Privacy notice

• We use information provided to us through interactions, as part of your application process, and the day to day running of your product. This can be directly from you, from your financial adviser or third parties you instruct on your behalf, or other third parties such as credit reference agencies. This can also be through our online platforms, social media, or third-party links.
• We use your information when you interact with us to enter a promotion or participate in a survey.
• We primarily collect and store information on children under the age of 18 when provided to us by and with the consent of the parent or guardian. However, there may be instances where we receive a child's information indirectly, such as when a child is named as a beneficiary to a product, without direct parental or guardian awareness.
• We may also receive personal information from third parties with whom we have contracted to purchase their business or assets.

Depending on the nature of our interactions with you, there may be certain essential personal information that we have to collect so that we can provide the information or services requested. This will vary depending on the relationship we have with you.

In general terms, we use your personal information to:

• Deliver our service and meet our legal requirements.
• Verify your identity where this is required.
• Contact you, where we are allowed, by post, email, or telephone about important changes to our website, products, or services.
• Improve our services or products which includes conducting data analysis, testing, research and surveys to help us better understand customer requirements.
• Conduct market research, statistical analysis, customer segmentation or profiling and in the development of our products and services.
• Provide additional support or bespoke services to customers where appropriate.
• Maintain our records.
• Process financial transactions.
• Prevent and detect crime, fraud, or corruption (including liaising with regulators and law enforcement agencies).
• Where we are allowed, send you details by post, email, telephone or any other electronic means, of information about applications, products, services, events and promotions which we believe may be of interest to you. This may include sending your details to third parties who may provide some services on our behalf.
• We may combine information from third parties with information we hold about you. We use this combined information for the purposes set out in this privacy notice (depending on the types of information we receive).

Nucleus has in place appropriate security measures designed to keep your information secure, preventing it from being lost, stolen, altered, used, accessed, or disclosed in an unauthorised way.  

This includes:

• Basic information about you such as name, date of birth, national insurance number, marital status, and occupation.
• Your contact details such as address, post code, email, country of residence.
• Documentation confirming your identity, tax residency, and legal authority, including photographic identification.
• Outcome of identity searches and anti-money laundering due diligence.
• Your nationality or dual nationality.
• Information connected to your product or service e.g. bank account details.
• Financial details including bankruptcy, tax status, pension information.
• Information from fraud agencies, credit reference agencies, electoral roll, and other publicly available information.
• Details of other people provided as part of your product or services such as joint applicants, next of kin, power of attorney, children, guarantors or beneficiaries.
• Your correspondence with us such as letters, emails, calls or meetings.
• Images of you collected by photography or CCTV should you visit our offices or attend our events.
• Information collected automatically via cookies when you visit one of our websites or use one of our online platforms. See separate Cookie Notice for additional information.
• Information relating to your health only where it is necessary to provide a product or service to you or where required by a legal obligation.
• Recognised body reference numbers, where applicable, such as Financial Conduct Authority (FCA) registration number for Financial Advisers.

Special Categories of Data

We may, in certain circumstances, process sensitive personal information including religion, health data and criminal data. This includes (but is not limited to):

• Medical conditions, sickness records, and information from your doctor to allow us to decide whether to make an early pension payment due to ill health.
• Information related to any politically exposed person, terrorist, or sanctions that you may be subject to. These checks can also contain criminal convictions or offences and are all used to decide whether to continue our relationship with you
• If a court order is received containing criminal convictions, such as fraud.
• Where we are contacted by law enforcement agencies where a customer has committed an offence or is under investigation.

Aggregated data

We also process aggregated data for any purpose. This data may be derived from your personal information, but as this data does not directly or indirectly reveal your identity, it is outside the scope of Data Protection legislation. If, however, we combine or connect this aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as your information.

Email Pixels

When we send you an email to tell you about the products and services we offer, we use an email pixel. This collects information about how you respond to the email. It tells us when you opened the email, how many times you opened the email and whether you clicked on any of the links in it. This information helps us to better understand the effect of our emails and how useful you find the content about our products and services.

Depending on the device you use to check emails from us, you may be able to disable the email pixel. You will need to check this with your device manufacturer.

What is a vulnerable customer?

A vulnerable customer is someone who may have difficulty accessing or using our products and services due to personal circumstances, such as physical or mental health issues, disability, age, or financial hardship. We want to make sure that all our customers receive fair and appropriate treatment, and that we respect their dignity and privacy.

What information do we collect from you?

