Client Portal
Logo
Client Portal

PRIVACY POLICY

Privacy Notice

This privacy notice explains how James Murray Associates Ltd use any personal information we collect about you.

What information do we collect about you?

We collect information about you when you engage us for financial advice. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health if this is necessary for the provision of our services.

We may also collect information when you voluntarily complete client surveys or provide feedback to us.

Information relating to usage of our website is collected using cookies. These are text files placed on your computer to collect standard internet log information and visitor behaviour information. We’ll use your information collected from the website to personalise your repeat visits to the site.

Information about connected individuals

We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We’ll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.

Why do we need to collect and use your personal data?

We must have a lawful basis to process your personal data. Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

We have a contractual obligation

This is the primary legal basis that we intend to use for processing your data. The personal information that we collect about you is essential for us to be able to effectively carry out the services that we have agreed to deliver to you.

We have a legal obligation

Sometimes, collecting personal data is needed to meet our legal and regulatory obligations. For example, UK anti money laundering legislation may require us to collect personal information to verify your identity.

We will obtain your consent

Special category data, such as that relating to health matters, is often required to provide our services. When this is required, we’ll obtain your explicit consent to collect and process this information.

From time to time, we may wish to contact you to offer additional products or services which may be of interest to you. To do this, we will obtain your consent.

You may withdraw your consent at any time by notifying us at our main business address.

We have a legitimate interest

We rely on legitimate interest to retain relevant data for the purposes of assessing the appropriateness of our services, defending future complaints and meeting our Professional Indemnity Insurer’s expectations.

How will we use the information about you?

We collect information about you in order to be compliant with our regulatory requirements and to provide you with the services for which you engage us.

Who might we share your information with?

If you agree, we may email you about other products or services that we think may be of interest to you.

  • We won’t share your information with any organisation outside the scope of our contractual obligations to you.
  • In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you. This also includes regulators and authorities such as the FCA, HMRC and the Financial Ombudsman Service.
  • Where third parties are involved in processing your data, we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.
  • Where it’s necessary for your personal data to be forwarded to a third party, we’ll use appropriate security measures to protect your personal data in transit. This will include encryption of data using password protection and authentication of the third party.
  • To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
  • We never sell your personal information to anyone.

Use of Artificial Intelligence (AI) and associated tools for the processing of your personal information

We may use AI tools to help us review information more efficiently and to provide you with faster, more accurate services. The AI does not make decisions about you on its own — a human individual at JMA always checks the output of any AI tool.

AI tools may be used for:

  • Helping draft or summarise internal documents (e.g., meeting notes)
  • Identify patterns or errors in data
  • Enhance compliance monitoring
  • Support risk assessments or vulnerability detection (non-decision-making)
  • We do not use any systems for making automated decisions. All outputs and decisions made by AI are subject to human review and approval before being used or relied on.

Data sharing and storage

  • Where AI tools are used, only the minimum necessary personal information is processed. Your personal information is protected and will not be used improve AI products used by us.

How long do we keep hold of your information?

  • We keep the personal information we need to provide our services to you, and we take reasonable steps to make sure it stays accurate and up to date. Some information must be kept minimum periods set by our regulator, the Financial Conduct Authority (FCA).
  • We also have to keep Identity-verification documents (required under UK anti-money-laundering rules) for at least 5 years after our relationship with you ends, and for up to 10 years if we still have an ongoing relationship.
  • Because these are legal requirements, we cannot delete your information before these time periods have passed.
  • We may keep your personal information for longer if we believe have a legitimate business reason to do so.
  • You can ask us to delete your personal information. We will do so unless we are required to keep it for legal or legitimate business reasons.
  • If you would like more information about how long we keep your personal information or how we decide this, please contact us.

How can I access the information you hold about me?

You have several rights under data protection law. This helps you understand and control how your personal information is used. These are:

  • Right to be informed – You can ask us to explain how we collect, use, share, and store your personal information.
  • Right of access – You can request a copy of the personal information we hold about you, along with details of how we use it.
  • Right to rectification – If you think any of your information is wrong or incomplete, you can ask us to correct or update it.
  • Right to erasure – In some situations, you can ask us to delete your personal information.
  • Right to restrict processing – You can ask us to limit how we use your information in certain circumstances.
  • Right to object – You can object to us using your personal information, for example for direct marketing.
  • Right to data portability – You can ask us to send your personal information to you, or directly to another organisation, in a structured, commonly used electronic format.
  • Rights related to automated decision-making and profiling – If a decision about you is made without human involvement, you can challenge it and ask for someone to review it.

We will respond to any request you make about your data protection rights within one month. To make a request, please contact us using the contact details at the top of this privacy notice.

Marketing

We’d like to send you information about our products and services which may be of interest to you. If you’ve agreed to receive marketing information, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please contact us by email on advice@jmurray.co.uk or post to the address below.

Cookies

We use cookies to track visitor use of the website and to compile statistical reports on website activity.

For further information visit www.allaboutcookies.org and on our own website www.jmurray.co.uk/cookies.

You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

What can you do if you are unhappy with how your personal data is processed?

You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113 (local rate)

Changes to our privacy policy

We keep our privacy policy under regular review, and we’ll inform you of any changes when they occur. This privacy policy was last updated on 16 April 2026.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you by email at advice@jmurray.co.uk.

Or write to us at:
James Murray Associates Ltd
7a The Broadway
Cheam, Surrey
SM3 8BH