Privacy policy


If you’re a customer, please read our customer privacy policy.




At Guardian Financial Services Limited (we, us, our), your privacy is important to us and we’re committed to protecting and respecting it.

This privacy notice explains how we use your personal data. It’s been drafted to address the requirements of the UK Data Protection Act 2018 and General Data Protection Regulation (EU) 2016/679 as implemented into UK law (UK GDPR) (together ‘data protection laws’).

Personal data is information about you that we may collect directly from you, your firm, your network or other sources. Your personal data will be collected by us when you use our website and during the provision of our services to you and your client(s).



It’s important that the personal data we hold about you is accurate and current. Please keep us informed if any of this personal data changes during your relationship with us.



This privacy notice explains:

    • Who we are
    • Our contact details
    • Personal data we may collect
    • Personal data we obtain from third parties
    • Why we collect and use your personal data
    • Our legal bases for processing your personal data
    • If you fail to provide personal data
    • Who we share your personal data with
    • Links to third-party websites
    • How long we’ll keep your personal data
    • Cookies and similar technologies
    • Processing Personal Data outside the UK/EU
    • Automated decision-making
    • How to access and control your personal data – Your rights
    • Your right to object
    • Your right to withdraw consent
    • Your right to make a complaint
    • Changes to our privacy notice



Guardian Financial Services Limited is an appointed representative of Scottish Friendly Assurance Society Limited which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. Registered office: Galbraith House, 16 Blythswood Square, Glasgow G2 4HJ. Registration number 110002.

Guardian Financial Services Limited is registered in England and Wales under number 11115769. Registered office: 11 Strand, London WC2N 5HR.

The contact details of our Data Protection Officer are:

Richard Garmon-Jones
Guardian, Forbury Works, 37-43 Blagrave Street, Reading, RG1 1PZ
0808 133 1821



We’ll collect information that you, your firm or your network give us as part of the process of developing and maintaining our business relationship with you. This includes:

Personal data collected from you directly
Contact information:

  • Information that helps us to contact you such as your name, firm reference number, email address and telephone number when you make enquiries or request information about our policies for your client(s). We will retain information in respect of the policies for which you request information.

Correspondence with us:

  • We may record phone conversations we have with you for monitoring and quality purposes, to check we’ve carried out your (or your clients’) instructions correctly and to resolve issues or queries.
  • If you contact us, we may keep a record of that correspondence.

Personal data that we automatically collect
When you use Protection Builder

  • Individual FCA Identification Reference Number when you register as a Financial Adviser with Protection Builder.
  • Your Firm’s FCA Reference Number when you register your firm with Protection Builder.
  • We may keep a record of any other information you provide when using Protection Builder.

Personal data we obtain from third-parties

  • We are part of an industry consortium which shares information about poor practice and dishonesty by firms for the legitimate interest of protecting the public. If another organisation in the consortium believes you have committed poor practice or dishonesty, then they may share information with us about you for this purpose. The consortium may also use information from publically available sources such as LinkedIn and Facebook to check whether you or your firm are linked to firms or Financial Advisers that are known to have a history of dishonesty or poor practice.
  • We may receive information about you from or through other organisations (such as other insurance companies, credit reference agencies, anti-money laundering and fraud prevention agencies) whether in the course of providing or receiving products and services, and from information we gather from your use of and interaction with our website and portal and the devices you use to access them.



We may use and share the personal information we hold about you for the following activities (as applicable):

a. Arranging policies for your clients, and letting you know about important changes or developments to the policies we offer.
b. Responding to your enquiries and complaints.
c. Paying you commission, where applicable.
d. Sending you marketing communications, including our offers, competitions and promotions.
e. Facilitating secure access to our online platforms such as Protection Builder.
f. Providing information about how our policies change.

And also for the following activities:
g. Updating, consolidating and improving the accuracy of our records.
h. Testing new systems and checking upgrades to existing systems.
i. Detecting, preventing and prosecuting crime.
j. Protecting the public from poor practice and dishonesty through our industry consortium.
k. Evaluating the effectiveness of marketing, and for market research and training.
l. Modelling and statistical and trend analysis with the aim of developing and improving our policies.
m. Managing your relationship with us.


We may use your data for other purposes where you give your specific permission or, in very limited circumstances, when required by law or where permitted under data protection laws.

We won’t keep your personal information for longer than necessary for the purposes set out above.



We only process personal data where we have a legal basis to do so. Please note that we may process your personal data for more than one legal ground, depending on the specific purpose for using your data.

The legal bases for our processing of your personal data are:

  • It’s necessary for compliance with a legal obligation to which we are subject (for example complying with anti-money-laundering rules, and our reporting requirements to the Financial Conduct Authority (“FCA”), Information Commissioner’s Office or other regulators).
  • It’s necessary for the purposes of our legitimate interests or those of third parties, provided these are not overridden by your rights and interests (for example, to allow us to provide our policies to your customers and to send marketing materials to you about your offers and promotions).

