Privacy and data

Regulation and compliance

We are fully regulated by the FCA and take responsibility for our advice

Wealth Wizards Benefits Limited is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641. Registered Address: Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.

Our registered address is:

Wealth Wizards Benefits Limited
Wizards House
8 Athena Court
Tachbrook Park
Leamington Spa
CV34 6RT

Complaints

If you’re unhappy with the experience you have with Wealth Wizards Benefits Limited we’d like to put it right for you. Please let us know if you want to make a complaint by writing to us or dropping us an email.

If you’re still unhappy with the outcome of your complaint, you have the right to contact the Financial Ombudsman Service (FOS). The FOS is a statutory body established to provide consumers with a free, independent service for resolving disputes with financial firms. Their decisions are binding on us. You can visit the FOS website for further information.

Compensation

You may be entitled to compensation from the Financial Services Compensation Scheme if we cannot meet our obligations. This depends on the type of business and the circumstances of the claim. Further information is available from the FSCS.

Terms of use

This website is provided by Wealth Wizards Benefits Limited which is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641, and registered in England & Wales Company No 06030782. Wealth Wizards® and MyEva® are registered as a trading styles of Wealth Wizards Benefits Limited with the Financial Conduct Authority.

These terms should be read carefully. Access to this website is on the basis that you agree to these terms.

Our services are intended for customers in the United Kingdom. Services featured on the website do not amount to an invitation to customers outside the United Kingdom.

The website and these terms are governed by the law of England and Wales.

We try to ensure that our website is available for access 24 hours a day, 7 days a week. However it may, on occasions be necessary to close or suspend provision of any of the services on the website for the purposes of repair, maintenance or development. Access to the website or operation of any of the services may be interrupted by circumstances beyond our control.

Wealth Wizards Benefits Limited takes care to ensure that the contents of this website are as clear, accurate and as easy to use as possible, but cannot accept responsibility (to the extent permitted by law) for any interruption or delay in access to the website or for any inaccuracies, incompleteness of information, errors or omissions in respect of information on our website or on any to which our website may be linked. The information is subject to change at any time without notice and Wealth Wizards Benefits Limited does not warrant that any of the services mentioned on the website are available. No warranty is given as to the freedom of this website from errors, defects or viruses.

If you request one of our email services you acknowledge that email is not completely secure or confidential and agree to that risk. We do not routinely encrypt emails. We do adhere to a rigorous Privacy Policy and we make all reasonable endeavours to keep your information confidential.

Parts of our website are provided by third parties. We try to ensure that our sources of information are reputable and that they take due care in preparing the information. However, we do not verify the information ourselves, and we do not guarantee that it is correct. We are also not responsible for any information on this site or any site linked to this site which is being marketed by a third party.

Wealth Wizards Benefits Limited cannot be held responsible for the accuracy of the contents or information contained within any linked sites accessible from this site.

This site and the material and brands on it are the intellectual property of Wealth Wizards Limited and Wealth Wizards Benefits Limited, and all resulting rights are reserved; no right or license is granted to use such intellectual property, save for the purposes of reviewing the website. Wealth Wizards ®, Pension Wizard ®, Retirement Wizard ® Turo® MyEva® and and the wizard hat logo are registered trademarks; the trademarks, trade names, and logos on this website, and the copyright and pending patent applications are used by Wealth Wizards Benefits Limited under licence from Wealth Wizards Limited.  Money Wizard , Protection Wizard and Investment Wizard are trademarks and logos of Wealth Wizards Limited.

Updated on 16 March 2021 (v. 10)

Privacy policy

Wealth Wizards takes the protection of your data seriously and is committed to safeguarding your personal information.  This Privacy Policy explains the data processing practices relating to the websites: wealthwizards.com and turoadviser.com and any further interactions you may have with our business development teams.  Should you provide information by which you can be identified when interacting with us, it will only be used in accordance with this Privacy Policy.

We ask that you read our Privacy Policy carefully as it contains important information about Wealth Wizards; how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and the supervisory authority in the event you have a problem or complaint. 

