Introduction

Lulworth Investment Partners (the “Firm”, “Lulworth”) is a trading name of Lulworth Investment Management, which is authorised and regulated by the Financial Conduct Authority (FCA) (FRN: 1045489).

We are committed to preserving the privacy of our clients and any other individuals with whom we establish a relationship either directly or through our website.

Confidentiality lies at the heart of our client relationships and is fundamental to the way we operate. Protecting client information is not simply a regulatory obligation - it is a core part of our culture and the professional standards we expect of every member of staff.
All employees are bound by strict confidentiality provisions within their contracts of employment, and these obligations apply to all aspects of client affairs, both during and after their employment with the Firm. Maintaining discretion, safeguarding sensitive information, and respecting client privacy are integral to the trust placed in us by our clients.

To uphold these standards, we provide regular training to all staff on confidentiality, data protection, information security and regulatory responsibilities. This ensures that every individual at Lulworth understands the importance of confidentiality from their first day with us and is equipped to handle personal and client information responsibly, securely and in accordance with this Policy.

It is important that you read this Privacy Policy, together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Privacy Policy supplements such other notices and is not intended to override them.

1. Data Controller
This Privacy Policy explains how we may use personal information. This Privacy Policy is issued on behalf of Lulworth for the purposes of the UK General Data Protection Regulation (GDPR), and other applicable data protection legislation (the Data Protection Laws).

GDPR is a law which addresses what we can and cannot do with your personal data. We are the ‘data controller’ in relation to your personal data that we hold, because we control the storage and use of that personal data.
 
2. What personal information do we collect?
Personal data, or personal information, means any information about an individual from which that person can be identified.
In order to comply with regulatory requirements and improve client service, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• personal data includes first name, maiden name, last name, marital status, title, date of birth and gender.

• contact data includes home address, email address and telephone numbers.

• identification details such as National Insurance, passport or driving licence details.

• financial data includes bank account details, source of wealth and source of funds.

• transaction data includes details about transactions and trades that you place with us, or we place on your behalf.

• technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, including our client portal.

• profile data includes your username and password (when using our online client portal), preferences, feedback and survey responses.

• usage data includes information about how you use our website, products and services, including our online portal.

• communications data includes your preferences in receiving information from us.

​

If you contact us by post, telephone, email, or through our website, we may keep a record of that correspondence.

Telephone conversations with you may be recorded, where required by law or regulation. We are required to record all telephone conversations and electronic communications with our clients, including those that are intended to result in the execution of an order e.g. where you give a specific instruction to execute a trade on your behalf via our Execution Only service.

Special Category Data
We do not routinely request Special Category Data. However, clients may choose to provide information about their health or personal circumstances where this would help us tailor our communications or support in line with regulatory expectations, including the FCA’s guidance on vulnerable customers.

Where you choose to provide Special Category Data of this nature, we will only process it where you have given your explicit consent for us to do so. We will record only the minimum amount of information necessary to understand your support needs.
Any Special Category Data you provide will be subject to enhanced confidentiality measures and will be retained only for as long as it is needed for the stated purpose, after which it will be securely deleted.

3. How will we use the information we collect about you?
We collect and process information held about you in the following circumstances:

• when it is necessary for the performance of a contract to which you are a party or seek to become a party to;

• when we are required to comply with a legal obligation;

• if the processing is for our legitimate business interests or those of a third party; and / or

• where we have obtained your active agreement to use your personal data for a specific purpose, for example if you agree to receive marketing communications from us.

​

We collect and process information about you for the following specific purposes:

• to enable us to provide the investment management services you require;

• to provide clients with information relevant to their investment and our services;

• to ensure that our website and portal are presented in the most effective manner for you and your device (e.g. cookies); and

• for all other purposes consistent with the proper performance of our investment management operations and services.

​

We may contact you by post, telephone, and email. If you change your mind about how you wish to be contacted, then please let us know.

​

Should we require to process your information for any purpose not included within this policy, we shall communicate this to you in advance of doing so.

4. Security
All personal information provided to us is stored on secure servers. While we take all reasonable steps to protect your personal data, its security cannot be guaranteed. Once personal information has been received, we will use robust procedures including location-based restrictions, multi-factor authentication and security software to prevent unauthorised access. All reasonable steps will be taken to ensure that your data is treated securely and in accordance with this Privacy Policy.

