GDPR Customer/Partner Privacy Policy

1.  Why are we updating our Privacy Policy?

The General Data Protection Regulation (GDPR) came into force on Friday the 25th May 2018, so in line with the change in European Law, our Privacy Policy was improved and updated. This new policy explains how we collect, handle and store your Personal Information – hopefully in a way that makes sense to you.

The GDPR has been introduced across Europe to offer greater protection for consumers and it is a detailed enhancement to the previous Data Protection Act 1988 which has become widely ineffective, with companies across Europe frequently breaching the spirit of the Act and the Personal Information it was designed to protect. Even after the UK leaves the European Union - we still expect the GDPR to be effective in the United Kingdom.

GDPR focuses on improving an individual’s rights of privacy. Our new policy helps you to identify key points about the Personal Information we collect from you, why and how it is collected and where it is stored securely.

We have always taken this seriously and we view GDPR as an important improvement that will sharpen up slack processes across the data landscape. The relationship we have with Personal Information is within a business to business (B2B) and business to consumer (B2C) framework. We do not ordinarily collect any Personal Information from persons under the age of 18 years.

2.  What is Personal Information?

Personal Information is any information that in anyway describes your personal circumstances e.g. your name, your address, your mobile or home phone numbers and so forth. It may also include any employment information or personal attributes such as your sex, cultural or social identity.

However, in relation to the context in which we use Personal Information, we generally only collect and store data from businesses or their direct members of staff or consumers, and such Personal Information may include:

1.  Title, name, contact details, work or home address – data that helps us identify the business/consumer client relationship.

2.  Employment data that relates directly to our staff e.g. PAYE data, employment contracts, employment history, educational qualifications, previous employment details.

3.  Bank Account details of our clients, accounts & invoice data, VAT tax data, company credit references.

4.  Email addresses that may be subscribed to an email marketing campaign list.

5.  Personal Information used to access certain online services for which we have a genuine need to use e.g. a Credit Reference Agency or a Merchant Account facility to establish transactional payment data.

3.  Rationale: The need to deal with your Personal Information?

When you initially interact with Trusted Xperts Limited in relation to any of the commercial services we offer – we will request you complete a secure online form on our website in the first instance. Alternatively you may call us direct and we would complete a Customer Relationship Management (CRM) record to store your contact information and articulate your reasons for contacting us. We record calls and store the data securely, although where applicable credit card information is not recorded as part of our PCI DSS compliance.

Please note - we are not authorised to give advice to you. We may take other information in the course of our respective commercial discussions. Equally if it is in relation to employment within our company – we will request more detailed information from an individual and that might for example include copies of training certificates or degrees issued by a university and so forth. We believe such Personal Information would be essential in order to enter a contract whether that be as a client of Trusted Xperts Limited or as an employee or Director.

In order to perform the contractual agreement – we would have a right to use your Personal Information. At the end of any contract period, we would retain the right to use your Personal Information, providing it is in our legitimate business interest to do so and of course that your rights are not affected in any way. The reason why we might need to use your Personal Information in this way is to make contact with you in relation to the service provision, or to secure specific information from you, to ensure you have received good customer service, or to seek your feedback in relation to our service or to respond to your complaint.

We might also capture your Personal Information electronically through our website’s main 'Contact Page Form' or a Trusted Xperts Partner's profile page contact form. Our webforms are protected by 256 bit TLS encryption – providing excellent digital protection to any Personal Information sent to us via our website. This would be Personal Information you choose to send us.However, we should point out that despite our best efforts to protect all data transmitted over the internet - we cannot guarantee it is secure.

We might also need to use your Personal Information in order to comply with the Law e.g. a Court Order has been issued to allow the Police to examine our digital and or paper records including any email.

4.  What are the Legal Grounds for processing your Personal Information?

We use the following legal bases under European Data Protection rules for processing your Personal Information:

1.  The performance of, or entry into, a contract. The Personal Information that we are required to collect in order to comply with our professional obligations which must be provided to us, so we can perform the contract. Clearly we would not be able to act for you without such Personal Information.

