Privacy Policy

How we use and protect your personal data

This Privacy Policy (Notice) describes your rights, the information or “Personal Data” we would usually collect and use and how we would protect it.

Who we are

Anderson Strathern Asset Management Limited (‘ASAM’) is committed to protecting and respecting your privacy.  ASAM is a limited company (with company number SC376947) registered at 58 Morrison Street, Edinburgh, EH3 8BP. Any reference to ‘us’, ‘our’ or ‘we’ in this Privacy Policy is a reference to ASAM.  Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Policy is a reference to any of our past, prospective or current membership, employee, government, agency, partner, media or other public or industry contacts. Collectively “data subjects”.

Our business

We collect information about you when you engage us for financial planning and investment management services. This information will relate to your personal and financial circumstances including but not limited to:

  • Information about you e.g. name, date of birth and contact details
  • Information connected with correspondence with us e.g. emails, meeting notes and phone calls
  • Information about you and your family’s financial affairs
  • Information relating to a service or product e.g. bank details
  • Information provided by you about another individual
  • Information regarded as “special category data” such as health. This will only be collected if necessary for the provision of our services.

Why we need to collect your information

The information that we collect about you is required to enable to carry out the services that you require from us. Without collecting your personal data, we would be unable to fulfil certain legal, regulatory and contractual obligations. Where special category data (e.g. details about your health) is required we will obtain this directly from you explaining why it is necessary for us to obtain that information.

We will only ever collect and use your personal information for the purposes we have agreed with you in our terms of business or otherwise with your explicit consent. We will do this in a fair and lawful manner.

How we collect your personal information

We may collect personal information directly from you, using methods such as:

  • Information Forms and contact forms on our website
  • Completion of fact finds and similar activities
  • Our records of meetings/letters/emails/telephone conversations
  • Provision of information to us by you via third-party methods, such as secure messaging
  • Provision of information to us by you in paper or electronic forms (such as bank statements)
  • We will also obtain information about you from some of the third parties we share or obtain data with (such as providers of financial products or platform hosts) but will only do this where it is necessary to provide services to you or to comply with legislation.

How we use your personal information

We will only ever collect and use your personal information for the purposes we have agreed with you in our terms of business or otherwise with your explicit consent. We will do this in a fair and lawful manner.

What personal information are we collecting and using?

Personal Data

Examples of the personal data we may require to enable us to undertake our business of providing you with financial services are:

  • Your personal information (for example, your name and date of birth)
  • Contact details (for example, your postal address, phone number, email address or mobile number)
  • Customer relationship data (for example, notes of calls or requests you may have made or attendance at an event or webinar)
  • Financial information (for example, bank account numbers, existing financial products, debts, liabilities, assets)
  • Economic crime related information (e.g. financial crime and fraud information)
  • Education and employment information
  • Visual images and personal appearance (such as copies of passports or CCTV images)
  • Information about your family, lifestyle and social circumstances (such as dependants, marital status, next of kin and contact details)
  • Information about connected individuals, such as Powers of Attorney or Guardians

Sensitive Data

On occasion the following special category (sensitive) personal data may be obtained: physical or mental health details, political opinion, racial or ethnic origin and religious beliefs. We will only obtain and process this information with your consent (permission) or in situations where it is in the wider public interest.

Connected Third Parties

If you choose to provide us with any personal data relating to a third party (for example, information relating to your spouse, children, parents, and/or employees) or ask us to share their personal data with third parties by submitting such information to us, you confirm that they understand the information in this notice about how we will use their personal data.

Monitoring of Communications

As a matter of course, ASAM may record and monitor the use of company communications equipment by its employees and other staff. This means that when you speak with your financial planner (or another member of our staff) by an electronic device, including mobile phones and internet video-calling software (such as Microsoft Teams) your calls may be recorded and/or monitored. This is a regulatory requirement from the Financial Conduct Authority to protect you, your financial planner and ASAM. The content of email communications will be automatically scanned by various risk-mitigation software.


We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:

  • To confirm your identity and carry out background checks for anti-money laundering and ‘know your client’ purposes
  • Any use of your personal information by such agencies will be subject to those agencies’ own privacy policies and terms of use, unless they are acting only on our behalf when processing your personal information
  • To fulfil our obligations under any reporting agreement entered with any tax authority or revenue service(s) from time to time as is necessary for compliance with our legal obligations
  • In order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities
  • To meet our other compliance and regulatory obligations, including in order to comply with any requirement of regulation, regulatory rule and good practice, originating from the UK or any other applicable authority.

When you visit our website

We use cookies to track visitor use of our website and to compile statistical reports on website activity. Cookies are text files stored on your computer or mobile device to monitor user behaviour and improve user experience.

The ICO guidance is that we may store ‘Essential’ cookies on your device. These are cookies which are strictly necessary for the operation of this site, such as privacy elections. They are core to the functionality of our website, and their use can only be disabled through changing the settings on your web browser.

To store any other types of cookies we need your consent.

You can change or withdraw your consent by clicking here.

Our website may contain contains links to other websites. This privacy policy only applies to our own website, so when you link to other websites you should read their own privacy policies.

Cookies set by this website

To control which cookies are set, click Settings.

