top of page
 
Data Protection & Privacy Notice

 

Avestor Investment Management Ltd is committed to protecting your personal information and respecting your privacy. This Privacy Notice explains how we collect, use, store, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and all applicable data protection laws.

 

1. Who We Are

Avestor Investment Management Ltd (“Avestor”, “we”, “us”, “our”) is the data controller responsible for the personal information we collect.

 

If you have any questions regarding this notice, please contact us using the details on our official website.

 

2. What Personal Data We Collect

We may collect and process the following types of personal information:

 

Information you provide directly

  • Name

  • Contact details (email, phone number, address)

  • Date of birth

  • Financial information provided during onboarding

  • Investment objectives, risk tolerance, and relevant suitability information

  • Documents required for identity verification (KYC/AML)

 

Information collected automatically

  • IP address

  • Browser details

  • Website usage data

  • Cookies (where applicable)

 

3. How We Use Your Information

We use your personal data to:

  • Provide and manage our investment services

  • Comply with legal and regulatory requirements

  • Communicate with you about your account or enquiries

  • Conduct identity verification and fraud prevention checks

  • Improve our website and client experience

  • Maintain internal records and reporting obligations

 

We will only use your information where we have a lawful basis to do so.

 

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Performance of a contract — to deliver our services

  • Legal obligation — to comply with FCA, HMRC, and anti-money laundering requirements

  • Legitimate interests — e.g., responding to enquiries or improving our website

  • Consent — where required (e.g., optional marketing communications)

 

5. Sharing Your Information

We may share your personal data with:

  • Regulated custodians or investment platforms

  • Compliance and regulatory service providers

  • Identity verification and AML partners

  • Professional advisers (e.g., legal, compliance, audit)

  • Technology providers (secure hosting, email services)

 

We will never sell your data or share it with third parties for unrelated marketing.

 

6. International Transfers

If personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions

  • Standard contractual clauses

  • Robust data protection measures from our providers

 

7. Data Retention

We only retain your information for as long as necessary to:

  • Deliver our services

  • Comply with financial, legal, and regulatory obligations

  • Resolve potential disputes

 

This typically includes a statutory retention period of up to 6 years after the end of a client relationship.

 

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion (where legally permitted)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent (where consent was given)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

 

9. How We Protect Your Data

We use industry-standard security measures, including:

  • Encrypted data storage

  • Secure access controls

  • Regular security reviews

  • Strict confidentiality agreements

  • Compliance with regulatory requirements

 

10. Cookies

We may use cookies to improve website performance and user experience.

You can manage cookie preferences through your browser settings.

 

11. Updates to This Notice

We may update this Privacy Notice from time to time.

The latest version will always be available on our website.

bottom of page