Quilter plc Privacy notice

At Quilter plc, we are committed to protecting your privacy and ensuring that your personal information is collected and used appropriately, lawfully and transparently.

This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This privacy notice explains:

• Who we are;
• Your rights;
• What personal information we collect;
• How we use your personal information;
• Who we share your information with and why;
• How we keep your information secure;
• How to manage your marketing permissions; and
• How to contact us.

In this document, “We”, “Us” and “Quilter” refers to Quilter Plc.

Who we are

Quilter is a leading UK-focused full-service wealth manager, providing advice-led investment solutions and investment platform services to over 900,000 customers.

Our purpose is to help create brighter financial futures for every generation.

We strive to do this through supporting long-term advice-based relationships, delivering good investment management performance while maintaining consistently high-quality customer service.

We provide wealth management products and services through a network of companies and businesses based around the world and give customers and financial advisers choice and flexibility in how they choose to access our solutions and services.

This Privacy Notice covers all entities within the Quilter group. However, these companies may also host their own Privacy Notice which could augment this document.

For the purposes of data privacy laws, we are a Data Controller in relation to the information that we collect and hold about you. This means that we are responsible for ensuring that your data is processed fairly and lawfully by us.

Quilter will comply with all relevant data protection laws which require that the personal information we hold about you must be:

• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that we have clearly explained to you;
• Relevant to the purposes we have told you about and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about; and
• Kept securely.

Your rights

Quilter tries to be as open as it can be in terms of giving people access to their personal information and therefore have outlined your rights below.

You have the right to ask us:

• whether we are processing your personal information and the purposes (the right to be informed) – this is delivered through ‘fair processing information’ such as this Privacy Notice;
• for a copy of the personal information that we hold about you (the right of access);
• to update or correct your personal information (the right to rectification);
• to delete your information (the right to erasure); and
• to restrict processing of your personal information where appropriate (the right to restrict processing).

In certain circumstances you also have the right to:

• object to the processing of your personal information (the right to object);
• object to automated decision-making and profiling (the right not to be subject to automated decision-making including profiling); and
• request that information about you is provided to a third party in a commonly used, machine readable form (the right to data portability).

Exercising your rights

For information about your individual rights, including how to correct, restrict, delete, make changes to your personal information or if you wish to request a copy of the personal information we hold about you, please contact us by emailing us at Privacy@quilter.com.

More information about your data protection rights can be found on the Information Commissioner’s Office (ICO) website as well as on other regulators’ websites.

If you would like to write to us, our postal address for data protection matters is:

   Group Data Protection Officer
   Quilter Plc

   SUNDERLAND
   SR43 4JP

However, we have adopted a flexible model for working so please note that written communications will take longer to respond to than emails.

Further information

This privacy notice was drafted with brevity and clarity in mind, however further information can be obtained by contacting us using the details in the "How to contact us" section. More information about your data protection rights can be found via:

• UK Information Commissioner’s Office (ICO)
• Irish Data Protection Commission
• Jersey Office of the Information Commissioner
• DIFC Commissioner of Data Protection

What personal information we collect

Personal data means information by which you may be personally identified directly or indirectly.

We collect certain personal information about you, this includes your name, address, or phone number and other information. We collect this information about you when you:

• Use our website and secure online services;
• Contact us about products and/or services;
• Join the Quilter network as an adviser firm or independent financial adviser;
• Register with us to use our technology platform;
• Complete a fund application;
• Apply for and receive our services;
• Visit or contact our recruitment managers;
• Complete our application form;
• Apply for employment;
• Visit a financial adviser; and
• Register to receive one of our newsletters, communications or attend an event organised by us.

The type of personal information we collect will depend on the purpose for which it is collected and may include:

• Information about you to help identify you and manage your relationship with Quilter and, in some circumstances, as required by our regulators (e.g. Account number, Customer ID or Number, Name, Address, Age / Date Of Birth, Dependents' Details, Tax ID, National Insurance Number, Identity Check Information (e.g. Mother's Maiden Name, Name of First Pet), Email Address(es), Marital Status, Postcode, Telephone Number(s), Title, Gender);
• Information about your account with us (e.g. Past engagements with Quilter, Personal Preferences, Marketing Preferences, Policy and investment information, etc);
• Copies of documentation (e.g. statements, letters, copies of official documents (e.g. passports, driving licences, etc));
• Economic and financial information (e.g. credit card numbers, bank details, Past investment performance, etc and information pertaining to County Court Judgements (CCJs) and any debt history);
• Investment preferences (e.g. your views and preferences around portfolios in which to invest, or not to invest in which may indirectly reveal some religious, political or philosophical views that you hold);
• Audio and visual information when we are recording interactions with you, or when you visit one of our premises (e.g. call recordings or Closed Circuit Television);
• Employment and educational information (e.g. employer details, relevant professional qualifications, etc);
• Marketing / Communications Data (e.g. Information relating to Marketing and External Communications (e.g. Marketing Campaigns, Opt-In Information, etc));
• Lifestyle, Health and Medical information for you, your family and other parties with a material interest in the product(s) (e.g. specific illness, smoker, disability, gender reassignment);
• Relationship Information (e.g. information relating to other parties directly associated with your policy (e.g. dependents, beneficiaries, trustees, etc); and
• Complaint Information (e.g. Complaint Description, Complaint Type, Reason/Details of the complaint).

