1. Introduction

Purpose of this Privacy Policy

At Plus Group, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with us, whether as a client, prospective client, supplier, prospective supplier, or website visitor.

It also explains your rights under data protection law and how you can exercise those rights.

This Privacy Policy is intended to meet our transparency obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by Plus Group across all of its business services, platforms, and websites, including but not limited to:

• Paraplanning and administrative services provided by Plus Partner Services Limited
• Technology platforms and AI-enabled tools, including the Fluid platform
• Marketing, content, and social media tools, including Halio
• Online directories and lookup services, including Provider Lookup
• Plus Group websites and online services

References in this Privacy Policy to “Plus Group”, “we”, “us”, or “our” include all Plus Group entities and services unless stated otherwise.

This Privacy Policy applies to:

• Clients and prospective clients who engage with our services or platforms
• Suppliers and prospective suppliers who provide services to us
• Website visitors and individuals who interact with us online

This Privacy Policy does not apply to the processing of personal data relating to employees, workers, contractors, or job applicants, which is covered by separate Employee and Recruitment Privacy Notices.

Jurisdiction

This Privacy Policy applies to data processing carried out in the United Kingdom and is governed by UK data protection law.

‍

2. The Data Controller

Who is responsible for your personal data?

For the purposes of UK data protection legislation, Plus Group is the data controller for the personal data collected and processed in connection with our services, platforms, and websites.

This means we determine the purposes and means by which personal data is processed, in accordance with applicable data protection laws.

This Privacy Policy applies to Plus Group and all affiliated companies and brands operating under the Plus Group name, including those providing paraplanning services, technology platforms, AI-enabled tools, marketing services, and online directories.

Contact details

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at:

Plus Group

Chandler House, 7 Ferry Road Office Park, Riverside, Preston, Lancashire, PR2 2YH

Data Protection Officer (DPO): ‍

Scott Daniels

Email: ‍

hello@plusgroup.org

‍

Our Data Protection Officer is responsible for overseeing Plus Group’s compliance with data protection law.

If you have any concerns about how your personal data is processed, or wish to exercise your rights under data protection legislation, you can contact the DPO using the details above.

‍

3. What Data We Collect

We collect and process different types of personal data depending on how you interact with Plus Group, whether as a client, prospective client, supplier, prospective supplier, or website visitor.

3.1 Clients and prospective clients

If you are a client or a prospective client, we may collect and process the following categories of personal data:

• Identity data – name, job title, company name
• Contact data – business address, email address, telephone number
• Financial data – payment and billing details
• Transactional data – records of services provided and payments made or received
• Communications data – emails, messages, meeting notes, and correspondence
• Marketing preferences – your preferences for receiving marketing communications
• Service and platform usage data – information relating to how you interact with our services, platforms, and tools, including usage patterns, configuration settings, and feature interactions

This may include data processed through paraplanning services, technology platforms, AI-enabled tools, or online directories operated by Plus Group.

3.2 Website visitors and online users

When you visit our websites or use our online services, we may collect:

• Technical data – IP address, browser type and version, device type, operating system, and time zone
• Usage data – information about how you navigate and interact with our websites, platforms, and tools
• Cookie data – information collected through cookies and similar technologies

Further information about cookies is set out in Section 6.

3.3 Suppliers and prospective suppliers

If you provide services to us as a supplier or prospective supplier, we may collect:

• Identity data – name, job title, company name
• Contact data – business address, email address, telephone number
• Financial data – bank account details for payments
• Business information – details of services provided and contractual arrangements
• Communications data – emails, messages, and correspondence

3.4 Special categories of data

We do not intentionally collect special categories of personal data, such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or biometric data, through our public-facing services.

Where special category data is processed, this will only take place where:

• It is necessary for a specific and lawful purpose
• A valid lawful basis applies
• Appropriate safeguards are in place

3.5 Children’s data

In some circumstances, personal data relating to children may be processed by Plus Group, for example where we provide services to regulated adviser firms in connection with products or services for a child, such as a Junior ISA or other child-related financial arrangements.

In these circumstances:

• Plus Group does not act as the data controller
• We process such data only on the documented instructions of the adviser firm, which acts as the data controller
• Our processing is limited to what is necessary to deliver the services requested

Children’s personal data is handled with appropriate safeguards and in accordance with applicable data protection law and contractual obligations.

Plus Group does not knowingly collect children’s personal data directly through its public-facing websites, platforms, or marketing activities.

‍

4. How We Collect Personal Data

Plus Group collects personal data through a combination of direct interactions, automated technologies, and third-party sources, depending on the nature of the service or platform being used.