Any processing of data relating to criminal convictions and offences or related security measures which we may collect from other organisations in our industry consortium (as explained above) are for the substantial public interest, of preventing fraud, crime or other unlawful acts, and in accordance with appropriate safeguards.

Whenever we consider relying on legitimate interests, we consider and balance any potential impact on you (both positive and negative) and your rights. We do not process personal data where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).



Where we need to collect personal data by law, and you fail to provide that information when requested, we may not be able to provide our services to your clients or perform our contract with you.



Organisation/entity Reason for sharing

Appointed service providers

We use a number of categories of service provider. These include the organisations that provide, develop and support our telecommunications and IT infrastructure including our website and client relationship management system, and our auditors, lawyers and other professional service providers.

FCA, HMRC and other regulatory bodies and tax agencies

For the purposes of meeting our regulatory obligations and the monitoring of market abuse, including HMRC and other relevant tax agencies.

Legal or regulatory authorities

If required to make a disclosure by a court of law, other tribunal, or relevant market rules or codes of practice.

Industry Consortium

If we suspect that you or your firm have committed poor practice or dishonesty, then we may share information about this with other organisations in our industry consortium.

In the event of merger or acquisition of Guardian or our shareholders

We would be required to share information in respect of our book of business with any potential buyer of the business or the group, transferee, or merger partner or seller and their advisers so long as they agree to keep it confidential and to use it only to consider the possible transaction.

Scottish Friendly Assurance Society Limited (SFA) and other underwriters

We’ll pass on information we receive about you to SFA who provide the policies we issue.


Some entities, such as our providers, regulatory bodies, credit and fraud agencies, banks and credit card companies, our professional advisers and other organisations in our industry consortium are usually independent controllers, with their own privacy notices explaining how and why they use your data. Others are generally our processors, with whom we have written contracts incorporating essential protections for your data.



The Guardian website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Guardian website, we encourage you to read the privacy notice of every website you visit.



We will only keep your personal data for as long as we need to in order to fulfil the purposes for which it was collected, as set out in this privacy notice, and for as long as we are required to keep it by law. In order to ensure we meet our obligations, we have a designated data retention policy that relates to, but is not limited to, all physical documents, electronic versions of documents, digital voice recordings and data held in systems relating to Guardian policyholders and Financial Advisers and indicates when personal information should be disposed of. For more information on this, contact our Data Protection Officer, Richard Garmon-Jones, as noted on Page 2 of this Privacy Notice. Guardian securely disposes of personal data when it is no longer needed.



When we collect information automatically, as stated above, we and our service providers use internet server logs, cookies, tags, Software Development Kit, tracking pixels and other similar tracking technologies. We use these technologies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. As we adopt additional technologies, we may also gather information through other methods.

We also use cookies to measure the effectiveness of our marketing communications, for example they tell us if you have opened a particular marketing email.

For more information on the cookies we use, the purposes for which we use them and how you can control them please refer to our Cookies Policy here.



When we pay you commission we may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation. Those external organisations may process and store your personal information abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism.



We do not undertake any fully automated decision-making (ie without human intervention) in relation to you.



You have certain rights with respect to your information which are summarised below. Some of the rights are complex therefore, not all details are included in the summary:

  • Right to be informed: you can print a copy of this privacy notice by clicking the printer icon at the top of this page;
  • Right of access: you can ask for copies of information that we process about you;
  • Right to rectification: you can ask to have any inaccurate information we hold about you corrected;
  • Right to erasure: you can ask for the information held about you to be erased (subject to certain criteria);
  • Right to restriction of processing: you can ask us to restrict the processing of your information (under certain circumstances);
  • Right to data portability: you can, under certain circumstances, request that we transmit your personal information that you have provided to us to you or another provider of services.



You can object to your information being processed if our legal basis for processing your information is based on ‘legitimate interests’. To check whether we use your information for legitimate interests see the section ‘Why we collect and use your personal data’ above.

If you would like to exercise any of your rights mentioned above, or to obtain more information about those rights, you can do so by writing to or emailing our Data Protection Officer detailed above.



Where you have provided consent for us to process your information, you can withdraw your consent at any time. Please note: withdrawal will not affect the lawfulness of processing prior to you withdrawing your consent.

You can withdraw your consent to our use of your data by contacting our Data Protection Officer detailed above.



If you have a complaint about the way we process your personal data or think that we have not complied with your data privacy rights, this is also something we’d like to resolve with you directly if possible.

Please contact in the first instance our Data Protection Officer:

Richard Garmon-Jones
Guardian, Forbury Works, 37-43 Blagrave Street, Reading, RG1 1PZ
0808 133 1821

While we would always wish to have the opportunity to address your data privacy complaint, you also have the right to refer it to the ICO:

The Information Commissioners Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
0303 123 1113 or 01625 545 745
01625 524510



We keep our privacy notice under regular review and we’ll reflect any updates in this notice. You will be informed of changes to this policy by notification on our website. It was last updated in April 2024.