We collect personal information directly from you. For example, we ask for personal information at the start of our relationship (e.g. when you apply for a policy or service) and in subsequent communications in order to manage our relationship (such as periodic “Fit and Proper” or competency checks). This is a regulatory requirement imposed by our Regulators and is important to help safeguard you and us against potential crime.

Where we provide our services to trusts, we collect the personal information listed for the settler, beneficiaries and trustees of that trust. Where we provide our services to companies we may collect personal information for Directors, Shareholders and Beneficial Owners of the company. Where we provide our services to charities, we may collect personal information about the trustees or directors of that charity.

We may also collect information about you from other sources such as:

• other companies within the Quilter Plc group;
• your adviser;
• another agent (if you have one);
• the company who you act on behalf of;
• regulatory bodies, such as the UK FCA;
• credit and fraud prevention agencies, including sanctions lists; and
• external third parties (e.g. credit reference agencies to verify your identity and to check financial soundness).

Data Retention

We keep your personal information only as long as is necessary for the purpose for which it was collected, or for legal or regulatory reasons. Personal information will be securely disposed of when it is no longer required in accordance with our Personal Data Retention Standard.

Special category data and criminal conviction data

Quilter may also gather more sensitive personal data, called special category data, for example, as part of recruitment. This type of data can include racial or ethnic origin, genetic or health information or sexual orientation. The processing of some of this data is necessary for us to fulfil the obligations on us. In such cases, we will always explain this during the process and explain what information we require and why it is needed. We process any special category data we collect either using the lawful basis of substantial public interest or with your explicit consent. Special category data will always be processed and stored securely.

Where it is necessary, we may also collect information relating to an individual's criminal convictions. If this is the case we will explain what information we require and why it is needed and we will process this data using the lawful basis of substantial public interest.

Cookies and similar technologies

Our website may collect information from your computer using “cookies” and similar technologies which provide us with limited personal information. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the website owners.

You can choose not to accept any non-essential cookies for your interactions, however, in a few cases, some of our website features may not function as a result. You can also delete any cookies that you may have accidentally accepted from your devices’ browser settings page.

More information about the cookies we use on our website can be found here.

How we use your personal information

We process your information for the following purposes:

• To perform our contract with you and to support and maintain that relationship. This includes the following:
  • assessing and processing an application for our services;
  • providing our products and/or services to you, including the management of our relationship with you, your firm, your adviser, or any other agent (if you have one);
  • carrying out transactions you have requested or on your behalf;
  • recording specific needs or adjustments you have or may require from time to time such as text to speech, large print, family representatives or medical reasons which allow us to better assist with your understanding of our products and services;
  • managing complaints and interactions with you;
  • monitoring or recording communications (such as telephone and video calls) with you to resolve any queries or issues and also for training and quality purposes and, in some cases to comply with regulatory requirements;
  • assessing your application for life and protection policies (using automated decision-making tools when necessary);
  • ensuring that a firm’s operation meets our expectations, and those of our regulators (such as undertaking audits and investigations into network activity);
  • record keeping in order to ensure our products and/or services operate within the law and relevant regulatory requirements;
  • as part of our recruitment activities; and
  • providing other services (e.g. enhanced due diligence, underwriting, reinsurance, data hosting, online services, and payments or reporting of any tax or levy).

• To comply with legal and regulatory requirements. These requirements include the following:

• • confirming your identity for regulatory purposes;
  • detecting and preventing fraud, money laundering, terrorist financing, bribery or other malpractice;
  • to meet tax reporting obligations such as Common Reporting Standards (CRS) and the US Foreign Account Tax Compliance Act (FATCA); and
  • to fulfil our data protection obligations.

