Who we are

This is the privacy policy of Saunderson House Limited (company number 00940473), whose registered office is at 8 Finsbury Circus, London EC2M 7AZ and e-mail shl@saundersonhouse.co.uk. We are a wholly owned subsidiary of Rathbones Group Plc.  Our business is the provision of financial advisory and investment services and in our engagement with clients and prospective clients we will hold your personal information. We set out below important information about our processing of data relating to living individuals by reference to the purposes for which we do so in the context of that business.


The Information we collect

So we can provide you with a service that meets your precise financial needs we obtain certain information about your personal and financial situation and may collect the following information:

  • Identity details: Such as your name, age, date of birth, gender and national insurance number.
  • Personal and Professional Contact details: This includes your email, phone number, mobile number and address.
  • When you apply for a client account with us:
    • Employment details.
    • Family details.
    • Information regarding your current health condition (with your explicit consent).
    • Associated third party information, this includes your spouse, children or beneficiaries of trusts.
    • Financial details, this includes source of wealth, existing investments, tax returns, and bank details.
  • Details concerning your attitude to investment risk. This is collected via the completion of a questionnaire with guidance from our Advisors.
  • Lifestyle information (such as hobbies and interests). We collect this information so that we can better tailor any material we may send to you.
  • Account activity. This information is generated and collected through the provision of our services to you.
  • Information on your children and dependants: Where a child is named as a beneficiary on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender).
  • Internal Protocol (IP) address: This information is collected passively when you use our website or client portal.
  • Use of our website: This information is collected through cookies as further explained in our Cookies Policy.

If you are a spouse, partner or other family member of one of our clients or if you are a representative, trustee, settlor or beneficiary of one of our charity or trust accounts and you share your personal information with us, the terms of this privacy policy will also apply to you.

We may be provided with the information listed above by:

  • Your relatives and other mutual contacts
  • Your parent(s) or legal guardian in relation to minors
  • Trustees of a trust you are connected with, and
  • Trust beneficiaries
  • Your registered agent or introducer

How and why we use this information

We have published this policy so that you understand what we do and why, and in order that, if you wish to challenge us, you have information about your rights. This policy is not detailed with respect to all aspects of our processing of personal data because so much depends on your needs and individual circumstances. We have given as much information as we can by way of default, and we supplement this where appropriate in other documentation.

The purposes are as follows:

  1. Marketing to you as a prospective client
  2. Accepting you as a client
  3. Dealing with you as a client
  4. Performing our services to clients which involve processing personal data about others associated with them, such as a spouse, parent, guardian, child, other family member, a representative of our client, or a trustee, settlor or beneficiary
  5. Operating our business

We have included sections dedicated to describing your rights, our contact information generally and how you can make a complaint.



We take pride in our business which thrives because we provide an excellent service. However, the market in which we operate is competitive and we must continue to attract new clients. To that end we have a legitimate interest in marketing our services to existing and potential clients.

The steps we take to attract potential clients bring us directly and indirectly into contact with them so as to communicate information about our services. We are not intrusive and always respect the wishes of individuals once we are aware of them.
We use information you have provided us to:

  • Communicate directly with you via telephone, e-mail, and other forms of electronic communication.
  • Send you materials about our business, events and information relating to investments.

In addition to any information you have provided us, we may also obtain personal data for marketing purposes from reputable sources, including:

  • Social Media such as LinkedIn
  • Relevant data in the public domain (Corporate website)
  • Referrals from existing clients
  • Information from external data providers in relation to potential target clients only



Where you ask us to act for you there are preliminary steps we need to take before we enter into a contract with you. The process of accepting you as a client has two main parts:

  • Compliance by us with legal obligations to know our clients and to prevent money laundering and terrorism financing; and
  • Obtaining the information we need from you to open your account and provide our services.

Verification documentation: This is collected from you to assist us with verifying your identity and contact details. We need to verify the information you provide to us in order to fulfil our legal obligations, and for this purpose we commonly use public and privately available electronic information sources (we may use third party credit and identity check agencies for this purpose).



Once you have entered into a contract with us, we are able to act for you and carry out your instructions. However, we are also under legal obligations to:

  • Know our clients and to prevent money laundering and terrorism financing
  • To monitor changes in our relationship with you and your affairs.

Thus, from time to time we must repeat the steps we take when accepting you as a client, and the same considerations apply in relation to the processing of personal data relating to you.