4.1 Direct interactions

We may collect personal data directly from you when you:

• Enquire about, engage with, or use our services or platforms
• Enter into a contract with us as a client or supplier
• Communicate with us by email, telephone, video call, online forms, or other channels
• Register for accounts, tools, or services operated by Plus Group
• Subscribe to updates, marketing communications, or events

Where Plus Group provides services to adviser firms, personal data may also be provided to us by those firms for the purpose of delivering contracted services, with the adviser firm acting as data controller and Plus Group acting as processor where applicable.

4.2 Automated technologies and platform interactions

When you use our websites, platforms, or digital tools, we may automatically collect certain information through automated technologies, including:

• Technical and device information
• Log data and usage information relating to platform features and functionality
• Security and access information required to protect systems and data

This data is used to operate, maintain, secure, and improve our services and platforms.

4.3 Cookies and similar technologies

We use cookies and similar technologies on our websites and online services to:

• Ensure core website functionality
• Understand how users interact with our websites and services
• Improve user experience and performance

Further information about how we use cookies and how you can manage your preferences is set out in Section 6 of this Privacy Policy and in our Cookie Policy.

4.4 Third-party sources

We may receive personal data from third-party sources where legally permitted, including:

• Adviser firms and professional partners
• Business referrals
• Publicly available sources, such as company websites or professional registers
• Service providers who support our operations, such as payment processors or analytics providers

Where personal data is obtained from third parties, we take reasonable steps to ensure that the data has been collected lawfully and that appropriate transparency information has been provided.

‍

5. How We Use Personal Data and Our Lawful Bases

Plus Group processes personal data only where there is a lawful basis to do so and for specific, legitimate purposes. The purposes and lawful bases depend on the nature of the service provided and whether Plus Group is acting as a data controller or as a data processor on behalf of a client.

5.1 Purposes of processing

We may use personal data for the following purposes.

Clients and prospective clients

• Providing, operating, and managing our services, platforms, and tools
• Delivering paraplanning, administrative, and professional support services
• Operating technology platforms and AI-enabled tools in accordance with client instructions
• Managing contractual relationships and client accounts
• Processing payments and issuing invoices
• Responding to enquiries and providing support
• Communicating service updates, improvements, or changes
• Conducting service development, testing, and improvement

Where Plus Group processes personal data on behalf of adviser firms or other clients, this processing is carried out in accordance with documented instructions and applicable data processing agreements.

Website visitors and online users

• Operating and maintaining our websites and online services
• Analysing usage and performance to improve functionality and user experience
• Managing security, fraud prevention, and IT troubleshooting
• Suppliers and prospective suppliers Managing supplier relationships and contractual arrangements
• Processing payments and managing invoicing
• Communicating about services and business needs

5.2 Lawful bases for processing

Under UK data protection law, we rely on the following lawful bases when acting as a data controller:

Where Plus Group acts as a data processor, personal data is processed on the lawful basis determined by the relevant data controller, in accordance with contractual obligations and applicable law.

5.3 Use of AI-enabled tools

Some Plus Group services include AI-enabled functionality to support drafting, analysis, automation, or service delivery.

Where AI-enabled tools are used:

• They operate under defined controls and governance arrangements
• They do not replace human decision-making
• Personal data is processed only for the purposes instructed by the relevant data controller or as set out in this Privacy Policy
  ‍

6. Cookies and Tracking Technologies

6.1 What are cookies?

Cookies are small text files that are placed on your device when you visit a website or use an online service. They help us operate our websites and services, understand how they are used, and improve functionality and user experience.

Cookies may be:

• Essential cookies, which are required for core functionality and security
• Non-essential cookies, such as analytics or preference cookies

6.2 How we use cookies

Plus Group uses cookies and similar technologies for the following purposes:

• Essential cookies
  Required to operate our websites and online services, including security, accessibility, and session management. These cookies cannot be disabled.

• Analytics cookies
  Help us understand how visitors interact with our websites and platforms, including page views, navigation patterns, and usage trends. This information is used to improve performance and user experience.

• Preference cookies
  Store user settings and preferences to enhance functionality and usability.

Where required by law, non-essential cookies are used only with your consent.

6.3 Managing your cookie preferences

You can manage your cookie preferences in the following ways:

• Using the cookie consent banner presented when you first visit our website
• Adjusting settings within your web browser to block or delete cookies
• Using available opt-out mechanisms provided by analytics providers

Further information about cookies and how to manage them is available in our Cookie Policy.

‍

7. Sharing Personal Data

Plus Group does not sell or rent personal data. We share personal data only where necessary for business operations, service delivery, legal compliance, or where required to support our services and platforms.