We have strict internal policies against unauthorised use or disclosure of client information. Our clients’ information is accessible only to employees who need it to conduct our clients’ financial affairs or provide services to them. Our employees, and our account management practices, are governed by extensive regulatory procedures, and by internal procedures. Our staff members are reminded on a regular basis of their obligations with regard to the confidentiality of client information through employee training and by operating procedures.
 
5. Transfers Abroad
Your personal information may be transferred to, and stored in, a destination outside the European Economic Area (“EEA”). It may also be processed by staff based outside of the EEA who work for us, or one of our third-party business partners. If your personal information is transferred, we will take all steps necessary to ensure it is held securely and in accordance with this Privacy Policy - by ensuring the appropriate technical and organisational safeguards are in place.

6. Disclosure of Information
We process all data in accordance with Data Protection Laws. We may share your information with third-party business partners with whom we have contracted to help us provide our service to you or to UK government entities in response to the obligatory provision of information requirements.

We may have to send your data to organisations which help us to confirm your identity, to comply with Anti-Money Laundering regulations, or for other purposes such as the detection of crime. To confirm your identity, such processing may require the use of automated decision making by the relevant organisation. If the relevant organisation cannot confirm your identity, we will take additional measures to enable us to do so.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party business partners to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will not share your information for marketing purposes with any organisation outside the Firm.

7. Your right in relation to your personal information
Data Protection Laws give you rights in relation to your personal information.
You may:

• check whether we hold information about you;

• ask to see a copy of the information we hold about you; and under certain circumstances:

  • ask us to rectify any inaccurate and/or complete any incomplete personal information we hold about you;

  • ask us to stop processing your personal information;

  • ask us to erase your personal information;

  • ask us to restrict the processing of your personal information;

  • ask us to provide your personal information to you in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services; and

  • withdraw your consent to processing if so provided.

 
In addition to the rights set out above, you have the right to lodge a complaint with the Information Commissioner’s Office, or its successor. Please see Section 13 of this policy.

If you are a discretionary investment management client, and you ask us to stop processing or erase your personal information, we will be unable to continue to provide any investment management service to you. In such circumstances, we will have no option but to terminate any contract with you for the provision of investment management services. You would therefore be required to sell or transfer any investments.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example, a new address or email address.

8. Retention of your personal information
Data Protection Laws allow us to retain your personal information for as long as is necessary for the purposes for which your personal information was obtained, or for longer periods where a statutory or regulatory requirement exists. Our record retention policy is to remove your personal information from our records 6 years after our business relationship with you has ended, unless i) there is a statutory or regulatory reason why we require to retain your personal information for longer or ii) we have already erased your personal information following an earlier request to do so.

9. Cookies
A cookie is a piece of software that places a text file on the hard drive of your computer that remembers information about the configuration of your computer (and its IP address) and collects standard internet log and visitor behaviour information. The information is used to track visitor use of the website and to personalise any repeat visits you make to our website.

When entering our website, you are informed that the site uses cookies and are then prompted to accept, decline or select the discretionary cookies you wish to allow. You can set your browser not to accept cookies, and you can remove existing cookies from your browser. However, in a few cases some of our website features may not function as a result. Please see our Cookies Policy for more information about what cookies are, the cookies used on our website and how to disable them if required.

10. Other Websites
Our website contains links to other third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or cookies policies. When you leave our website, we encourage you to read the privacy notice and cookies policy of the websites you visit. This Privacy Policy only applies to our website.
 
11. Changes to our Privacy Policy
This version of the Privacy Policy was last updated in March 2026. We keep our Privacy Policy under regular review and any updates will be made on this webpage.

12. How to Contact Us
If you wish to exercise any of the rights set out above or if you have any questions or comments on this Privacy Policy, please contact us by either sending an email to: compliance@lulworthinvest.com or by writing to us at: Lulworth Investment Management, Temple Chambers, 3-7 Temple Avenue, London, England, EC4Y 0DT.

Our registration number with the UK Information Commissioner’s Office is ZB802351.

13. Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.