• For specific business purposes to enable us to provide you with appropriate products and services and a secure experience. Our business purposes include the following:

• • verifying your identity for security purposes;
  • providing service messages which are relevant to our relationship with you and communications which are required to meet our regulatory obligations;
  • sending you marketing communications which you have either opted into receiving, or which relate to similar products or services to those you receive from us or other companies in our group (using the ‘soft opt-in’ rule, more information about this rule can be found here);
  • enhancing, modifying and personalising our services for your benefit;
  • to undertake Profiling activities;
  • audit and record keeping purposes;
  • general training and quality purposes;
  • enhancing the security of our network and information systems;
  • maintaining effective management systems including internal reporting to our parent company and other members of our corporate group;
  • ensuring the integrity of our systems (for example, during final stages of testing where it is necessary to use real data to ensure that any system improvements do not interrupt business or corrupt the data);
  • providing reports and other communications to you where we are required to do so;
  • monitoring the number of visitors and usage of our website, and to maintain its effective operation;
  • to obtain and manage our own insurance; and
  • customer satisfaction research, statistical analysis and wider market research to capture the views and opinions of our customers.

We may also process your personal data as part of an acquisition or sale. Should this happen, you’ll be notified about any change to processing or data controller arising as a result of this activity.

You have the right to object to us processing your personal information for some of the business purposes listed above but, if you do so, this may impact on our ability to provide some or all of our services to you.

Profiling

Profiling involves the use of basic identifiers about you such as your name and address and matching this with information from third party services to create a demographic model and infer customer ‘types’. This helps us define groups based on factors like interests, age, location and more so we can better understand our customers to adapt and improve our products and services, and to ensure that we are developing and providing services that meet the needs of our customers, as is required by the Financial Conduct Authority (FCA).

Artificial Intelligence (AI)

At Quilter, we may utilise AI technologies, including machine learning, to perform some activities. Where this is the case, the output can be reviewed using human oversight. We will always endeavour to use AI technologies ethically in line with legislation, regulatory guidance and governmental policy and we will anonymise or aggregate personal data where appropriate.

Lawful basis

Quilter operate under a number of legal bases as required under the regulations. These include:

• Consent;
• Legitimate Interests;
• Substantial Public Interest;
• Performance of a Contract; and
• Compliance with a Legal Obligation.

Who we share your information with and why

We share your information with trusted third parties and service providers who perform tasks for us and help us to provide our products and/or services to you, and with other agencies where required by law, court order or regulation. These may include:

• Companies within the Quilter Plc Group
  • for administrative, analytical and statistical purposes;
  • for testing the information systems operated by our companies;
  • for producing a consolidated view of our relationship with you in order to meet our regulatory obligations and to enhance the services we can offer you;
  • for sending you marketing communications which you have either opted into receiving, or which relate to similar products or services to those you receive from us or other companies in our group (using the ‘soft opt-in’ rule, more information about this rule can be found here);
  • for providing service messages which are relevant to our relationship with you and communications which are required to meet our regulatory obligations; and
  • for handling complaints and fulfilling data subjects' rights (such as the Right of Access).

• Companies appointed by Quilter (these third parties may be based in countries outside the UK or EU)

• • with third parties or service providers who perform tasks for us to help us provide our services to you or to allow us to meet legal and regulatory requirements, including any necessary tax reporting, verifying your identity, source of wealth, financial crime prevention or other requirements (this may involve carrying out checks with credit reference databases);
  • with third parties or service providers who provide additional data about you in order to enhance our ability to design and develop new products and services that can be marketed and sold which meet the needs of our identified consumer groups and are targeted accordingly;
  • with third parties or service providers who use data to build lookalike audiences for marketing activity and social media advertising;
  • with third parties who may carry out marketing campaigns on behalf of Quilter companies;
  • with securities, options and futures markets and exchanges on which we may deal in connection with your account with us;
  • with a clearing house or clearing agent (or with investigators, inspectors or agents appointed by any of them) for the purpose of executing and settling transactions we have entered into on your behalf;
  • with credit reference agencies to check the financial suitability of the products and services;

• with insurance providers;

• • with debt collection agencies for tracing and recovery of debts;
  • with payment service providers to allow payments to be completed;
  • with our accountants to produce tax statements and in support of statutory reporting;
  • with our appointed legal or regulatory advisers or auditors;
  • with information technology and information security providers;
  • with a prospective buyer (or its advisers), for due diligence purposes, if we are considering a sale of any of our business or assets;
  • with third parties or service providers to conduct market research on our behalf, to help us improve and develop the products and services we provide to you and our other customers;
  • with third party product providers where you choose to take up their service through Quilter organisations;
  • with third party organisations where professional independence checks are necessary;
  • with third parties or service providers to conduct quality checks on the interactions between us, any adviser firm and you; and
  • with any successor to all or part of our business. For example, in the event of a merger, acquisition, divestiture, change of control or liquidation of Quilter or part of its business (or in anticipation of such an event), we may share your personal data as part of that transaction where required in order to fulfil our obligations in this Notice.

