We are fully regulated by the FCA and take responsibility for our advice
Wealth Wizards Benefits Limited is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641. Registered Address: Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.
Our registered address is:
Wealth Wizards Benefits Limited
8 Athena Court
If you’re unhappy with the experience you have with Wealth Wizards Benefits Limited we’d like to put it right for you. Please let us know if you want to make a complaint by writing to us or dropping us an email.
If you’re still unhappy with the outcome of your complaint, you have the right to contact the Financial Ombudsman Service (FOS). The FOS is a statutory body established to provide consumers with a free, independent service for resolving disputes with financial firms. Their decisions are binding on us. You can visit the FOS website for further information.
You may be entitled to compensation from the Financial Services Compensation Scheme if we cannot meet our obligations. This depends on the type of business and the circumstances of the claim. Further information is available from the FSCS.
This website is provided by Wealth Wizards Benefits Limited which is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641, and registered in England & Wales Company No 06030782. Wealth Wizards® is registered as a trading style of Wealth Wizards Benefits Limited with the Financial Conduct Authority.
These terms should be read carefully. Access to this website is on the basis that you agree to these terms.
Our services are intended for customers in the United Kingdom. Services featured on the website do not amount to an invitation to customers outside the United Kingdom.
The website and these terms are governed by the law of England and Wales.
We try to ensure that our website is available for access 24 hours a day, 7 days a week. However it may, on occasions be necessary to close or suspend provision of any of the services on the website for the purposes of repair, maintenance or development. Access to the website or operation of any of the services may be interrupted by circumstances beyond our control.
Wealth Wizards Benefits Limited takes care to ensure that the contents of this website are as clear, accurate and as easy to use as possible, but cannot accept responsibility (to the extent permitted by law) for any interruption or delay in access to the website or for any inaccuracies, incompleteness of information, errors or omissions in respect of information on our website or on any to which our website may be linked. The information is subject to change at any time without notice and Wealth Wizards Benefits Limited does not warrant that any of the services mentioned on the website are available. No warranty is given as to the freedom of this website from errors, defects or viruses.
Parts of our website are provided by third parties. We try to ensure that our sources of information are reputable and that they take due care in preparing the information. However, we do not verify the information ourselves, and we do not guarantee that it is correct. We are also not responsible for any information on this site or any site linked to this site which is being marketed by a third party.
Wealth Wizards Benefits Limited cannot be held responsible for the accuracy of the contents or information contained within any linked sites accessible from this site.
This site and the material and brands on it are the intellectual property of Wealth Wizards Limited and Wealth Wizards Benefits Limited, and all resulting rights are reserved; no right or license is granted to use such intellectual property, save for the purposes of reviewing the website. Wealth Wizards®, Pension Wizard ®, Retirement Wizard ® and the wizard hat logo are registered trademarks; the trademarks, trade names, and logos on this website, and the copyright and pending patent applications are used by Wealth Wizards Benefits Limited under licence from Wealth Wizards Limited. Pension Tidy-up, Pension Predictor, Money Wizard, Advisor Wizard, Mortgage Wizard, Protection Wizard, Investor Wizard, Investment Wizard, Insurance Wizard, and ISA Wizard are trademarks and logos of Wealth Wizards Limited. © 2016 Wealth Wizards Limited. Wealth Wizards Benefits Limited is a wholly owned subsidiary of Wealth Wizards Limited.
This page was last updated on 1st January 2019
Wealth Wizards collects, uses and retains certain personal data about you. Wealth Wizards is required to comply with data protection regulation, and we are responsible as a data controller of that personal data for the purposes of those laws.
When we mention “Wealth Wizards”, “Turo” “we”, “us” or “our” we are referring to Wealth Wizards Ltd. There are many ways you can contact us, including by telephone, email and post.
8 Athena Court
Helpline Number: 01926 671 469
Company No: 07014133, Data Protection Registration No: ZA547627.
Wealth Wizards collects personally identifiable information about you through:
In the course of providing our services to you we may collect the following personal data when you provide it:
The elements of your data that we collect may include:
We will only ask you to provide us with a limited amount of personal information needed to provide the service you are interested in, for example where you:
We require this information to understand the latest needs and provide you with a better service, and for the following reasons:
In order to deliver our services effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as the use of Client Relationship Management systems.
Please note, where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.
We may also use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you would like us to do so. We may need to disclose your details to our trusted partners and service providers for these purposes.
We reserve the right to fully co-operate with any law enforcement authorities or court order requiring or requesting us to disclose the identity or other usage details of any user of our site.