If you are a vulnerable customer, or we suspect that you are, we may collect some additional information from you, such as:

• Your medical condition or disability, and how it affects your ability to use our products and services.
• Your financial situation and any support or assistance you receive.
• Your preferred method of communication and any special needs or requirements you have.
• The name and contact details of any person who acts on your behalf, such as a carer, relative, or friend.

We will only collect this information if it is relevant and necessary for us to provide you with the best possible service and support. We will always ask for your explicit consent before we collect or use this information, and you can withdraw your consent at any time (see your rights for more information).

How do we use your information?

We use your information to:

• Understand your needs and preferences, and tailor our products and services accordingly.
• Provide you with any additional support or assistance you may need, such as alternative formats, longer timeframes, or third-party services.
• Protect you from fraud, abuse, or harm, and ensure your safety and wellbeing.
• Comply with our legal and regulatory obligations and cooperate with any authorities or agencies that may be involved in your case.
• Improve our products and services and train our staff to better serve you.

We will only use your information for the purposes for which we collected it, and we will not share it with anyone else without your consent, unless we are required to do so by law or for your protection.

How do we protect your information?

We take the security and confidentiality of your information very seriously, and we use various measures to safeguard it, such as:

• Encrypting your data and storing it on secure servers.
• Limiting the access to your data to only those staff members who need it to provide you with service and support.
• Training our staff on how to handle your data sensitively and respectfully.
• Regularly reviewing and updating our policies and procedures to ensure compliance with the latest standards and regulations.

We will only keep your information for as long as we need it to provide you with service and support, or to fulfil our legal and regulatory obligations. We will delete or anonymise your information when it is no longer needed, or when you withdraw your consent

Whenever we use your information, we must have something called a “lawful basis” for what we do. The different lawful bases we rely on are:

• Legitimate Interest – the use of your information is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
• Performance of a contract – we must use your information to be able to provide you with one of our services or products.
• Legal obligation – we are required to use your information by law.
• Consent – you have told us you are happy for us to use your information for specific purpose(s) e.g. direct marketing. You can withdraw your consent at any time by contacting us.
  • Certain communications we send you (such as your annual statement) are important for you to understand your product. We must send these to meet a legal obligation or regulatory requirement. You can’t opt out of these communications.
  • When we need to collect, use and process sensitive personal information we will obtain your explicit consent at the specific time that we need it.

If you withdraw your consent to the processing of your personal information or if you ask for your information to be erased, we may not be able to provide you with access to all or parts of our website, applications, products or services. If we are not able to comply with your request, we will confirm this to you along with confirmation of the lawful basis which we will rely on to continue processing your personal data.

We may share your information with others, including third party service providers and other entities in the Nucleus group and its parent companies, subject to applicable laws. These third parties include:

• Your financial adviser, or agents selected by you and for whom you have given prior consent for us to share personal information.
• Companies we have chosen to support us in the delivery of our products and services, for example, IT providers, consultants, gift services, and companies that provide servicing and administration services.
• His Majesty’s Revenue and Customs, regulators, and other authorities.
• Companies you ask us to share information with.
• Credit Reference Agencies to carry out anti-money laundering or identity verification services.
• RL360 if you invest in our offshore bond.
• Sanlam Life and Pensions UK Ltd if you invest in the onshore bond.
• Scottish Friendly Life Assurance Society Ltd if you have invested in the Scottish Friendly onshore bond or Nucleus APP Pension Account.
• Pension trustees if you have invested in a SIPP.
• Fund managers or their appointed representatives of the relevant fund(s) you have invested in.
• Discretionary Fund Managers if you have elected to use that service.
• Banks for which we use client banking services.
• Market research companies for the purpose of improving our services.
• Any other third party permitted by law and in the following circumstances:
  • To protect the security of our business.
  • To comply with court orders.
  • If we sell, merge, restructure, or otherwise reorganise our business.

Credit Reference Agencies

As stated above, we may conduct checks using one or more credit reference agencies prior to you opening an account with us and during your relationship with us. If we use Experian, please note:

• Experian may check your details against any database to which they have access in order to carry out the verification service they provide.
• A non-credit footprint is left by Experian.
• A record of the decision made is available to us for audit purposes.

Further information about Experian’s service and data protection can be found at www.experian.co.uk. Other credit reference agencies undertake similar actions.