• Organisations and parties appointed by you or authorised by you

• • with your financial adviser or agent (and their Principal if they are an Appointed Representative), third party data providers or aggregators used by your adviser and any other party authorised by you;
  • with third parties where you have given your consent to receive marketing information;
  • with your accountants to produce tax statements and in support of statutory reporting;
  • with an appointed discretionary asset manager or custodian to meet their legal or regulatory requirements;
  • with investment, wealth or product providers who ask for that information in order to allow us to make investments on your behalf or to continue to provide our services to you; and
  • with other third parties where it is necessary to deliver the services that you have requested.

• Statutory authorities
  • with organisations, including the police authorities and fraud prevention agencies, to prevent and detect fraud;
  • with regulatory or governmental agencies such as the UK Financial Conduct Authority, Jersey Financial Services Commission, The DIFC Commissioner of Data Protection, Dubai Financial Services Authority, HM Revenue and Customs, UK Information Commissioner’s Office, The Jersey Office of the Information Commissioner, The Irish Data Protection Commission and the Central Bank of Ireland; 
  • with professional bodies; and
  • with other agencies where required by law, court order or regulation.

If you would like further information regarding the specific named recipients that we share data with, please contact us using the information in the “How to contact us” section.

How we keep your information secure

We’re committed to ensuring the confidentiality of the personal information that we hold, and we continue to review our security controls and related policies and procedures to ensure that your personal information remains secure.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure and prevented from unauthorised or accidental access, processing, copying, modification, erasure, loss or use.

If we work with third parties in countries outside the United Kingdom, we ensure these are countries that the UK Government and the European Commission have confirmed have an adequate level of protection for personal information, or the organisation receiving the personal data has provided adequate safeguards and agrees to treat your information with the same level of protection as we would.

We also utilise UK International Data Transfer Agreements and EU Standard Contractual Clauses for transfers outside of the United Kingdom or European Economic Area.

In limited circumstances, data may be accessed by employees outside of our usual operating locations.  In these circumstances, we ensure there are appropriate information security measures in place to safeguard your information.

How to manage your marketing permissions

Quilter carries out much of its marketing activity using the lawful basis of ‘legitimate interests’, specifically using the ‘soft opt-in’ which is permitted under UK law. When we collect your ‘soft opt-in’ we are doing so on behalf of the Quilter trading businesses of Quilter Investment Platform, Quilter Financial Planning, Quilter Investors, Quilter Cheviot and NuWealth, and only for products and services that are suitably similar to products or services which you already have with Quilter.

You may withdraw your agreement to receiving marketing information by using the ‘unsubscribe’ link that is contained in all electronic marketing messages. You may choose which topics you wish to receive communications regarding and for which businesses. Alternatively, you can contact us using any of the mechanisms included in the “How to contact us” section of this notice.

We do not share your marketing permissions with third parties to allow them to market their own products and services, but we may share information with third parties to allow them to execute marketing on our behalf.

How to contact us

If you have questions about this notice, or need further information about our privacy practices, or wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection team who will investigate the matter.

Quilter Group	Quilter Financial Planning	Quilter Investment Platform
Privacy@quilter.com	QFPDataGuardian@quilter.com	QIPDataGuardian@quilter.com
Quilter Investors	Quilter Cheviot (QC) (incl. QC Europe, QC International and QC Financial Planning)	NuWealth
Privacy@quilter.com	Privacy@quiltercheviot.com	Privacy@quilter.com

If you wish to write to us then you can do so by addressing your correspondence to “Quilter Privacy Office, SUNDERLAND, SR43 4JP”.

How to complain

If you are not satisfied with our response you can complain to our regulator:

United Kingdom	Ireland
The Information Commissioner’s Office (ICO)  Wycliffe House  Water Lane  Wilmslow  Cheshire  SK9 5AF  Tel: 0303 123 1113  http://www.ico.org.uk/concerns	Ireland Data Protection Commission  21 Fitzwilliam Square South  Dublin 2  D02 RD28  Ireland  Tel: (01) 765 01 00  https://forms.dataprotection.ie/contact
Jersey	Dubai
Jersey Office of the Information Commissioner  Office of the Information Commissioner  2nd Floor, 5 Castle Street  St Helier  Jersey  JE2 3BT  Email: enquiries@jerseyoic.org  Tel: +44 (0) 1534 716530	DIFC Commissioner of Data Protection  Level 14, The Gate Building  Dubai  Email: commissioner@dp.difc.ae  or  dpo@difc.ae  Tel: +971 4 362 2222

Should you reside in a jurisdiction that is not listed above, please consult the guidance of your local Data Protection Supervisor.

 

Last update: 22/04/2025