General Privacy Notice

Our Privacy Statement

Thomson Cooper is committed to protecting your personal information.

This privacy notice explains how our organisation uses the personal data (“Your Personal Data”) we collect from you while providing services to you or the organisation for whom you represent.

This document is important as it allows us to explain to you what we will do with Your Personal Data, and the various rights you have in relation to Your Personal Data.

Information about us

We are Thomson Cooper, 3 Castle Court, Carnegie Campus, Dunfermline, KY11 8PB, VAT number: GB268913814. A list of partners is available for inspection at each of our offices.

Thomson Cooper is registered with the Institute of Chartered Accountants of Scotland (ICAS) – Firm number 0538.

The firm is authorised and regulated by the Financial Conduct Authority for financial advice and consumer credit activities. FCA number 104673.

Thomson Cooper is a registered BACS bureau.

Richard Gardiner is licensed in the United Kingdom to act as an insolvency practitioner by the Institute of Chartered Accountants of Scotland.

How the law protects you and why we need to collect your information

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside Thomson Cooper. The reasons we collect and use your data are:

  • To fulfil our contract to provide services to you or the data controller
  • When you consent to it – when you agree for us to contact you to advise you of events, or products and services from us or other organisations.
  • When we have a legal duty – to obey laws and regulations that apply to us.
  • When it is in the legitimate interest of the firm or of a third party – to run our business in an efficient and proper way.

We will only ever collect and use your personal information for the purposes we have agreed with you in our terms of business or otherwise with your explicit consent. We will do this in a fair and lawful manner.

What do we mean by “Your Personal Data”?

Information we may collect includes:

  • Contact details – names, addresses, phone numbers, email addresses
  • Financial details – employment details, bank details, national insurance number
  • Personal details – date of birth
  • Data classified as ‘sensitive’ personal information e.g. relating to your health, marital or civil partnership status. This information will only be collected and used where it is needed to provide the product or service you have requested or to comply with our legal obligations
  • Open data and public records
  • Documentary data and visual images/personal appearance – passport, driving licence
  • Information on children e.g. where a child is named as a beneficiary for Inheritance Tax planning or on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender)
  • Information about connected individuals such as Powers of Attorney or Guardians
  • Information that is automatically collected e.g. via cookies when you visit one of our websites

If you apply for a job vacancy with Thomson Cooper we also collect personal data, as required.  The information we may collect includes information from the above section as well as:

  • Your name, address, contact details, including email address and telephone number, date of birth and gender / preferred title
  • Details of your qualifications, skill, professional memberships, experience and employment history
  • Information about your remuneration.

If you apply for a position at Thomson Cooper via a Recruitment Agency, you should refer to their Privacy Policy.

How do we collect Your Personal Data?

Information may be obtained from you face to face, through e-mail or telephone calls, from data controllers, from public information sources such as Companies House, or completion of online documentation.

As the information is required to enable us to provide our services, if you opt not to provide it, we may not be able to continue to provide services to you.

We also collect information when you voluntarily complete customer surveys or provide feedback.

We may also obtain some information from third parties, for example, credit checks, information from your employer, and searches of information in the public domain such as the voters roll. If we use technology solutions to assist in the collection of Your Personal Data, for example software that can verify your credit status, we will only do this if we have consent from you for us or our nominated processor to access your information in this manner.

With regards to electronic ID checks, we would not require your consent but will inform you of how such software operates and the purpose for which it is used.

How do we look after Your Personal Data?

We take appropriate technical and organisational measures to ensure that your information is secure.

We train our employees who handle personal data to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary.

Our Compliance Officer has the responsibility to ensure that our management of personal data is in accordance with this Privacy Notice and the applicable legislation. Once we have received your information, we will use strict procedures and security features to minimise the risk of unauthorised access.

We limit the amount of personal data collected to what is required to fulfil our obligations to you.

We will keep your personal information while you are a client or as long as required to meet our legal or regulatory obligations. We may keep it longer if we cannot delete it for legal, regulatory or technical reasons.

With your assistance, we try to maintain the accuracy of your personal data.

Where we store or transfer Your Personal Data

The majority of your information is processed in the UK.  However, as part of the services offered to you, some of your information may be transferred to countries outside the UK.

Where your information is being processed outside of the UK we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. We will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.

How will we use Your Personal Data?

We will collect and use your information only where:

  • It is necessary to provide the service or product you have requested i.e. to fulfil the Terms of our Engagement with you.
  • We have obtained permission from yourself (consent) e.g. when you agree for us to contact you to advise you of events, or general communication including blogs and industry insights, or to pass on your personal information to our group of companies so that they may offer you their products and services or from the data controller for meeting our contracted requirement with them e.g., payroll services, HR services and whistleblowing services.
  • It’s necessary for us to meet our legal or regulatory obligations – to obey laws and regulations that apply to us. This includes collecting data to confirm your identity and carry out checks for anti-money laundering and “know your client” purposes.

There may be situations where the information we require is a special category of personal data under the legislation. In this case we will explain why we need it and obtain your consent to obtain the data. This situation most commonly occurs where we are arranging life assurance products and need to obtain medical information from you.

We may share your data with these organisations but only for the reasons outlined in “How the law protects you”:

  • Companies we, or you, have chosen to support us in the delivery of products and services we offer.
  • Our Regulators and Supervisory Authorities
  • HMRC
  • Law enforcement for the prevention and detection of crime

We periodically check that these third parties have appropriate safeguards in place to protect your data and that they are compliant with Data Protection Regulations.

Your rights in relation to Your Personal Data

You can:

  • Request copies of Your Personal Data that is under our control.
  • Ask us to further explain how we use Your Personal Data.
  • Ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request).
  • Ask us to send an electronic copy of Your Personal Data to another organisation should you wish.
  • Change the basis of any consent you may have provided to enable us to market to you in the future (including withdrawing any consent in its entirety).

This is a brief summary of your rights and there may be restrictions on some of them. If you wish to explore any of these rights at any time, please contact us and we will be pleased to assist you.

Website visits

We may collect information about your visits to our websites such as IP address, location, browser type, referral source, length of visit and number of page views. This information may be used to improve our websites’ usability and for marketing purposes. Personal data submitted on our websites could be used for the purposes specified in this privacy policy or in any relevant parts of the website.

Our website includes further privacy and cookie information .

Withdrawal of consent

Where we hold data based on consent, you have the right to withdraw consent at any time.  To withdraw consent to our processing of your personal data please contact us.

How to make contact with our Firm in relation to the use of Your Personal Data

If you have any questions or comments about this notice, or wish to make contact in order to exercise any of your rights, please contact our Compliance Officer, Mark Mitchell at Thomson Cooper or telephone 01383 628800 or email

If we feel we have a legal right not to deal with your request, or to action, it in a different way to how you have requested; we will inform you of this at the time.

You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own regulatory obligations.

If you have any concerns or complaints as to how we have handled Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.