We will not hold your personal data for longer than is required under the terms of our contract for our services with you. Wealth Wizards is subject to regulatory requirements to retain data for specified minimum periods. In addition, we are obliged to treat our customers fairly in the event of a future complaint and therefore we reserve the right to retain data for longer than these specified minimum periods in order to allow us to investigate such complaints and, if necessary, defend a future claim against us.
We will therefore keep your personal information securely for as long as we need to under the terms of our services or for as long as we are required to by relevant regulations. Wealth Wizards regularly reviews the legal and regulatory obligations around the retention of your personal information.
If you would like more information about how long we will keep your information for, please contact us at: email@example.com.
Wealth Wizards takes measures to ensure the security of your data, industry best-practice is followed at all stages of the data life-cycle. We are always working to improve the methods employed to secure your data, for example, data is encrypted when in transit across public internet links and stored in an encrypted format in our systems. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Wealth Wizards has procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide this at your own risk.
Where we transfer your personal data to a country outside the EEA, we shall ensure that your personal data is adequately protected. To achieve this, we will use EU approved standard contractual clauses (or any other EU approved transfer mechanism) for the transfer of this data. When transferring personal data to the US we will only use providers who are certified under the EU-US Privacy Shield. The EU-US Privacy Shield addresses the collection, protection, storage, transfer and use of data transferred from the EEA the US.
You have legal rights under data protection regulation in relation to your personal data. These are set out in the table below:
If you would like to exercise any of the above rights, please email: firstname.lastname@example.org or write to: Wealth Wizards Ltd, Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.
If you are not happy with the way we are handling your personal data, you have the right to lodge a complaint with the Information Commissioners Office (ICO). It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk). We do however request that you attempt to resolve any issues directly with us before contacting the ICO.
Should you feel you need to lodge a complaint with the ICO you can call or write to:
Information Commissioner’s Office
Helpline Number: 0303 123 1113 (local rate).
We take security seriously here at Wealth Wizards.
We are a regulated business, comply with all relevant data protection standards, and employ cutting edge cybersecurity to keep our customers safe.
We have a company wide, ISO 27001 certified quality management system called Remus.
Wealth Wizards takes security seriously. We follow three key principles:
We have a comprehensive and innovative Management System – Remus. Remus holds all our policy, risk and control information, and raises and tracks tasks to ensure these are continuously reviewed and improved.
We employ a Three Lines of Defense model:
Information Security is a standing agenda item for all of our key committees, up to and including our main board.
We have a comprehensive set of controlled policies covering Information Security. Each is owned by a specific individual in the second line of our defense, with a defined review cadence and approval process.
Our relevant policies include:
ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes the requirements for an ISMS (information security management system). It is supported by its code of practice for information security management, ISO/IEC 27002:2013.
Wealth Wizards holds accredited certification to ISO 27001. This provides independent, expert assessment that our information security is managed in line with international best practice and business objectives. We have extended the approach to manage risks across our entire business.
We have a unified approach to Risk Management. It’s based on internationally recognised best practice (specifically ISO27001, IS1 and CISSP), and has been designed to be engaging and understandable across our organisation.
The approach covers the assessment and treatment of risk against our agreed risk appetite, and includes consideration of the confidentiality, integrity and availability aspects of each risk.
Risk assessments are triggered;
Risk assessments cover all aspects of our business including:
Whilst our impact and probability assessment scales are consistent to allow us to compare risks across all domains, our methods are tailored according to best practice in that area.
Information cuts across all aspects of our business.
We undertake the following checks on all our people:
In addition we perform the background checks required by the Financial Conduct Authority (FCA) for our Financial Advisors.
Security responsibilities are included in all job descriptions, and people receive security awareness training (and undertake qualifications) appropriate to their role. Individual awareness, training and qualifications are reviewed as part of our mastery framework.
We maintain a complete, real-time inventory of all our End User devices. Our workstations and laptops have anti-virus software included as part of the standard build we deploy across all devices:
We ensure that all data has an appropriate level of protection, and unauthorised access or deletion is prevented:
Access to our systems is strictly limited to those who are authorised to do so:
We operate an encryption policy to protect confidentiality and integrity of information:
We use third parties and our own controls to prevent unauthorised access to our locations:
Although we use third parties to host our information processing infrastructure, we use their Infrastructure as a Service (IaaS). This means we put in place the controls needed to secure our account and platform configuration (the shared responsibility model).