About Wealth Wizards

Wealth Wizards collects, uses and retains certain personal data about you.  Wealth Wizards is required to comply with data protection regulation, and we are responsible as a data controller of that personal data for the purposes of those laws.

When we mention “Wealth Wizards”, “Turo” “we”, “us” or “our” we are referring to Wealth Wizards Ltd. There are many ways you can contact us, including by telephone, email and post.

Registered Office:

Wizards House
8 Athena Court
Tachbrook Park
Leamington Spa
CV34 6RT

Helpline Number: 01926 671 469

Email: thewizard@wealthwizards.com

Company No: 07014133, Data Protection Registration No: ZA547627.

What information may we collect from you?

We do not automatically capture or store personal information, other than logging your IP address and session information such as how long your visit lasted, and the type of browser used.  This is recognised by the web server and is only used for system administration purposes and to provide statistics, which we use to evaluate how the site is used, we also use Google Analytics.  Please read our Cookie Policy for more information.  Our Cookie Policy describes what information we gather, how we use them and why we sometimes need to store these cookies.  We will also share how you can prevent these cookies from being stored, however this may downgrade or disrupt certain elements of the website’s functionality.

Wealth Wizards collects personally identifiable information about you through:

  • The use of enquiry and registration forms.
  • The provision of your details to us either online or offline.
  • The provision of your details supplied to us by your organisation.

In the course of providing our services to you we may collect the following personal data when you provide it:

  • Contact information
  • Identity information
  • Demographic information
  • Information relevant to customer surveys

 The elements of your data that we collect may include:

  • Name
  • Job title
  • Company name
  • Company address, telephone and email address
  • Mobile telephone number

How Wealth Wizards uses and shares your personal data

We will only ask you to provide us with a limited amount of personal information needed to provide the service you are interested in, for example where you:

  • decide that you would like to book a meeting/demonstration with one of our sales team.
  • sign up to receive our latest newsletters or publications.
  • complete a survey on our website.
  • attend an event.

We require this information to understand the latest needs and provide you with a better service, and for the following reasons:

  • for internal record keeping.
  • to use the information internally to improve our products, services and communications.
  • to periodically send emails about new developments or other information which we think you may find interesting using the email address which you have provided.
  • to contact you for market research purposes from time to time, we may contact you by email, phone, or mail.  We may use the information to customise our contact with you according to your interests.
  • to extract certain information from your data for the purpose of generating statistics, however, it is not possible to identify you from these statistics.

In order to deliver our services effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as the use of Client Relationship Management systems.  

Please note, where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.

We may also use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you would like us to do so.  We may need to disclose your details to our trusted partners and service providers for these purposes.  

We reserve the right to fully co-operate with any law enforcement authorities or court order requiring or requesting us to disclose the identity or other usage details of any user of our site.

How long will Wealth Wizards hold your personal data?

We will not hold your personal data for longer than is required under the terms of our contract for our services with you.  Wealth Wizards is subject to regulatory requirements to retain data for specified minimum periods.  In addition, we are obliged to treat our customers fairly in the event of a future complaint and therefore we reserve the right to retain data for longer than these specified minimum periods in order to allow us to investigate such complaints and, if necessary, defend a future claim against us.

We will therefore keep your personal information securely for as long as we need to under the terms of our services or for as long as we are required to by relevant regulations.  Wealth Wizards regularly reviews the legal and regulatory obligations around the retention of your personal information.

If you would like more information about how long we will keep your information for, please contact us at: thewizard@wealthwizards.com.

Keeping your personal data secure

Wealth Wizards takes measures to ensure the security of your data, industry best-practice is followed at all stages of the data life-cycle.  We are always working to improve the methods employed to secure your data, for example, data is encrypted when in transit across public internet links and stored in an encrypted format in our systems.  We limit access to your personal data to those who have a genuine business need to know it.  Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Wealth Wizards has procedures in place to deal with any suspected data security breach.  We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, sending information via the internet is not completely secure.  Although we will do our best to protect your personal data once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide this at your own risk.

