Privacy Notice


Grange Financial [Sussex] Limited, is a company registered in England and Wales (company number 4502151) whose registered office is situated at 88 Boundary Road, Hove, East Sussex, BN3 7GA. The Financial Conduct Authority registration number for Grange Financial [Sussex] Limited is 229110. Grange Financial [Sussex] Limited is registered with the Information Commissioner’s Office under registration number Z7243905

Grange Financial [Sussex] Limited is a firm that provides Financial, Mortgage, Insurance and Estate Planning Services and, for its regulated business, is an Appointed Representative of Best Practice IFA Group Limited, which is a network that provides back office services through the provision of back-up resource, technology, compliance, training and support. Best Practice IFA Group Limited is authorised and regulated by the Financial Conduct Authority under registration number is 223112.

As the operators of various financial businesses, services and websites, Grange Financial [Sussex] Limited are committed to protecting and respecting your privacy. This ‘Privacy Policy’ (together with any other documents referred to herein) sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

When we mention “GFS”, “we”, “us” or “our” within this document we are referring to the Grange Financial group of businesses.

For the purpose of the General Data Protection Regulation (“GDPR”, from the GDPR implementation date) or, until GDPR implementation date, the Data Protection Act 1998, (collectively the “Data Protection Laws”) the Data Controller is Grange Financial [Sussex] Limited.


Information we collect from you

We collect and process some or all of the following types of information from you in the course of providing our services to you and also when you use our websites:

  • The information that you provide, for example by completing our Confidential Client Questionnaires [our fact finding documents] or filling out the contact section on our websites. This includes the information you provide when you contact us direct to enquire about our services, or request further information or apply for our services.
  • Specifically, personal details such as name, postal address, telephone number, email address, date of birth, gender, health status, PEP status, salary and other information relating to assets and liabilities or any other information obtained for us to provide the services that you may require.
  • If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys and feedback forms that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.

When you submit general enquiries to us [including via our websites], your name and contact details are required to enable us to respond to your enquiry.

The provision of your name, address and date of birth, as well as other personal data are required from you to enable us to fulfil our regulatory and legal obligations.

We may ask you for details of your children and dependants and/or the beneficiaries under a policy and/or the beneficiaries or executor/s under a will – If you provide information about another person to us we expect you to ensure that they know you are doing so and that they consent to their information being provided and used by us. You might find it helpful to show them a copy of our ‘Privacy Notice’.

We will inform you, at the point of collecting information from you, whether you are required to provide any other information to us.

Information We Collect From Other Sources

We may also obtain personal information from other sources. Where we obtain information from another party, it is their responsibility to make sure they explain that they will be sharing personal data with us and, where necessary, ask permission before sharing information with us.

In particular, we may;

  • Collect information from publicly accessible sources for example [but not limited to] the internet, Company’s House and HM Land Registry.
  • Collect information directly from lenders or product providers on your existing contracts.

Lawful basis for processing

We rely on your consent as provided when you sign up to using our services as the ‘lawful basis’ on which we collect and use your personal data. Our legitimate interests in this data are to fulfil our contractual obligations to you and to fulfil our legal obligations as authorised and regulated firms.

Where you have contacted us via one of our websites or by e-mail or telephone, we rely on ‘legitimate interest’ and the legitimate interest is responding and contacting you regarding the enquiries you have made in relation to the services that we offer.

Purposes of processing
We use information held about you in the following ways:

  • To provide you with our services by, for example; arranging for a new or servicing an existing mortgage and/or investment or pension contract and/or insurance contract and/or will for you.
  • To ensure that the content on our websites is presented in the most effective manner for you to access and view our websites.
  • To provide you with information and offers that you request from us or which we feel may interest you.
  • As part of our efforts to keep GFS safe and secure for example including any compliance or regulatory returns we may be asked to complete.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To notify you about changes to our service.


In addition to the above uses, we may use your information to notify you about goods or services which may be of interest to you. Where we do this, we will contact you only if you have consented to such communication. If you do not want us to use your data in this way, please either (i) do not tick the relevant consent box situated in our Service Charter on which we collect your data; (ii) do not tick the relevant consent box situated in the your Declaration in our Fact Find document on which we collect your data; or (iii) inform us at any time by contacting us at the contact details set out below.


We routinely disclose your personal data to third parties as follows:

  • We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you for example, but not limited to, our network provider, sourcing tools, product providers, our will writer and the host of our websites and servers.

We may disclose your personal data to any member of our group of companies or business, which includes all our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).

We may also disclose your personal data to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Client Agreement/Service Charter; or
  • in relation to selected third parties only, only to the extent that you have consented to such selected third parties notifying you about certain goods or services, which may be of interest to you.

Other than as set out above, and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between you and us, we will not share your data with third parties unless we have procured your express consent to do so.


We take appropriate measures to ensure that any personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure (for example via e-mails). Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our websites or via e-mails; any transmission is at your own risk.

Our Websites may, from time to time, contain links to and from the websites of our associated businesses and our business partners. If you follow a link to any of these websites, please note that these websites have their own ‘privacy policies’ and ‘terms of use’ and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any personal data to these websites.

Keeping your personal data up to date

If your personal details change, you may contact us using the contact details below.

We will endeavour to update your personal data within seven (7) working days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as possible.

How long we keep your personal data

We will hold your personal data for differing periods of time depending upon the reason we have for processing it. The following criteria are used to determine data retention periods for your personal data:

  • In line with our regulatory and legal obligations as set out by our regulator – for example currently a minimum of 5 years for investment business and indefinitely for occupational pension transfer or opt-out business after we have ceased providing services to you.
  • Retention in case of queries or questions – we will retain your personal data for as long as we reasonably consider it necessary to deal with your queries (e.g. any questions you may have in relation to the GFS services).
  • If we complete any business with you and/or provide you with a recommendation or any advice, your personal data may be kept by us for an indefinite period.
  • Retention in case of claims – we will retain your personal data for as long as we reasonably consider that you or a third party may legally bring any claim against us.

Where we store your personal data

All of the information that we hold about you is stored on our secure servers within the EEA.

If you would like further information, please contact us or the Compliance Director at Best Practice IFA Group Limited, of which we are an Appointed Representative (see ‘Contact’ below). We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Your personal data may also be kept in paper format and will be securely stored within our offices.


Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • access to your personal data and to certain other supplementary information that this Policy is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal data concerning you in certain situations
  • receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal data concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal data
  • otherwise restrict our processing of your personal data in certain circumstances
  • claim compensation for damages caused by our breach of any data protection laws

For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email or write to us using our ‘Contact’ details below,
  • let us have enough information to identify you, for example provide us with a copy of your driving licence or passport and a recent utility or credit card bill, and
  • let us know the information to which your request relates.


We hope that we can resolve any query or concerns you raise about our use of your information, before this become a formal complaint and please contact us using the ‘Contact’ section below.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular, in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.


We reserve the right to modify this ‘Privacy Policy’ at any time. Any changes we may make in the future will be notified and made available to you via the ‘Privacy Policy’ pages of our Websites. Your continued use of our services shall be deemed as your acceptance of any variation of our ‘Privacy Policy’.

We may collect information about you when you access our websites for example your name and contact details if you have any queries or questions and/or wish us to contact you concerning our services.
Our websites may also collect analytical and statistical information. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

  • “Analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Websites when they are using them. This helps us to improve the way our Websites works, for example, by ensuring that users are finding what they are looking for easily.

Please note that third parties affiliates may also use cookies, over which we have no control.

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.

All questions, comments and requests regarding our ‘Privacy Policy’ should be e-mailed to:

Or write to us at:
Grange Financial [Sussex] Limited,
Grange House,
68 Greenways,