Our controls ensure that our infrastructure is secure, and protected against malware and data loss:
We employ a variety of processes and technologies to ensure that our communications are protected within our network, and in transit to/from our customers:
Security is an integral part of our entire Software Development Life Cycle:
We have processes in place to ensure that the third party software and libraries we us are safe:
We have controls in place which ensure the software we release is code reviewed, tested and configuration managed:
In order to protect the data we hold, we employ a number of controls to manage our interaction with suppliers:
We have controls in place which ensure a consistent and effective approach to the management of security incidents:
Information security is an integral part of our Business Continuity Plan (BCP):
We are a regulated business, and maintain a range of controls to ensure we comply with legal, statutory, regulatory and contractual obligations:
This page was last updated on 1st May 2019
This is the policy of the ‘Wealth Wizards Group’, which is Wealth Wizards Limited and its subsidiaries from time to time including Wealth Wizards Benefits Limited.
Data protection obligations are currently set out in the Data Protection Act 2018 (DPA 2018). The DPA 2018 sets out when personal data can lawfully be processed and how it should be processed. It governs processing by data controllers of personal data relating to data subjects.
In April 2016, the European Parliament approved a general data protection reform package, thereby bringing to a close nearly four years of work overhauling the EU’s data protection rules.
In June 2017, the government announced that the DPA 1998 would be replaced by a new Data Protection Bill (DPB). It is intended that the DPB, supplemented by the GDPR, will modernise data protection law in the UK given the demands of an increasingly digital economy and society. When the UK leaves the EU, the GDPR will be incorporated into UK domestic law under the European Union (Withdrawal) Bill currently before Parliament.
The four main areas covered by the DPB are:
Wealth Wizards Limited is a data processor. Wealth Wizards Benefits Limited is a data controller and is registered with the Information Commissioner’s Office.
The Information Commissioner’s Office (ICO) is an independent public body responsible for upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The GDPR requires every member state to provide one or more independent public authorities to be responsible, as a “supervisory authority”, for monitoring its application, in order to protect the fundamental rights of individuals in relation to processing and to facilitate the free flow of personal data within the EU (Article 51(1)). The DPB confirms that the ICO will continue and will be the supervisory authority in the UK (clauses 112(1) and 113(1)).
Data controllers, and (where applicable) their representatives must co-operate on request with the ICO in the performance of its tasks (Article 31, GDPR).
The GDPR and DPB together create a new regime which will govern the processing by data controllers of personal data relating to data subjects. As it is put in recital 11 to the GDPR:
”Effective protection of personal data throughout the Union requires the strengthening and setting out in detail of the rights of data subjects and the obligations of those who process and determine the processing of personal data, as well as equivalent powers for monitoring and ensuring compliance with the rules for the protection of personal data and equivalent sanctions for infringements in the Member States.”
Under the new regime, the definition of personal data is more detailed and reflects changes in technology and the means organisations use to collect information about people. Data controllers will still be required to comply with a set of principles for processing personal data. The new principle of accountability requires data controllers to show how they have complied with the principles. For example, data controllers will not only need to have policies which demonstrate that they comply with the principles, but they will also need to be able to show how the policies have been implemented.
Data Subject – the identified or identifiable living individual to whom personal data relates.
Personal data – data held or likely to be held about a living individual who can be identified from the data, including any expression of opinion about the individual. Personal data includes;
The GDPR does not apply to the personal data of the deceased.
Special categories of personal data (currently sensitive personal data) – Under the DPB, read with the GDPR, there are slight changes to the categories of sensitive personal data currently identified by the DPA 1998 and which are now identified as “special categories of personal data” (Article 9(1), GDPR). This includes information about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health, sex life and sexual orientation.
Processing of the special categories of personal data is prohibited unless an exception applies (Article 9(2), GDPR).
The commission or alleged commission of any offence and criminal proceedings are no longer included in the special categories of personal data. They are dealt with separately under the new regime, Criminal convictions and offences.
Data Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU law or member state law, the controller or the specific criteria for its nomination may be provided for by EU law or member state law (clause 5(1), DPB and Article 4(7), GDPR).
Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Article 4(8), GDPR).
Pseudonymisation – the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person (Article 4(5), GDPR).
Recital 28 of the GDPR recognises that applying pseudonymisation to personal data can reduce the risks to the data subjects concerned and enable data controllers to meet their obligations. Pseudonymised personal data can still be covered by the GDPR if, with additional information, the personal data can be attributed to a particular person.
It should be possible for a controller to use pseudonymisation in internal processes, as long as care is taken to identify those authorised to process the data and as long as the additional information needed to attribute the personal data to a specific data subject is kept separate (recital 29, GDPR).