Transfer of your information out of the European Economic Area (EEA)

Where we transfer your personal data to a country outside the EEA, we shall ensure that your personal data is adequately protected.  To achieve this, we will use EU approved standard contractual clauses (or any other EU approved transfer mechanism) for the transfer of this data.  When transferring personal data to the US we will only use providers who are certified under the EU-US Privacy Shield. The EU-US Privacy Shield addresses the collection, protection, storage, transfer and use of data transferred from the EEA the US.

Wealth Wizards and your rights

You have legal rights under data protection regulation in relation to your personal data.  These are set out in the table below:

If you would like to exercise any of the above rights, please email: thewizard@wealthwizards.com or write to: Wealth Wizards Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.

Links to other websites

Our websites may contain links to other websites of interest.  However, once you have used these links to leave our site, you should note that we do not have any control over that content.  Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this Privacy Policy.  You should exercise caution and look at the Privacy Policy applicable to the website in question.

Wealth Wizards and the Information Commissioner’s Office

If you are not happy with the way we are handling your personal data, you have the right to lodge a complaint with the Information Commissioners Office (ICO).  It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk).  We do however request that you attempt to resolve any issues directly with us before contacting the ICO.

Should you feel you need to lodge a complaint with the ICO you can call or write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline Number: 0303 123 1113 (local rate).

Making changes to this Privacy Policy

We reserve the right to add to or change the terms of this Privacy Policy without prior notice.  If Wealth Wizards changes this Privacy Policy, we will post the new Privacy Policy on our websites (wealthwizards.com, turoadviser.com) and it will become effective from the time of posting.  Please view the Privacy Policy on a regular basis to ensure you have read the latest version to understand what we do with your personal data.

Security at Wealth Wizards

We take security seriously here at Wealth Wizards.  We are a regulated business, comply with all relevant data protection standards, and employ cutting edge cybersecurity to keep our customers safe.  We have a company wide, ISO 27001/27018 certified management system called Remus.

Compliance & Certifications

We are independently ISO/IEC 27001:2013 and ISO/IEC 27018:2019 Certified and are working towards certification to BS 10012.  Click here to download our Certification.

We are regulated by the Financial Conduct Authority.  Registration number 596641.

We are compliant with the EU Data Protection Directive.  To learn more, please read our Privacy and data protection policy.

Security questions or concerns?

If you have any questions or concerns, or think you may have found a problem with our security, please don’t hesitate to contact our security team.

Our principles

Our principles are:

  • Shared - Managing risk is everyone's responsibility.  Our approach to security and risk is driven by the needs of our business, and aligned with our culture.
  • Systematic - Managing risk is a systematic, continuous activity.  Instinct is important but our focus is on fact-driven, risk prioritised tasks rather than sporadic, repetitive heroic efforts.
  • Standard - We have a single framework in place across the whole company which can be tailored to individual teams' needs.

We have a comprehensive and innovative management system – Remus - that holds all our policy, risk and control information. Remus raises and tracks tasks to ensure these are continuously reviewed and improved.

We employ a Three Lines of Defence model:

  • First line: Operational and business teams - Remus ensures that controls are in place and are monitored to treat the risks which we and our customers face. Our Platform team implements and monitors security controls on our end user and platform infrastructure.
  • Second line - We have dedicated risk, compliance and platform teams who monitor the performance of Remus and provide subject matter expertise for its improvement.
  • Third line - We run an internal audit programme and employ external auditors to monitor the performance of Remus and our first and second-line teams.

Information Security is a standing agenda item for all our key committees, up to and including our main board.

