Privacy Policy

The following data protection information gives an overview of our collection and processing of your data. 

Wren Investment Office Limited (Wren) is authorised and regulated by the Financial Conduct Authority, registration number 816265. Wren’s registered office is 66 Lincoln’s Inn Fields, London, WC2A 3LH and its place of business is 84 Eccleston Square, London, SW1V 1PX. Wren is registered with the Information Commissioner’s Office under number ZA206260.

Wren is committed to the security, confidentiality, and protection of personal data. This policy explains how we use personal data and should be read in conjunction with any other documentation provided directly to you.

This policy was last reviewed during December 2024 and may be amended from time to time.

DATA PROTECTION REGULATION

The Data Protection Act (DPA) 2018 superseded the Data Protection Act (1998). Under the DPA 2018, the definition of personal data was expanded, and individuals were given the right to control and choose how their personal data is used.

HOW WE OBTAIN YOUR PERSONAL DATA

We collect and otherwise process personal data relating to clients, prospective clients and any other person(s) involved in the business relationship, as the case may be, such as authorised representative(s), professional advisors, person(s) holding a power of attorney and beneficial owners. In connection with a product or service provided to our clients, we may also collect information about their dependents or family members.  We also process - insofar as necessary to provide our services - personal data that we obtain from publicly accessible sources.

Typically, it comes from the following sources:

  • Contractual agreements or other material provided during our relationship.

  • Correspondence received from you such as email, telephone conversations, facsimiles, letters, face to face discussions, text messages, contact through our website and other forms of communication.

  • We may keep a record of all correspondence received. We are required to record telephone and electronic communications that contain order execution instructions.

  • Third party firms for credit reference and money laundering checks.

  • HM Land Registry, Companies House, Charities Commission, sanctions lists, internet and press.

 

PERSONAL DATA WE COLLECT

If you are a customer, we collect information to assist in the provision of services to you. This information may include:

  • Your full name including title, maiden name, marital status, date of birth and gender.

  • Contact details such as residential address, email, and telephone numbers.

  • Financial information, including your bank account and details of investments held with us and elsewhere. We may also record details of financial transactions placed across your accounts, whether held with us or elsewhere.

  • Identifiers such as your national insurance number or equivalent in overseas jurisdictions, tax reference, driving licence number, passport number, internet protocol address and our own internal identifiers.

  • Data used to access our client portal such as username, password, online preferences, and usage information.

  • Information required to conduct ‘know your client’ checks such as details relating to your passport or other photographic identification, your credit history, current and previous addresses, and source of funds.

  • Data related to designation as a politically exposed person (PEP)

  • Data provided during your dealings with us.

 

If you are a business associate, we collect information to monitor services we have contracted for, or to assess services that are available to us. This information may include:

  • Your full name including title.

  • Your occupation and job title.

  • Contact details for you at your place of business such as address, email, and telephone number.

  • Data provided during your dealings with us.

 

Please note, we do not request any special categories of personal data. Under the DPA 2018, special category data is more sensitive and therefore needs more protection. Categories include race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; sexual orientation.

When requested, you are not required to provide personal information, however, in doing so, we may not be able to proceed with a business relationship.

 

OUR USE OF YOUR INFORMATION

We collect and use information to provide services to you, or to receive services from you, in accordance with contractual obligations. We only use your information for our legitimate interests or, in certain circumstances, for those of a third party.

Our legitimate interests are:

  • To administer and operate customer account(s) and to provide investment management services.

  • To provide advisory services.

  • To provide information relevant to other services we provide.

  • To facilitate our business operations and to ensure compliance with any legal and regulatory requirements that we are subject to.

 

INFORMATION DISCLOSURE

Personal information may be disclosed to third party associates who provide us with custodial, reporting, professional, legal, accounting, or other services. This may include providing personal data to third parties to comply with anti-money laundering regulations. Such processing may involve the use of automated decision making to confirm your identity.

All third parties are required to maintain the confidentiality of your personal data and to treat it in accordance with the law. Third parties are not permitted to use your data for any purpose other than that covered by their contractual arrangements with us.

We may disclose your personal information as required by, or to comply with, legal, regulatory, or statutory requirements, or at the request of supervisory or governmental bodies.

Your personal data is not shared with any other organisations for marketing purposes and will not be used by us for marketing purposes unless explicit consent has been provided by you.

DATA TRANSFER TO THIRD COUNTRIES OR AN INTERNATIONAL ORGANISATION

Data transfers to legal entities outside the UK, European Union and states with Data Protection Legislation deemed adequate or equivalent by the European Commission (together known as "third countries") may take place so long as:

  • It is necessary for the purpose of carrying out your orders

  • It is required by law (e.g. reporting obligations under financial regulation)

  • To fulfil our legitimate interests

  • You have granted us your consent

Should we share personal data cross-border we will ensure that third-party business associates we are contracted with adhere to standards and requirements similar to protections provided by the DPA 2018 under our responsibility as a data controller.

 

YOUR RIGHTS

Data protection laws provide you with the following rights:

  • The right to check if we hold personal information about you.

  • The right to see the information we hold about you.

  • The right to have inaccurate information rectified.

  • The right to be forgotten and to have certain information erased.

  • The right to restrict processing of your personal data.

  • The right to request that your personal information is transferred to a commonly used machine-readable format and provided to you or a third party.

  • The right to object to the use of your information, including the right to restrict marketing.

  • The right to restrict automated decision making and profiling, unless there are legitimate grounds for doing so and safeguards are in place to protect individual rights and freedoms.

  • The right to withdraw consent previously provided to us to handle your information.

Please note, under the DPA 2018, there is scope for these rights to be ignored if compliance with them seriously impacts our ability to carry out functions when processing data for scientific, historical, statistical, and archiving purposes.

To exercise any of these rights, please get in touch using the contact details at the bottom of this policy.

Please note, if you are a client, by executing some of these rights, we may not be able to continue providing services to you.

If you are not satisfied with how we have handled your information you have a right to complain to the Information Commissioner’s Office (ico.org.uk).

 

RETENTION

We can retain your personal information for as long as required to provide services to you. After the termination of contracts, we may retain data for a period of six years to comply with legal and regulatory requirements. After the expiration of six years, your personal data will be deleted.

If compelled to do so by statutory, regulatory, or governmental bodies, we may retain your personal data for an undefined period of time.

 

CHILDREN

The DPA 2018 recognises that children need particular protection as they may be less aware of the risks involved with their personal data. We may collect children’s personal data for the provision of certain accounts, such as a Junior ISA (JISA). Under such circumstances, we only collect limited personal data such as full name including title, date of birth and residential address.

Children have the same rights as adults over their personal data.

 

THIRD PARTY WEBSITES

Our website may include links to others, but we are not responsible for the accuracy or completeness of information supplied by third party sites.  We suggest you read the individual privacy policies for any websites visited.

COOKIES

When accessing our website and client portal, cookies, small text files placed on your computer, may be used. Browsers recognise when a cookie is offered and permit you to refuse or accept it. We cannot see your IP address when you access our website, however, it may be used by Google Analytics to track user behaviour.

WHO IS RESPONSIBLE FOR DATA PROCESSING AND HOW CAN I CONTACT THEM?

You can reach our Data Protection Officer at:

Chief Operating Officer,
Wren Investment Office Limited,
84 Eccleston Square,
London, SW1V 1PX

info@wreninvestmentoffice.com