2.  Compliance with a legal obligation to which we are subject e.g. a Court Order.

3.  We have a legitimate interest in doing so as a FCA regulated Introducer Authorised Represenative company. Such a legitimate interest will include the way we manage the commercial relationship with our clients, build digital CRM records associated with new or existing customer interactions whether by email, web forms or direct telephone calls, administering visits to our offices and ascertaining the achievement of proper standards and client management, practices or procedures.

4.  We do not ordinarily handle or use ‘Special Category’ Personal Information in the normal context of what we do. However, where there is a commercial need to do so, and we have your express permission, we would take the appropriate responsibility to be compliant, but accept that such consent may be withdrawn at any time. We should point out that we are not authorised to give advice in relation to such matters.

5.  How do we collect Your Personal Data?

In most cases your Personal Information will be given to us by you, although we might collect and record your Personal Information from a variety of sources e.g. by taking your business card on display at a tradeshow or being given a business card as a result of talking with you at an event. However, it is often the case you will give us your Personal Information via our website or by directly calling us on our telephone number to determine your needs. We would as a result of such interactions connect you with one of our qualified and regulated Trusted Xperts Partners e.g. a Financial Adviser from Openwork, or an Accountant or Law Firm. You might provide your Personal Information to us verbally, in writing (includes via electronic webforms) and email.

Additionally, there may be certain occasions where your Personal Information is given to us by your employer in connection with our and their legitimate interest to conduct business. We may also secure your Personal Information from verified and trusted sources where we have paid subscription services and have a legitimate interest to connect with you e.g. you have visited our website from your commercial premises and our technology determines your businesses identity, and we can select your Personal Information from a list of employees or Directors at that business. Our commercial partner that offers this type of facility to us as an approved Platinum Partner is Lead Forensics – a business intelligence platform. We may also use online credit check/score platforms to assist us in identifying business credentials or identify the owners or Directors. We will only process such information where you have expressed your consent or we have consent from our commercial processing partners who are compliant with the GDPR.

Sometimes we will receive a referral from one of our Trusted Xperts Partners i.e. a Financial Adviser from Openwork or an Accountant or Law Firm around the UK. In such circumstances you will have indicated a need whilst in discussion with that Partner that you might need professional advice in another area of your personal or commercial business. The Trusted Xperts Partner will have told you that they can refer you through the Trusted Xperts website to another Trusted Xperts Partner in the same locality or somewhere else in the UK. They will have asked for your explicit consent to share your Personal Information and they will have indicated that the referral will only be done through the secure website and that they may as an approved Trusted Xperts Partner - receive a commission payment for such a referral (normally only due where a financial product has been provided and signed as a result of financial advice). Your consent in this situation will mean that the Trusted Xperts Partner will complete a secure online form with your Personal Information, within his/her Partner secure zone on our website. Once we receive this data, we will then share it with the appropriate Trusted Xperts Partner who will make contact with you.

6.  What systems do we use?

Our closely integrated web development partner is Dezines Internet Solutions Limited who are an official Adobe UK Business Catalyst Partner. Our commercial relationship with Dezines affords us access to their global and highly secure server infrastructure – datacenters on which we position our website and ecommerce developments. The European Datacenter is positioned in Dublin, Republic of Ireland, and is compliant with European rules and is part of the Amazon Web Services (AWS) framework. It is a secure facility and only engineers with a legitimate need to be on site are granted access. Adobe’s server engineers around the world have significant expertise in preventing, detecting and effectively combating Direct Denial of Service (DDoS) attacks from organized criminals or rogue states. To date none of our website developments have ever been hacked, and in part this is because we trust the partnership we have with Dezines who only position with very trusted technical partners. Additionally, we always set strong password and security protocols for our digital infrastructure on a 'need to know' basis.