Our policies

We have a comprehensive set of controlled policies covering Information Security. Each is owned by a specific individual in the second line of our defence, with a defined review schedule and approval process.
Our relevant policies include:

  • Business Continuity Management
  • Continuous Improvement
  • Data Encryption Policy
  • Data Handling Policy
  • Data Protection - Data Retention Policy
  • Data Protection - Impact Assessments (DPIA)
  • Data Protection - Legitimate Interest Assessment (LIA)
  • Data Protection - Subject Access Request Process
  • Data Protection Policy
  • Data Retention Schedules
  • Information Security Consolidated Communication Plan
  • Information Security Incident Handling Procedure
  • Information Security Policy
  • Information Security Roles & Responsibilities
  • Internal Audit Process
  • Personal Data Breach Notification
  • Privacy Policy
  • Risk Management Policy
  • Security in the Software Delivery Life Cycle
  • Third Party Purchase Procedure

ISO 27001/27018

Wealth Wizards holds accredited certifications to ISO 27001 and ISO 27018.

ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes the requirements for an ISMS (information security management system).

It is supported by its code of practice for information security management, ISO/IEC 27002:2013.

We have extended the approach to manage risks across our entire business.

ISO/IEC 27018:2019 (ISO 27018) extends ISO 27001 controls to ensure best practice for privacy in cloud computing is followed.

Wealth Wizards is independently audited and certified to these standards by the British Standards Institute.

Risk management

We have a unified approach to risk management. Based on internationally recognised best practice (specifically ISO27001, IS1 and CISSP), it has been designed to be engaging and understandable across our organisation.

The approach covers the assessment and treatment of risk against our agreed risk appetite, and includes consideration of the confidentiality, integrity and availability aspects of each risk.

Risk assessments are triggered:

  • When any new system is implemented
  • When there is a significant change to our risk appetite
  • When there is a significant change to our security requirements
  • At a frequency appropriate to the area of risk (at least annually)
  • Ad hoc when raised as a concern via our incident management system
  • On a specific event such as a near miss incident

Risk assessments cover all aspects of our business including:

  • Our physical assets and security
  • Our people
  • Our processes (in particular those relating to data security and handling)
  • Our suppliers
  • Our systems
  • Our platform

Whilst our impact and probability assessment scales are consistent to allow us to compare risks across all domains, our treatment methods are tailored according to best practice in each area.

Security domains

Information security cuts across all aspects of our business.

People

We undertake the following checks on all our people:

  • Verification of name and address
  • Verification of identity
  • Verification of previous two years employment history
  • Disclosure and Barring Service (DBS) check

All our people are required to sign a restrictive deed of covenant as part of their contract of employment.  This sets out their responsibilities for handling confidential information.  In addition, anyone who handles client data is required to sign an additional Non Disclosure Agreement.

In addition, we perform the background checks required by the Financial Conduct Authority (FCA) for our Financial Advisers.

Security responsibilities are included in all job descriptions, and people receive security awareness training (and undertake qualifications) appropriate to their role. Individual awareness, training and qualifications are reviewed as part of our learning and development framework.

Asset management

End user devices

We maintain a complete, real-time inventory of all our end user devices. Our workstations and laptops have anti-virus software included as part of the standard build we deploy across all devices:

  • We don't store any data locally on laptops, and we do not allow the use of detachable, portable media (e.g. memory sticks)
  • We encrypt all local disc storage (to protect cached information)
  • We use Mobile Device Management to monitor laptop usage, and to remotely wipe/lock down devices
  • Only engineers and administrators have administrative rights to their machines
  • Internet access and network connectivity is routed through our network, with access to restricted services locked to our office locations

Data

We ensure that all data has an appropriate level of protection, and unauthorised access or deletion is prevented:

  • All data we hold is classified and processed in accordance with our data handling policy
  • We have procedures in place to ensure that all data is deleted in accordance with the retention period applicable to its classification
  • We have procedures in place to ensure that any data transferred between us and our customers is secure
  • Data is encrypted at rest, and in transit across public internet, in accordance with industry best practice
  • Personal identifying information (PII) data is further encrypted at column level in data stores

Access management

Access to our systems is strictly limited to those who are authorised to do so:

  • User responsibilities are documented, and users held accountable for safeguarding the data they have access to
  • We employ multi-factor authentication, and password complexity requirements in line with the National Cyber Security Centre guidelines
  • Access is managed by designated administrators of each given system, and processes are in place to manage access and removal from all systems
  • Customer and user requests are administered via our Service Desk
  • Access is segregated where required to ensure that it is controlled and appropriate to the system content
  • Processes are in place to ensure that access rights are removed in a timely fashion

Cryptography

We operate an encryption policy to protect confidentiality and integrity of information:

  • PII data is encrypted at column level in data-stores
  • All data is encrypted at rest
  • Real time application data is transmitted over encrypted TLS connections
  • We use unique encryption keys for each customer and secrets management and rotation to protect API keys and other access related information

Physical security

We use third parties and our own controls to prevent unauthorised access to our locations:

  • We use Amazon Web Services (AWS) to host our applications. Details of their approach to physical security can be found here: https://aws.amazon.com/compliance/data-center/controls/
  • We operate a paper free environment, scanning and shredding all paper documents
  • All our office locations are protected by key and fob access and appropriate alarm systems
  • Additional physical devices (such as screen protectors) are used where necessary

Operations security

We use third parties to host our information processing infrastructure, through Infrastructure as a Service (IaaS). This means we put in place the controls needed to secure our account and platform configuration (the shared responsibility model).

Our controls ensure that our infrastructure is secure, and protected against malware and data loss:

  • We define our infrastructure as code in version-controlled repositories
  • All our live servers are taken down and replaced by the up to date image on a regular basis
  • Pattern updates to anti-malware software are checked at least once a day, with virus scans conducted in real time where possible (and daily where not).
  • All data is backed up in an encrypted format to encrypted AWS S3 buckets
  • We use a third-party service to continually scan our infrastructure for vulnerabilities and suspicious activity
  • We front our applications with a web application firewall (WAF) that blocks requests to our services that resemble common attacks
  • We hold immutable logs on system and network activity, and store these centrally
  • We have a system of alerts which are triggered if any suspicious activity is detected
  • All applications and services are managed through reviewed, version-controlled configuration stores with fully automated deployment systems
  • We benchmark our systems against the appropriate Centre for Internet Security (CIS) benchmarks, which represent industry best practice

Communications security

We employ a variety of processes and technologies to ensure that our communications are protected within our network, and in transit to/from our customers:

  • We use WPA2 and Active Directory authentication to protect our wi-fi network
  • We use encrypted VPNs for all remote connections to our internal systems
  • We use a third party, managed Host Intrusion Detection System (HIDS)
  • We employ a separate third party to conduct penetration testing on our Infrastructure and applications
  • We segment our networks by security value
  • We separate our proving and production environments (and never store user data in non-production environments)
  • We have procedures in place to ensure that any transfer of information to and from customers is protected by Transport Layer Security

System acquisition, development and maintenance

Security is an integral part of our entire Software Development Life Cycle:

  • We train all our people in the relevant technologies for their job role (including dedicated on-going secure coding training for all our engineers)
  • Our developers undertake Open Web Application Security Project (OWASP) training and refresher sessions
  • Our code review process covers OWASP vulnerabilities, adherence to secrets policy and the security of our endpoints
  • We make extensive use of automated testing - this is executed as part of our build process, and overnight for all our test environments
  • We maintain a balanced pyramid of tests, automating unit, contract, system and performance tests
  • All tests are executed as part of our automated build pipeline
  • We do not make use of any client data for testing purposes
  • All code is held in configuration managed repositories

We have processes in place to ensure that the third-party software and libraries we us are safe:

  • We automatically check our code libraries for known vulnerabilities
  • All third-party products are risk-assessed and reviewed for General Data Protection Regulation compliance:
  • When we are considering using a new product
  • When an existing product undergoes a major upgrade
  • When we change the way we are using an existing product

Release Management

We have controls in place which ensure the software we release is code reviewed, tested and configuration managed:

  • We use an automated build pipeline to ensure changes are:
  • Reviewed
  • Tested
  • Committed to our configuration managed repositories
  • Scanned for code vulnerabilities
  • We employ additional governance around the release process where changes can affect the advice which our products give - this requires:
  • Adviser approval
  • Compliance approval

Supplier Relationships

In order to protect the data we hold, we employ a number of controls to manage our interaction with suppliers:

  • We have a supplier risk assessment tool (Dora) which covers the supplier's financial and security obligations
  • Our contractual terms cover all aspects of Data Protection compliance, including notification requirements
  • We regularly review supplier service delivery in line with the agreements we have in place

Our key suppliers are large, world class organisations at the forefront of each of their fields of expertise.  This presents some challenges during contract negotiation, and in particular backing off the requirements our customers have of us as an organisation.  Our policy on this is:

  • Where a regulatory or legislative obligation exists (e.g. audit under the GPDR) this must be included in the contractual arrangements between us and the supplier
  • Where no such obligation exists, we will negotiate our contract with our customer and notify them of any differences between those arrangements and those with our key suppliers

Incident Management

We have controls in place which ensure a consistent and effective approach to the management of security incidents:

  • We have a dedicated Service Desk which allows customers and our own people to raise incidents quickly and easily
  • We have established an open culture which encourages the raising of incidents
  • We have dedicated roles and responsibilities which cover all aspects of incident management:
  • Identification
  • Triage
  • Containment
  • Resolution
  • Communication
  • We retrospectively analyse all incidents to allow trends to be analysed, and improvements to be put in place

Business Continuity Management

Information security is an integral part of our Business Continuity Plan (BCP):

  • We maintain a central BCP, with processes for the containment and communication of any continuity event
  • We rehearse our BCP at least annually
  • By storing all aspects of the configuration of our systems in code, we are able to rapidly rebuild and redeploy them to other geographical locations in the event of a disaster
  • We train all our people in remote working safely
  • Our use of an Infrastructure as a Service model means we maintain very little of our own infrastructure. We are, therefore, largely unaffected by non-availability of any of our office locations

Compliance

We are a regulated business, and maintain a range of controls to ensure we comply with legal, statutory, regulatory and contractual obligations:

  • We conform to all the requirements placed upon us by the FCA, Information Commissioner and our certification auditors
  • We maintain registers for all compliance related events in our management system, Remus
  • We maintain a registry of relevant legislation, and its impact on the organisation of security
  • We run an internal audit programme which verifies our adherence to our obligations
  • We have an exception process to respond to non-conformances
  • We employ third party experts to validate our technical approach, and to ensure we are up to date with expert community best practice

This page was last updated on 22nd September 2022

Privacy Policy

Wealth Wizards takes the protection of your data seriously and is committed to safeguarding your personal information.  This Privacy Policy explains the data processing practices relating to the websites: wealthwizards.com and turoadviser.com and any further interactions you may have with our business development teams.  Should you provide information by which you can be identified when interacting with us, it will only be used in accordance with this Privacy Policy.

We ask that you read our Privacy Policy carefully as it contains important information about Wealth Wizards; how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and the supervisory authority in the event that you have a problem or complaint.

About Wealth Wizards

Wealth Wizards collects, uses and retains certain personal data about you.  Wealth Wizards is required to comply with data protection regulation, and we are responsible as a data controller of that personal data for the purposes of those laws.

When we mention “Wealth Wizards”, “Turo” “we”, “us” or “our” we are referring to Wealth Wizards Ltd. There are many ways you can contact us, including by telephone, email and post.

Registered Office:

Wizards House
8 Athena Court
Tachbrook Park
Leamington Spa
CV34 6RT

Helpline Number: 01926 671 469

Email: thewizard@wealthwizards.com

Company No: 07014133, Data Protection Registration No: ZA547627.

What information may we collect from you?

We do not automatically capture or store personal information, other than logging your IP address and session information such as how long your visit lasted, and the type of browser used.  This is recognised by the web server and is only used for system administration purposes and to provide statistics, which we use to evaluate how the site is used, we also use Google Analytics.  Please read our Cookie Policy for more information.  Our Cookie Policy describes what information we gather, how we use them and why we sometimes need to store these cookies.  We will also share how you can prevent these cookies from being stored, however this may downgrade or disrupt certain elements of the website’s functionality.