Anonymisation – there is a distinction between information that has been pseudonymised and information that is anonymous. The GDPR does not apply to anonymous information, namely information which does not relate to an identified or identifiable person, or to personal data which has been anonymised so that the data subject is not, or is no longer, identifiable (recital 26, GDPR). This means that the processing of anonymous information for statistical or research purposes is not covered by the GDPR.
The ICO produced Anonymisation: managing data protection risk code of practice, which provides guidance on the way in which data can be rendered anonymous and retained in a form in which identification of the data subject is no longer possible.
Processing personal data – The processing of personal data means an operation (or set of operations) which is performed on personal data (or on sets of personal data), such as:
Processing of personal data must be carried out in accordance with the data protection principles.
Automated decision-making (including profiling) – Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal, or similarly significant, effects. Recital 71 of the GDPR gives e-recruiting practices which have no human intervention as an example of automated processing. There are limited exceptions to this right which are considered below.
The circumstances in which data subjects can be subject to a decision based solely on automated decision-making, including profiling, are those in which the decision is:
In the first two of the exceptions, the data controller must implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, being at least the right to:
Decisions may not be based on the special categories of personal data unless either the data subject has given explicit consent or the processing is necessary for reasons of substantial public interest and, in either case, suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests have been put in place.
Profiling – Profiling is any automated processing of personal data which evaluates an individual in order to analyse or predict such things as their performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements.
Recital 71 of the GDPR suggests that in order to ensure fair and transparent processing, taking into account the specific circumstances and context in which the personal data is processed, the controller should:
Processing personal data in the context of employment – Under the GDPR, it is open to member states to provide for more specific rules to ensure the protection of the rights and freedoms in respect of the processing of employees’ personal data in the employment context, in particular for:
Any such rules must include suitable and specific measures to safeguard the data subject’s human dignity, legitimate interests and fundamental rights, with particular regard to:
The DPB makes specific provision for the processing of special categories of personal data when it is necessary for the carrying out of rights or obligations under employment law.
The GDPR sets out a number of principles with which data controllers must comply when processing personal data (Article 5).
Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purpose.
Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
Storage limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Accountability: The controller shall be responsible for, and be able to demonstrate compliance with the GDPR.
Processing personal data will be lawful only if, and to the extent that, at least one of the conditions in Article 6 of the GDPR is met. Those conditions (which are similar those under the DPA 1998) are that:
The GDPR rules for sensitive (special category) data do not apply to information about criminal allegations, proceedings or convictions. Instead, there are separate safeguards for personal data relating to criminal convictions and offences, or related security measures, set out in Article 10.
Article 10 also specifies that you can only keep a comprehensive register of criminal convictions if you are doing so under the control of official authority. Article 10 says:
“Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.”
This means you must either be processing the data in an official capacity, or have specific legal authorisation – which in the UK, is likely to mean a condition under the Data Protection Bill and compliance with the additional safeguards set out in the Bill. We will publish more detailed guidance on the conditions in the Bill once these provisions are finalised.
Even if you have a condition for processing offence data, you can only keep a comprehensive register of criminal convictions if you are doing so in an official capacity.
The Data Protection Act 1998 requires data controllers to give details about their processing of personal information to the Information Commissioner for inclusion in a public register, unless they are exempt.
The registration must be renewed annually.
The Data Protection registration number for Wealth Wizards Benefits Limited is: ZA163085.
The details to be notified are:
Notification can be initiated by calling the Information Commissioner Notification Line on Telephone: 01625 545 740.
The period of notification is one year. Notifications must be renewed annually. There is an annual fee of £35. Changes to a notification entry must be notified as soon as possible and are made free of charge.
Wealth Wizards Benefits Limited is the Data controller and responsible for all the data held on their clients. The DPC for Wealth Wizards Benefits Limited is the Governance & Information Security Manager.
Wealth Wizards Benefits Limited is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641
Registered Address: Wizards House, 8 Athena Court, Tachbrook Park, Leamington Spa, CV34 6RT.
Registered in England & Wales, No. 07014133. The information contained within this site is intended for UK consumers only and is subject to the UK regulatory regime.
Wealth Wizards®, Pension Wizard ®, Retirement Wizard®, Turo® and MyEva® are registered trademarks; the trademarks, trade names and logos on this website, and the copyright and pending patent applications, are used by Wealth Wizards Benefits Limited under licence from Wealth Wizards Limited. Pension Tidy-up, Pension Predictor, Investment Wizard, are trademarks and logos of Wealth Wizards Limited. Wealth Wizards Benefits Limited is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 596641.