Our PaaS website technology is Level 1 PCI DSS 2.0 Compliant (PCI DSS = Payment Card Industry Data Security Standards). As such our technology does not store full details of credit card transactions, but it will capture the Personal Information of a user e.g. name, address, billing address, the transaction reference authorization number and any other unique identifiers that can be linked to a specific transactional process. Depending on the Payment Gateway .. will determine where that information is shared and in what country.

Our fully integrated Platform as a Service (PaaS) website technology is a secure system that includes multiple software provisions – including a dedicated email marketing system and Customer Relationship Management (CRM) system. Both of these facilities will store all of our electronic Personal Information within our server inside an Adobe datacenter – in effect ‘in the cloud’. All of our website developments have a 256 bit encryption TSL Certificate that in effect wraps around the website and protects the transmission of any Personal Information from a user’s computer/tablet/mobile device to the Adobe datacenter. Equally, when we use our website’s integrated platform to upload or manage Personal Information within the CRM system, we have secure https:// protection in place to protect Personal Information transmissions.

Our electronic mail systems (email) are also secured by 256 bit encryption. However, whilst our system is secure and we use McAfee Total Protection across our digital computer/tablet/mobile assets, it does not mean you have sufficient security in place at your end. We highly recommend our clients to upgrade their systems on a regular basis to combat the effects of cyber security. We are always happy to provide advise on this important area and often will release information on our website that you might find helpful. Furthermore we use McAfee Total Protection anti-virus and intrusion software across our digital estate. This software provides us with firewall protection and screening for viruses and trojans which can disrupt and steal Personal Information.

Furthermore, our commercial premises have high security perimeter fencing and electric gates, access control systems, intruder detection, fire detection and CCTV all of which is monitored 24/7/365 by ADT Fire & Security plc. This means our offices are protected in ways that most companies are not. We take security extremely seriously and will continue to do so in the future. Where we have Personal Information stored on paper records - then those records will be locked in secure cabinets within our commercial premises, and are only accessed by staff on a need to know basis. When files are not in use – they are returned to prevent any potential leak of Personal Information.

7.  What happens to Your Personal Information when it is disclosed to us?

In the course of handling Your Personal Information we will:

1.  Record and store Your Personal Information in our paper files, and electronically on our local computer systems and on the Cloud within our PaaS (Platform as a Service) website technology. This information can only be accessed by employees within our company and only when it is necessary to provide our service to you, and to perform any project tasks associated with or incidental to our core service provision.

2.  Submit your Personal Information (normally your name and email address) to our email marketing list positioned within our secure email marketing system on our PaaS website technology within the European Datacenter. This is essential in order for us to communicate with you and offer updates about our work or provide incentives to customers and special offers. You have to opt in to our Newsletters lists and verify your subscription (often called a 'double opt-in') and you can always unsubscribe from our Newsletters at any time. We will never force opt you into one of our newsletters.

3.  Use Your Personal Information for the purpose of communicating with you in relation to general administration or any ongoing service discussions or initial exploratory discussions, or any other reason that has a legitimate interest.

8.  Do we Share Your Personal Information?

Ordinarily we do not share your Personal Information with third party organisations other than as mentioned in Section 4 above. From time to time however, it may be necessary to share your Personal Information in the following ways:

1.  Transactional Personal Information as a result of making a payment on our website. Such payment information will be shared between our server and CRM system, a Merchant Account (the authorizing bank) and the Payment Gateway provider e.g. Sage Pay.

2.  To verify your authority to make a payment using a credit or debit card e.g. services such as 3D Secure, Visa Verify or Mastercard SecureCode.

3.  To refer you to one of our Trusted Xperts Partners in order for you to get advice e.g. a Financial Adviser, Accountant or Law Firm in connection with the professional services you require.

4.  We may have a legitimate interest to provide your Personal Information to Openwork Limited, because Trusted Xperts Limited are an Introducer Appointed Representative. In such circumstances, your Personal Information would be required to provide you with a financial product. Where a policy is created having taken professional advice from an Openwork Financial Adviser - your Personal Information would also be shared with the insurance brand in order to provide the policy e.g. Aviva, Key Retirement, L&G, LV, VitalityLife, Zurich. Similarily, where you have requested a mortgage or commercial finance, then your personal Information would have to be shared with the lending broker or mortgage lender accordingly.