Wealth Wizards collects personal identifiable information (PII) about you through:

  • The use of enquiry and registration forms.
  • The provision of your details to us either online or offline.
  • The provision of your details supplied to us by your organisation.

In the course of providing our services to you we may collect the following personal data when you provide it:

  • Contact information
  • Identity information
  • Demographic information
  • Information relevant to customer surveys

The elements of your data that we collect may include:

  • Name
  • Job title
  • Company name
  • Company address, telephone and email address
  • Mobile telephone number

How Wealth Wizards uses and shares your personal data

We will only ask you to provide us with a limited amount of personal information needed to provide the service you are interested in, for example where you:

  • decide that you would like to book a meeting/demonstration with one of our sales team.
  • sign up to receive our latest newsletters or publications.
  • complete a survey on our website.
  • attend an event.

We require this information to understand the latest needs and provide you with a better service, and for the following reasons:

  • for internal record keeping.
  • to use the information internally to improve our products, services and communications.
  • to periodically send emails about new developments or other information which we think you may find interesting using the email address which you have provided.
  • to contact you for market research purposes from time to time, we may contact you by email, phone, or mail.  We may use the information to customise our contact with you according to your interests.
  • to extract certain information from your data for the purpose of generating statistics, however, it is not possible to identify you from these statistics.

In order to deliver our services effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as the use of Client Relationship Management systems.  

Please note, where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.

We may also use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you would like us to do so.  We may need to disclose your details to our trusted partners and service providers for these purposes.  

We reserve the right to fully co-operate with any law enforcement authorities or court order requiring or requesting us to disclose the identity or other usage details of any user of our site.

The table below sets out:

  • how Wealth Wizards uses your personal data.
  • the lawful basis upon which Wealth Wizards uses your personal data.
  • who Wealth Wizards routinely shares your personal data with.

How long will Wealth Wizards hold your personal data?

We will not hold your personal data for longer than is required under the terms of our contract for our services with you.  Wealth Wizards is subject to regulatory requirements to retain data for specified minimum periods.  In addition, we are obliged to treat our customers fairly in the event of a future complaint and therefore we reserve the right to retain data for longer than these specified minimum periods in order to allow us to investigate such complaints and, if necessary, defend a future claim against us.

We will therefore keep your personal information securely for as long as we need to under the terms of our services or for as long as we are required to by relevant regulations.  Wealth Wizards regularly reviews the legal and regulatory obligations around the retention of your personal information.

If you would like more information about how long we will keep your information for, please contact us at: thewizard@wealthwizards.com.

Keeping your personal data secure

Wealth Wizards takes measures to ensure the security of your data, industry best-practice is followed at all stages of the data life-cycle.  We are always working to improve the methods employed to secure your data, for example, data is encrypted when in transit across public internet links and stored in an encrypted format in our systems.  We limit access to your personal data to those who have a genuine business need to know it.  Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Wealth Wizards has procedures in place to deal with any suspected data security breach.  We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, sending information via the internet is not completely secure.  Although we will do our best to protect your personal data once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide this at your own risk.

Transfer of your information out of the European Economic Area (EEA)

Wealth Wizards will only ever transfer your information to processors based in other countries outside the UK and EEA where we consider that there are adequate safeguards provided for your information, with individual rights standards that meet the GDPR requirements and the use of these processors is necessary in the fulfilment of our obligations to you.  We currently engage some US-based processors to provide services such as data analytics and marketing communications.  To be clear, we shall only engage with processors based in other countries outside the UK and EEA where we consider that there are adequate safeguards provided for your data.