We have listed the various cookies that we use, including their technical specifications, below. Should you wish for further explanation of their specific purpose(s), then please contact this office.


“Essential” cookies let you move around the website and are a core element of our website functionality. These cookies don’t gather any information about you that could be used for marketing or remembering where you’ve been on the internet.

Technical Data

Name Description
wordpress_test_cookie This cookie is used by WordPress to check if cookies are enabled on the browser.
privacy_cookie_status This cookie is set to record the fact that a User has opted to enable cookies.

Google Analytics

We use the service ‘Google Analytics’ to monitor usage of the website, which anonymously collects data of how the site is used.This information is used to monitor and manage our website, to optimise the layout and functionality, and identify where improvements could be made in the ‘flow’ of pages.

We capture User Acquisition Data (i.e. how people are arriving at our website – through search engines, direct links, adverts, social media, marketing emails etc) and User Behaviour Data (i.e. how people are using our website, time taken on each page, engagement with graphics, videos, links etc).

Please note that we do NOT identify individual visitors (either by name or IP address). All information is anonymous.

Technical Data

Name Description Expiration
__utma This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. 2 years from set/update.
__utmb This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method. 30 minutes from set/update.
__utmc This cookie is no longer used by the ga.js tracking code to determine session status.

Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session.

Not set.
__utmz This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site. 6 months from set/update.
__utm* Any cookies with this prefix are related to Google Analytics 6 months from set/update.
_gid, _ga* Any cookies with this prefix are related to Google Universal Analytics. This cookie assigns a client identifier by generating a random number to distinguish unique users. It is used to calculate visitor, session and campaign data and is included in each page request on a site. 2 years from set/update.


When you visit our offices

If you visit our offices or premises, your image may be recorded and stored on as part of our security systems.

Where we store or transfer your personal data

We make provisions and take assurances from our data storage providers that all data is stored within the United Kingdom. Some may be stored ‘on site’ within the electronic storage facilities of Anderson Strathern Group, whilst some may be stored within ‘cloud based’ storage provided by our main client relationship software provider and hosted for them and us by Amazon Web Services.

Data held by AWS is physically ringfenced from other data, with robust physical and software controls in place to protect it. We, along with our CRM providers, conduct periodic due diligence on these data storage providers.

Security of your personal data

We always take appropriate technical and organisational measures to ensure that your information is secure. We train our employees who handle personal data to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. Our Compliance Officer has the responsibility to ensure that our management of personal data is in accordance with this Privacy Notice and the applicable legislation. Once we have received your information, we will use strict procedures and security features to minimise the risk of unauthorised access.

Data Controller and Data Processor

Data Controller

The Data Controller holds responsibility for protecting your rights and privacy in relation to your personal data. Simply put, the Data Controller owns and controls the procedures and purpose of data usage. ASAM is the data controller for your data.

Data Processor

The Data Processor processes the data, does not own it, and is chosen by the Data Controller. The Data Controller retains all responsibility and liability for the processing of your data.

What should you do if your personal information changes?

You should tell us without delay so that we can update our records.

How long we keep your information

We will retain the personal data which is necessary to provide services to you. We will take all reasonable steps to keep your personal data up to date throughout our relationship.

We are also subject to regulatory requirements to retain your data for specified minimum periods after our relationship with you has ended. These are, generally:

  • Five years for investment business
  • Indefinitely for pension transfers and opt-outs
  • Three years for insurance business

These are minimum periods, during which we have a legal obligation to retain your records.

We reserve the right to retain data for longer where we believe it’s in our legitimate interests to do so.

Your rights under the Data Protection laws

You have certain rights in relation to the data we hold about you. These include the following rights to:

  • Request a copy of the personal data we hold about you
  • Request that we supply you (or a nominated third party) with a copy of the personal data that you provided to us
  • Inform us of a correction to your personal data
  • Exercise your right to restrict our use of your personal data
  • Exercise your right to erase your personal data
  • Object to the ways in which we are using your personal data.

If you would like a copy of some or all of your personal information, please email or write to us using the contact details noted below.

Withdrawal of consent

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. Because of the nature of our business and the services being provided, it is likely that any withdrawal of consent will result in ASAM being unable to provide any further services to you or connected parties.

How to contact us

Our compliance officer holds overall responsibility for data protection within ASAM. Their contact details are:

What if I have a complaint?

If you have a concern about any aspect of our privacy practices, in the first instance, please contact us via one of the methods set out above. If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO).

Its details are: – which has contact forms and online chat facilities, or telephone 0303 123 1113.

Changes to our Privacy Policy/Notice

Any changes we may make to the Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check this page frequently to see any updates or changes to this Privacy Notice.

Our details

Anderson Strathern Asset Management Limited (ASAM) is a limited company registered in Scotland under company number SC376947 and we operate from our registered address (8 Morrison Street, Edinburgh, EH3 8BP).

We are authorised and regulated by the Financial Conduct Authority (FCA), 12, Endeavour Square, Stratford, London E20 1JN Our firm reference number is 552925.

We are ultimately owned by Anderson Strathern LLP, a limited liability partnership registered in Scotland under number SO301485, operating from 8 Morrison Street, Edinburgh, EH3 8BP.

We're here to help