The nature of the information we need to provide our services depends on your instructions. Our requirements are reflected in the forms we ask you or others to fill in, and in questions we ask in correspondence and e-mail, or when meeting you or others in person or speaking on the telephone. However, we won’t collect information for which we don’t have a reasonable need in order to carry out your instructions.

Personal data relating to your health is only collected where it is necessary to fulfil your instructions. We will ask you to consent to our obtaining of such information and to its processing for that purpose.

Unfortunately, if you don’t consent or we’re not provided with the information we need in full, we won’t be able to fulfil your instructions adequately or at all.



It is in the legitimate interests of our business to process personal data relating to people other than our clients where necessary in order to provide services to our clients. In some cases, the processing is also in the interests of the third party.

The nature of the information we need to provide our services depends on your instructions. Our requirements are reflected in the forms we ask you or others to fill in, and in questions we ask in correspondence and e-mail, or when meeting you or others in person or speaking on the telephone. However, we won’t collect information for which we don’t have a reasonable need in order to carry out your instructions.

As above Personal data relating to health is only processed where it is necessary to fulfil our client’s instructions. We will ask you to consent to our obtaining of such information and to processing it for that purpose.



This section is concerned with the systems we use to process personal data and our processing of personal data for internal purposes. It is not concerned with the nature of the data, the classes of individual on whom we process data, the classes of the data, the sources and disclosures of the data, nor the period of time which we hold data.

We process personal data using the following principal systems and networks:

  • A client relationship management system which is the repository of all information we hold on current, past and target clients. This system is operated and maintained by SHL staff.
  • Saunderson House Online, which is a web-based portal through which our clients are able to access and manage information relating to them and their investments and products. Saunderson House Online is operated by SHL staff and is hosted on our behalf by a third party.
  • Local and wide area networks for the transmission of data within and between our site locations. The communications services which form part of these networks are procured from a third party, and all data transmitted across the networks are transmitted by SHL staff or representatives or third-parties with whom we are dealing in the course of business.
  • Corporate systems for the processing of all other data.

SHL staff and representatives use computer and communications equipment to access these systems, to perform their duties, and in particular work stations, laptop computers, other mobile computing devices and mobile phones. Personal data is stored on these devices appropriate to the use for the time being.

Additionally, we may use personal data for internal training purposes, corporate governance, management and reporting on a company and group-wide basis.


Who we share your information with

The legal basis on which we deal with people who are not clients or associated with a client depends on the circumstances. In all cases we make sure that we have a legitimate reason to do so in connection with our business.

In addition to sharing your personal data with other members of Rathbones Group Plc, we communicate and deal with all manner of people in the ordinary course of our business, whether suppliers, regulators, other competent authorities, and others incidentally in connection with our business from time to time. In the course of doing so, having regard to the nature and purpose of those dealings, we will obtain and process personal data. We do not use the data for any purpose other than for which it was given to us.

The reasons why we disclose personal information and to whom depends on the services you’ve instructed us to provide and our legal obligations as a provider of financial advisory and investment services. Where we are unsure whether or not you are aware of the disclosure to be made, we will inform you beforehand wherever possible. However, on occasion we disclose information to:

  • HM Revenue & Customs
  • Custodians of your assets
  • Members of your family, including your spouse, partner or other adult members of your family or dependants if you are one of our private clients, where it has been agreed that our services will include these third parties.
  • Representatives, trustees, settlors or beneficiaries if you are one of our charity or trust clients, and in each case, where it has been agreed that our services will include these third parties
  • Very infrequently, we are required by law to report matters to law enforcement agencies for the prevention and detection of crime, including the police, the National Crime Agency. In certain circumstances we are not permitted to inform you that we’ve done so or intend to do so.
  • The Financial Conduct Authority, The Financial Ombudsman, and the Information Commissioner’s Office
  • Our parent company for corporate reporting

To fulfil our commitments to you, we share your information with several third party organisations who perform certain tasks on our behalf. Information is only shared with these third parties to the extent necessary in order to enable them to provide the services required on our behalf. These third parties act on our instructions and are processors of your information. These organisations:

  • provide financial crime prevention or credit reference services,
  • provide psychometric risk tolerance assessment services,
  • firms such as registrars and custodians that hold your assets,
  • are approved providers and administrators of financial products (including pension administration services (e.g. SIPPs), and insurance administration services),
  • Provide us with professional advice (such as our accountants, lawyers and compliance consultancies),
  • We also may share your information with third parties you have a direct contractual relationship with (such as your appointed agent) or to assist in facilitating your acquisition of a third party’s products and services. In these instances, the third party is likely to also be a controller of your information for their own purposes. We ensure that we have in place strong data sharing protocols with these third parties to govern and guide the sharing of your information in these circumstances,


How we protect information

The security and confidentiality of your information is extremely important to us.

