Privacy Policy - Data Protection & Anti Money Laundering

Privacy Policy

Andrew Caddick takes the privacy of personal data seriously and the legal and compliant treatment of this data is at the core of our operations.

We therefore ask you to please read the following important information which explains how we collect, store and use your personal data.

IFAI Limited is registered under the Data Protection Act (DPA) 1998. The General Data Protection Regulation (GDPR) has revised provisions of the DPA 1998, and as such our privacy policy has been amended accordingly. The GDPR is enforceable from 25th May 2018.

1. Who are we?

Andrew Caddick is a restricted Financial Adviser, offering Investment Consultant services to individuals, trustees and their businesses.

IFAI LTD UK & Andrew Caddick holds an office at 3.3 Madison, Midtown, Gibraltar. GX11 1AA.

2. What do we mean by Personal Data?

By personal data (or personal information), we mean information that relates to you and is used to identify you, either directly or in conjunction with other material we hold.

3. How do we collect information from you?

We collect personal information about you as and when you consent to us doing so by signing our Data Consent forms, or by indicating consent on our online forms. We gather your consent in writing before entering into business relations with you.

4. What type of information do we collect?

The information we collect may include your name, address, email address and phone number. Furthermore, information about your health, lifestyle and finances can be collected depending whether it is necessary for the advice we are providing.

We may also ask for evidence of your identity, for example your passport, driving license, proof of residence or income.

5. Why do we collect information from you?

We use your personal information for the following:

Provision of advice and services or to provide you with the information, products and services you have requested from us.

To comply with legislation in relation to anti money laundering regulations and the Financial Services Act.

6. How do we protect your personal information?

Any personal information we collect, record, or use in any way, be it on computer, hard copy or in any other form, is secured through our safeguarding processes to ensure that we meet our obligations under the Data Protection Act 1998.

7. What are your rights surrounding your personal information?

The GDPR enhances your rights surrounding your personal data. This includes:

The right to be informed – we will provide you with a copy of this privacy policy before seeking our consent to store/process your personal data.

The right of access – you have the right to request a copy of any personal information we hold on you. This will be provided in a structured format, free of charge, within 30 days of your request. Requests can be made in writing, by phone or by email, to any of our contact details provided below.

3.3 Madison, Midtown, Gibraltar, GX11 1AA.

(+35) 0 20067469

3. The right to rectification – you have the right to request us to rectify any of your personal data which you believe is inaccurate or incomplete. We will respond within one month (this can be extended by two months where the request for rectification is complex). Requests can be made in writing, by phone or by email, to any of our contact details provided above.

4. The right to erasure – you have the right to request ‘to be forgotten’, i.e. for us to delete all records of your personal data. We will comply with your request, unless we have a legal obligation to continue to hold your personal data, in which case we will inform you of the reason we are unable to complete your request.

5. The right to restrict processing – you have the right to ‘block’ or suppress processing of personal data – in this case we will retain just enough information about you to ensure that the restriction is respected in future.

6. The right to data portability – you may request a copy of your personal data, in order to use it for your own purposes across different services, e.g. moving it from one IT environment to another in a safe and secure way. We will provide the data in a structured, commonly used and machine-readable form, e.g. CSV files. This will be provided free of charge and within one month (this can be extended by two months where the request is complex).

7. The right to object - you have the right to object to us processing your personal data for direct marketing purposes, and historical or statistical purposes, and we will respect this request as soon as we receive it (by post/email/phone, details of which are provided above).

8. Who do we share your personal information with?

We will only share your personal data with third parties when it is necessary for the service you have asked us to provide, and we will have contracts/safeguards in place to ensure that they treat the privacy of your personal data with the same importance as we do. You will be advised of the specific third parties with whom we may share your data.

These third parties, amongst others, may include:

• Relevant Regulatory Authorities

• The Information Commissioner’s Office

• Compliance Services

• Trustees

• Insurance Companies

9. Updates to this Policy

This Privacy Policy will be reviewed periodically and updated to comply with any new legislation – the most recent of which, the GDPR is currently being introduced and will be enforceable from 25th May 2018.

This policy was last updated in April 2019.


1. The General Data Protection Regulations (GDPR) have revised provisions of the Data Protection Act 1998, and as such our data policy has been amended accordingly. The GDPR will be enforceable from 25th May 2018.

2. The Data we collect is subject to active consent by you and you can revoke this consent at any time.

3. We will obtain your consent to hold on file (electronic and/or paper based) as required to be able to advise you as to your financial planning needs.

4. Any Data you consent to us handling or processing is governed in accordance with our Data Protection Policy, which is available at

5. Where business services are provided to us by third parties then circumstances may arise which warrant the disclosure of more than just your basic contact details. On these occasions, such as processing business, and obtaining compliance and regulatory advice you agree that personal information held by us may be disclosed on a confidential basis, and in accordance with the Data Protection Act 1998 as amended by General Data Protection Regulations (GDPR), to such third parties. You agree that this information may be transferred electronically, (e.g. e-mail). You also agree that we or any such third party may contact you in the future by any means of communication which we or they consider appropriate at the time.

6. We are required to verify your identity in accordance with the Proceeds of Crime Act 2002 and the Money Laundering Regulations 2007. We reserve the right to approach third parties and to delay any applications until adequate verification of identity has been obtained.

7. You agree to us recording telephone calls for your security and to avoid misunderstanding.

8. Under the Data Protection Act you have a right to obtain a copy of the personal information that we hold about you. We are obliged by law to provide this information in a structured format for free within 30 days of your requesting it without charge.

9. If you believe that any information held is incorrect or incomplete, you should contact us at our usual address. Any information that is found to be incorrect or incomplete will be amended promptly.

10. Personal data will be retained no longer than is necessary for the purpose obtained for. We keep records of our business transactions with you for at least six years.

Data Protection Officer

Julia Evans-Peers

3.3 Madison, Midtown, Gibraltar, GX11 1AA

00350 20067469