data Subject Access Request (DSAR) by contacting us using the methods provided above in the ‘How to contact us’ section.

    The right to request that your personal information be rectified If you believe the personal information we hold about you is inaccurate or incomplete, you can request that it is corrected.

    The right to request erasure You can ask for your information to be deleted or removed if there is not a compelling reason for Finli to continue to have it.

    The right to restrict processing You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.

    The right to data portability You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.

    The right to object

    You can object to Finli processing your personal information where: it is based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.

    Rights related to automatic decision-making including profiling.

    You have the right to ask Finli to:

    • give you information about its processing of your personal information
    • request human intervention or challenge a decision where processing is done solely by automated processes
    • carry out regular checks to make sure that our automated decision-making and profiling processes are working as they should.


    We would like to send you information about our products and services and those of other companies in the Finli Group which may be of interest to you.  If you have agreed to receive marketing information, you may opt out at a later date.

    You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the Group.  If you no longer wish to be contacted for marketing purposes, please use the contact details at the top of this notice.

    How to make a complaint

    We will always strive to collect, use and safeguard your personal information in line with data protection laws under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA18). If you do not believe we have handled your information as set out in our Privacy Notice, please write to us using the contact details above and we will do our utmost to make things right. If you are still unhappy, you can make a complaint to the Information Commissioner’s Office, who are the UK’s independent authority charged with upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You can contact them at: