Privacy Policy

Privacy Policy

Privacy Policy


In order that we can provide investment services to you and meet our ongoing legal and regulatory obligations, we must obtain and hold information about you. We obtain information from you at the start of your relationship with us, and on an ongoing basis through information requests.

This privacy policy explains why we ask for your information, how we use it and the steps we take to protect it.

Within the General Data Protection Regulation (GDPR) we are classified as a data controller.

If you have any questions regarding this policy please contact our Compliance Team on the contact details below.

About us

Barratt & Cooke Limited is an independently-owned firm. Our trading name is Barratt & Cooke and the address of our principal place of business is 5 Opie Street, Norwich, Norfolk, NR1 3DW. Our telephone number is 01603 624 236.

What personal data do we collect and why do we need it?

We require different levels of information about you depending on the service you receive from us, or your relationship with us:

  • Execution-Only Services - we require ‘core’ information from you, such as your name, address, date of birth, National Insurance No. etc. We need this type of personal data in order that we can identify and communicate with you, provide basic investment services to you and meet our legal and regulatory obligations.
  • Portfolio Management Services - in addition to the ‘core’ information highlighted above, we also require information (as requested within our client agreements and know your client documents) confirming other details, such as your financial circumstances, investment knowledge and health status. We require this additional information in order to ensure that we invest in line with your capacity for loss, risk appetite and other preferences.
  • Entities (trusts/charities/companies) - all entities will have individuals who either control (trustees or directors) or benefit (beneficiaries or beneficial owners) from its status. We require ‘core’ information for these individuals in order to satisfy our legal and regulatory obligations. Due to the nature of our relationship with entities, if you are a controlling person we will rely on you to inform beneficiaries, as appropriate, as we will usually not be in a position to contact beneficiaries directly.

What lawful basis do we rely on for processing your information?

Based on why we need and how we use your information, we process your personal data on three main grounds:

  • Contractually – our client agreements (including ongoing Client Data Reports) and terms and conditions form a contract between us.
  • Legal Obligations – as a regulated financial services company, we have legal obligations which we must adhere to; whereby, in order to comply with these obligations, we must obtain certain details about you e.g. for fraud and crime prevention purposes.
  • Legitimate Interests – we might have a business or commercial reason to process your information in order to manage our relationship with you or develop and improve our systems and services. However, we must assess whether it is fair to your rights prior to doing so.

Additionally, under certain circumstances we will require your consent to process your information, for example:

  • Special Category Data – Information regarding your health status falls within this category. We enquire as to the status of your health, if you are using our portfolio management services, as it could affect how your funds are invested. In order to hold this information, we must have your explicit consent.

How do we use your personal information?

As mentioned above, we use your information in order that we can provide the appropriate level of service you require from us. We are, however, required to share your information with third-parties under certain circumstances, as part of our ordinary business activities, in order to fulfil our contractual obligations to you or satisfy our legal obligations, see examples below:

  • We will provide company registrars with your name and address if you require a share certificate to be issued.
  • In order to perform due diligence for the prevention of financial crime, we will confirm your details (name, address and date of birth) against the records held at an identity verification agency.
  • Following each transaction, we must provide details of the individuals associated with it to the FCA for market abuse prevention purposes.
  • We must submit annual reports to HMRC in order to comply with, for instance, global Automatic Exchange of Information (AEOI) standards.
  • We provide company registrars with your bank account details if you request that dividends are mandated directly to you.
  • Our auditors will review processes throughout our operations in order to confirm that we are operating in line with best practices and safeguarding clients’ assets.
  • If you make use of our online valuation service, we share your name, address and holdings details with our software provider.
  • We must provide any information requested as part of regulatory enquiries.

We will not, however, sell or share your information with third-parties for marketing or other purposes.

How long do we hold your data for?

We will hold your data for different periods of time depending upon factors including the nature of the information held, your relationship with us or for other legal/commercial reasons.

Generally, we will retain your data for a minimum of 7 years from when you cease to be a client. We do this to satisfy our regulatory requirements in order that we are able to answer any queries which could be made by you, or our regulators, at a future date.

What are your rights?

As we hold your information, you have legal rights in relation to the use of it. These are detailed below:

  • Right of access – you can request a copy of the personal data held by us, which will be supplied to you within one month. We can refuse the request under certain circumstances, including where the request is manifestly unfounded or excessive.
  • Right to rectification – if you believe that the information we hold about you is inaccurate or incomplete, you may request that it is rectified.
  • Right to restrict processing – you can, under certain circumstances, request that we restrict our processing of your data. However, such requests might not be actionable if we have other legal or regulatory requirements which override them.
  • Right to erasure (also known as the 'right to be forgotten') – you can, under certain circumstances, request that your data is erased. However, such requests might be refused due to overriding legal or regulatory obligations which we must adhere to.
  • Right to portability – you have the right, under certain circumstances, to request that your data is transferred to a third-party.
  • Right to lodge a complaint – if you are unhappy with how we manage your data you should contact our Compliance Team. If, following our response, you remain unsatisfied, you have the right to complain to the Information Commissioner’s Office (ICO) via its website:

If you would like to exercise any of your rights, please contact our Compliance Team.

How do we protect your data?

We take maintaining the confidential nature of your personal data very seriously and understand our responsibilities in protecting and managing it. We therefore ensure that our staff are trained on the importance of data protection and we have in place policies and procedures to ensure that your information is not incorrectly processed or disclosed. We also ensure that our systems are adequately protected through the use of security measures such as firewalls, personal passwords and restricted access to certain functions.

How do we use cookies?

Cookies are small files that can be used by websites to make a user’s experience more efficient. The files are sent to your PC, mobile phone or tablet when you visit our website and are stored on your device for a defined period of time.

Cookies are known as either session cookies or persistent cookies. A session cookie lasts for the length of your visit to our website; whereas, a persistent cookie has a future expiry date, at which time your device will automatically delete it.

We use cookies for various reasons, which include to help with your security whilst you are on our website, or to identify you if you revisit our website at a future date. Due to this some cookies are classed as essential for our website to work, whilst others are nonessential, and as such you can decide whether or not to allow their use. We do not use cookies for marketing purposes.

For details of the cookies we use and to manage your cookie preferences, please visit our website at