In each case, your Personal Information will only be shared for the purposes set out in this GDPR Customer Privacy policy i.e. to progress your need for professional advice or financial services and or to provide you with our professional services or assistance and where we believe we have a legitimate interest, whilst respecting your rights.

We should point out that where we might share your Personal Information, it does not entitle third party organisations to send you marketing or promotional messages via email, text or telephone. It is shared to ensure we can adequately meet our responsibilities and your commercial expectations, and or as otherwise set out in this policy.

For UK or EEA only clients, your Personal Information will not be transferred outside of the European Economic Area. Your Personal Information will only be stored securely within our commercial premises or within the secure Adobe European datacenter in Dublin as previously mentioned.

9.  What about the Security of your Personal Information?

Your privacy is important to us and we will keep Your Personal Information secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Information against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us. Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or in instances whereby we have legal right to such information we will retain records indefinitely.

10.  What are your rights in relation to your Personal Information?

We are always willing to help you understand your rights. You can:

1.  Request copies of Your Personal Information that is under our control.

2.  Ask us to explain how we use your Personal Information.

3.  Ask us to correct, delete or request us to restrict or stop using your Personal Information (the extent to which we could provide such assistance would be clarified at the time).

4.  Request we send an electronic copy of your Personal Information to another organisation should you wish.

5.  Change the basis of any consent you may have provided, to enable us to market to you in the future (including withdrawing any consent in its entirety).

How can you make contact with us in relation to the use of your Personal Information?

If you have any questions or comments about this policy, or if you wish to make contact with us in order to exercise any of your rights set out within our policy, please contact:

The Data Protection Officer, K Ballard, Trusted Xperts Limited, 4 Factory Road, Newport, Gwent, NP20 5FA. Telephone: 0333 444 5 800. We are registered with the Data Protection Registrar.

If we believe we have a legal right not to deal with your request, or you cannot verify your identity through reasonable means prior to us taking action or if in order to take action, we need to do this in different way to how you have requested, we will inform you at the time. Please take note that we have a duty to protect Personal Information and if we are not satisfied of your identity – it may cause delays to any reasonable request.

If you become aware of any unauthorised disclosure of your Personal Information and you think that it has something to do with Trusted Xperts Limited, you must please let us know of the cyber security risks you are facing as soon as possible so we may take action and mitigate the impact to you or our systems. This is also important so that we can fulfil our regulatory duties where a data breach may have occurred.

If you have any concerns or complaints as to how we have handled your Personal Information you may lodge a complaint with the UK's Data Protection regulator – at the Information Commissioners Office (ICO), who can be contacted through their website at or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Privacy Policy update: 19-Aug-2020 12:02 PM

View Services ...

why choose Trusted Xperts?

Through one powerful and secure web portal, Trusted Xperts makes it easy for you to connect with selected Trusted Xperts Partner Financial Advisers, Accountants and Law Firms in your local area.

Trusted Xperts Partners across the UK meet our high standards and have passed our diligence checks, and in our professional opinion, represent some of the very best British firms, that can offer you high levels of customer service excellence and professional advice, matched by great products and services, at prices that are fair and transparent. That's our promise.

contact us

Please complete the secure general enquiry form below to get in touch. If you prefer please use our SECURE Contact page where you can opt in to our marketing newsletter. The internet is not a secure medium and the privacy of your data cannot be guaranteed. We do however take every care to ensure your data is protected by 256 bit TSL encryption. Our website and platform are GDPR compliant. Please view our Privacy Policy to learn how we handle your Personal Data.

If your enquiry is a general enquiry - you will be contacted by a member of the Trusted Xperts team. If you submit a Trusted Xperts Partner profile contact form - you will be contacted by them.


  Call Us Now

0333 444 5 800

 Address Location

4 Factory Road, Newport, NP20 5FA, Wales.
View Map

Connect with us