If personal data is transferred from the UK or a country within the European Economic Area to a country outside the UK or European Economic Area which do not ensure an adequate level of data protection within the meaning of UK Data Protection Laws, Wealth Wizards shall ensure that your personal data is adequately protected. To achieve this, we shall, unless agreed otherwise, rely on UK approved Standard Contractual Clauses for the transfer of personal data from the UK, European Union, the European Economic Area and/or their member states and Switzerland to countries which do not ensure an adequate level of data protection within the meaning of UK Data Protection Laws or any other legally enforceable mechanisms for transfer as may be prescribed under UK Data Protection Laws from time to time.

Wealth Wizards and your rights

You have legal rights under data protection regulation in relation to your personal data.  These are set out in the table below:

Your right to...

What this means for you

access personal data.You can ask us to confirm whether we have and are using your personal data.  You can also ask for a copy of your personal data from us and for information on how we process it.correction or erasure of personal data.

You can ask that we rectify any information about you which is incorrect.  Wealth Wizards will be happy to rectify such information.

You can ask us to erase your personal data if you think we no longer need to use it for the purpose we collected it from you.  You can also ask that we erase your personal data if you have withdrawn your consent to us using your information.

restrict how Wealth Wizards uses personal data.

You can ask us to restrict the use of your personal data in certain circumstances, for example:

  • where you think the information is inaccurate.
  • where our use of your personal data is no longer required, but you do not want us to erase it.
  • where the information is no longer required for the purposes for which it was collected, but we need it to establish, exercise or defend legal claims.
  • where you have objected to our use of your personal data, but we still need to verify if we have overriding grounds to use it.

object to how Wealth Wizards uses personal data.You can object to any use of your personal data, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information.to transfer personal data to another organisation.You can ask Wealth Wizards to provide your personal data to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).object to automated decisions.These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in the decision making processes to protect your rights and freedoms.find out more about how Wealth Wizards uses personal data.

If you are not satisfied with the level of information provided in this privacy policy you can ask us:

  • What personal data we have about you and where we got your data from.
  • What we use your information for and what automated decisions were made.
  • Who disclose your information to and whether we transfer it abroad.
  • How we protect your information and how long we keep it for.
  • What rights you have and how you can make a complaint.

If you would like to exercise any of the above rights, please email: thewizard@wealthwizards.com or write to: Wealth Wizards Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.

Links to other websites

Our websites may contain links to other websites of interest.  However, once you have used these links to leave our site, you should note that we do not have any control over that content.  Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this Privacy Policy.  You should exercise caution and look at the Privacy Policy applicable to the website in question.

Wealth Wizards and the Information Commissioner’s Office

If you are not happy with the way we are handling your personal data, you have the right to lodge a complaint with the Information Commissioners Office (ICO).  It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk).  We do however request that you attempt to resolve any issues directly with us before contacting the ICO.

Should you feel you need to lodge a complaint with the ICO you can call or write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline Number: 0303 123 1113 (local rate).

Making changes to this Privacy Policy

We reserve the right to add to or change the terms of this Privacy Policy without prior notice.  If Wealth Wizards changes this Privacy Policy, we will post the new Privacy Policy on our websites (wealthwizards.com, turoadviser.com) and it will become effective from the time of posting.  Please view the Privacy Policy on a regular basis to ensure you have read the latest version to understand what we do with your personal data.

Last updated on 24 September 2021.

Wealth Wizards Benefits Limited is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641

Registered Address: Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.
Registered in England & Wales, No. 07014133. The information contained within this site is intended for UK consumers only and is subject to the UK regulatory regime.

Wealth Wizards®, Pension Wizard ®, Retirement Wizard®, Turo® and MyEva® are registered trademarks; the trademarks, trade names and logos on this website, and the copyright and pending patent applications, are used by Wealth Wizards Benefits Limited under licence from Wealth Wizards Limited. Pension Tidy-up, Pension Predictor, Investment Wizard, are trademarks and logos of Wealth Wizards Limited. Wealth Wizards Benefits Limited is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641.

Wealth Wizards is independently audited and certified by the British Standards Institute to ISO/IEC 27001:2013, an internationally recognised standard specifying comprehensive security controls and best practice.