All personal data which is collected and recorded, whether on paper or electronically, has appropriate safeguards applied in line with our legal obligations.

Data is protected by our internal policies and procedures designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees undertake regular training in relation to data protection and are subject to duties of confidentiality which apply to the personal data we obtain and process.

Our Information security controls are aligned to industry standards and good practice. This provides a secure control environment that effectively manages risks to the confidentiality, integrity and availability of information. Additionally, our controls ensure we can restore your data in situations where the data is corrupted or lost in a disaster recovery situation.

Where appropriate, we use encryption or other security measures which we deem appropriate to protect your information. We also review our security procedures periodically to consider appropriate new technology and updated methods. But, despite our reasonable efforts, no security measure can ever be perfect or impenetrable.

If you would like more details or are concerned about any particular issue, please contact our Data Protection Officer at the details below.


Where your information is processed

Your information is processed in the UK and European Economic Area (EEA).

Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as required by applicable data protection laws.


How long do we keep your information?

We have a legitimate interest to keep all records relating to our business for our internal purposes and to deal with queries or complaints which may arise.

As a regulated business we also need to keep records for 5 years or longer if required.

We keep personal data of clients only where and for so long as it is necessary to provide you with our products and services while you are a client and afterwards for so long as necessary to meet our legal or regulatory obligations or, if longer, for in relation to claims which could be made against us. Our normal practice is to keep Client information for at least 5 years after you cease to be a client.


Handling telephone calls and other electronic communications

We record all telephone calls and other electronic communications to monitor our communications, provision of our services and for audit and training purposes. We store call and other communication recordings securely in accordance with our retention policies and applicable laws. Access to those recordings is restricted to those individuals who have a need to access them for the purposes set out in this Privacy Policy.


Our Website and Cookies

A cookie is a small file that is saved onto your computer or other device when you visit our website. They store small pieces of information, for example, to record you’ve visited our website or performed a certain action, and to improve your experience when you visit our website. Our full cookie policy is available at https://saundersonhouse.co.uk/cookie-consent/

Our website may contain links to other websites of interest. However, once you have used these links to leave our website, please be aware that we do not have any control over that website. This means that we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites, or which cookies are used. Such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


Your rights in relation to Data Protection

You have several rights under data protection law in relation to how SHL processes your information. These are identified below. More information can be obtained from the Information Commissioner’s website at www.ico.org.uk

Right to be informed

You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with. We do so by means of this Privacy Policy.

Right of access

You have the right to know what personal data we process and to be provided with access to the information. If you wish to receive a copy of the personal information we hold on you, you may make a subject access request.

Right to request that your personal information be rectified

If your personal data are inaccurate or incomplete, you can require that they are corrected.

Right to request erasure

You can ask for your information to be deleted or removed if there is not a compelling reason for SHL to retain it.

Right to restrict processing

You can ask to block or suppress the processing of your personal data for certain reasons. This means that we are still permitted to keep your information but only to ensure we don’t use it in the future for those reasons you have restricted.

Right to data portability

You can ask for a copy of your personal data for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way; for example, if you were moving your pension to another pension provider.

Right to object or withdraw consent

You can object to SHL processing your personal data where it is based on our legitimate interests, in which case we can no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can object at any time to our use of personal data relating to you in connection with our direct marketing with a view attracting you as a client. Where you do so, the personal data shall not afterwards be processed for such purposes.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where we are processing personal data about you with your consent you can withdraw it at any time. However, where you do it may not be possible for us to continue to fulfil your instructions adequately or at all.

Contact Information and Complaints

How to contact us                                                                               

If you have any questions about this Privacy Policy or the personal data we will obtain and process about you, please contact:

Saunderson House Limited
1 Long Lane
FAO: Data Protection Officer

How to make a complaint

If you do not believe we have handled your information as set out in our Privacy Policy, or you otherwise wish to complain about our handling of personal data relating to you, please contact our Data Protection Officer at the above address.

If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
SK9 5AF;
0303 123 1113

Policy changes

If we decide to change this privacy policy, we’ll post the updated privacy policy on our website so that you’re always aware of what personal information we collect, how we use it and under what circumstances we disclose it. This privacy policy was last updated June 2023.