We may also transfer, store, or process your information outside the UK and EEA. We make certain your information is protected by ensuring at least one of the following safeguards is implemented:

1. Transferring your information to countries that have been deemed to provide an adequate level of protection.
2. Using specific privacy contractual clauses with service providers to give your information the same level of protection that it has in the UK.

Where no adequate safeguards can be taken, your information will only be transferred outside the UK and EEA in the following circumstances:

1. You have explicitly consented after having been informed of the potential risks.
2. The transfer is required for the performance of a contract with us, for example, you decide to invest in an investment that is managed outside the UK.

We only keep your information for as long as is necessary to perform our statutory and legal obligations. These will vary dependent on the circumstances and product. Generally, we will retain information about you for a period of seven years following the termination of the contractual relationship between us, unless there are specific circumstances which mean we need to retain your information for longer. This could include where the record is relevant for legal proceedings, a criminal investigation, or where the information is legally required to be kept longer, for example, information relating to a pension product.
We may retain information about you where your application is declined, or you decide not to proceed. This information will be held as long as necessary to meet any legal, regulatory or fraud prevention requirements and for our lawful business processing.

The right to access

You have a right to request that we provide you with a copy of the personal information that we hold about you. You also have the right to be informed of (a) the source of your personal information; (b) the purposes, legal bases, and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities your personal information may be transferred to.

The right to rectification

You have the right to request that we rectify any inaccurate personal information. We may verify the accuracy of the personal information before rectifying it.

The right to erasure

You can request that we delete your personal information, but only where:

• It is no longer required for the purposes for which it was collected.
• You have withdrawn your consent (where the processing is based on consent).
• Following a successful right to object (see below).
• It has been processed unlawfully.
• To comply with a legal obligation to which you are subject.

We are not required to delete your information where the processing is necessary:

• For compliance with a legal obligation.
• For the establishment, exercise, or defence of legal claims.

The right to restrict the processing

You can request that we restrict your personal information, but only where:

• Its accuracy is being contested, to allow us to verify its accuracy.
• The processing is unlawful, but you do not want it deleted.
• It is no longer needed for the purposes for which it was collected, but we need it to establish, exercise, or defend a legal claim.
• You have exercised your right to object, and we are verifying our legitimate interests.

The right to object

You can object to any processing where we process under legitimate interest, providing you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we will need to demonstrate we have compelling interests to continue to process your information.

The right to portability

You have the right to ask us to provide you with an electronic file containing all your personal information we hold about you.

Rights regarding automated decision making

We use automated decision making, including profiling (see section on Profiling below for more information), in certain circumstances, such as when it is in our legitimate interest to do so, or where we have a right to do so because it is necessary for us to enter and perform a contract with you.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal impact on you.

Please contact us in any of the ways set out in the contact information and further advice section if you wish to exercise any of these rights.

The way we process your personal information may involve profiling. This means that we process your personal information using software that can evaluate your personal circumstances and other factors to predict risks or outcomes.

Profiling also includes using automated processes to make predictions such as customer traits and behaviours, which can help us provide more personalised advertising for our products and services.

We may use profiling, or other automated methods, to make decisions about you.

We use profiling to help us develop offers, products and services to provide you with the best customer experience. We also use profiling to see how you use and interact with our website and online tools. This helps us to improve our services to you.
From time to time we use your information, sometimes combined with information from third parties, to place you in groups with similar customers. This combined information is then used to:

• Monitor and improve the products and services we offer.
• Enter into transactions with third parties which help us manage our risk.
• Help prevent crime.
• Decide if our customers might be displaying characteristics that show they may need additional support from us.
• Make sure information is accurate and of a high quality.

An example of customers who are grouped together are those nearing retirement, where we may use profiling of that group to provide information about their retirement options.

Before we use any information from profiling, we carry out checks to make sure there are no legal restrictions on using that information. We also consider whether using the information might cause outcomes that are unfair.

Where possible, we remove personal details you could be identified from, such as your name, and replace these with anonymous details. We do this to protect your information.

We take your privacy and protection of your personal information very seriously. If you have any questions, comments or queries about the way we have collected, or are collecting or using your personal information please contact the Data Protection Officer.

We ask that you please attempt to resolve any complaints about how we handle personal information with us first, but you also have the right to lodge a complaint with the Information Commissioner’s Office:

• Online: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113
• By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We review this privacy notice annually and will place any updates on this website.  We will only inform you of updates where the changes are significant in nature. Paper copies of the privacy notice may also be obtained by emailing dataprotection@nucleusfinancial.com.

This privacy notice was last updated September 2024.