7.1 Third-party service providers

We may share personal data with trusted third-party service providers who support our operations, including:

• Payment processors and financial service providers
• Accounting, invoicing, and financial management providers
• Electronic document and contract management providers
• CRM, communications, and marketing platforms
• IT, hosting, security, and infrastructure providers
• Analytics and performance monitoring providers

These providers process personal data on our behalf under contractual arrangements that require them to:

• Process data only on our instructions
• Implement appropriate technical and organisational security measures
• Comply with applicable data protection laws

7.2 Clients and professional partners

Where Plus Group provides services to adviser firms or other professional clients, personal data may be shared with those clients where necessary to deliver the agreed services.

In such cases:

• The adviser firm or client will typically act as the data controller
• Plus Group will act as a data processor, processing data in accordance with documented instructions

7.3 Legal and regulatory obligations

We may disclose personal data where required to do so by law or where disclosure is necessary to:

• Comply with legal, regulatory, or tax obligations
• Respond to lawful requests from regulators, courts, or public authorities
• Protect our legal rights, property, systems, or security

7.4 Business transfers

If Plus Group undergoes a merger, acquisition, reorganisation, or sale of assets, personal data may be shared with relevant third parties involved in the transaction, subject to appropriate confidentiality and data protection safeguards.

‍

8. International Transfers

Personal data processed by Plus Group is primarily stored and processed within the United Kingdom.

Where personal data is transferred outside the UK, this will only take place where:

• The transfer is necessary for the provision of our services, platforms, or systems support, and
• Appropriate safeguards are in place to protect the data, in accordance with UK data protection law

Safeguards may include:

• Transfers to countries recognised by the UK Government as providing an adequate level of data protection, or
• The use of appropriate contractual safeguards, such as approved standard contractual clauses

Where Plus Group acts as a data processor on behalf of a client, any international transfers are carried out in accordance with the client’s instructions and applicable data processing agreements.

Plus Group ensures that any international transfers of personal data are limited, justified, and subject to appropriate oversight.

‍

9. Data Retention and Storage

9.1 How long we keep personal data

Plus Group retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Providing services and operating platforms
• Meeting legal, regulatory, tax, and accounting obligations
• Managing business relationships
• Responding to legal claims or disputes

When personal data is no longer required, it is securely deleted, anonymised, or archived in accordance with our retention policies and applicable law.

9.2 Retention periods

Specific retention periods are set out in Plus Group’s Data Retention Policy. By way of summary:

• Client and service data
  Retained for the duration of the contract and for a defined period thereafter, as required by law or contractual obligations.

• Supplier records
  ‍Retained for the duration of the supplier relationship and in line with tax and audit requirements.

• Website and platform usage data
  Retained in accordance with operational needs, security requirements, and user consent settings.

• Marketing data
  Retained until you withdraw consent or opt out of marketing communications.

Where Plus Group acts as a data processor, personal data is retained in accordance with the instructions of the relevant data controller and applicable contractual arrangements.

9.3 Secure storage and disposal

Plus Group implements appropriate technical and organisational measures to ensure personal data is stored securely.

When personal data is disposed of, this is done in a secure manner to prevent unauthorised access or disclosure.

‍

10. How We Protect Personal Data

Plus Group takes the security of personal data seriously and implements appropriate technical, organisational, and procedural measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

10.1 Security measures

We have implemented a range of security controls designed to protect personal data processed across our services, platforms, and systems, including:

• Access controls to restrict personal data to authorised individuals on a need-to-know basis
• Authentication and access management measures to protect systems and platforms
• Encryption of personal data where appropriate, including data in transit and at rest
• Monitoring and logging to support security oversight and incident detection
• Regular security reviews and risk assessments
• Secure hosting and infrastructure arrangements

These measures apply across Plus Group’s paraplanning services, technology platforms, AI-enabled tools, and websites.

10.2 Data breach management

Plus Group maintains procedures for identifying, managing, and responding to personal data breaches.

Where a personal data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, we will:

• Assess the nature and impact of the breach
• Take steps to contain and mitigate the breach
• Notify the Information Commissioner’s Office (ICO) within 72 hours, where required
• Notify affected individuals where there is a high risk to their rights and freedoms

If you believe that your personal data has been compromised, you should contact us using the details set out in Section 12.
‍

11. Marketing Communications and Preferences

11.1 How we use personal data for marketing

Plus Group may use personal data to send marketing communications relating to our services, platforms, tools, and events. These communications may include:

• Service updates and product information
• Industry insights and commentary
• Invitations to events, webinars, or surveys

Marketing communications may relate to paraplanning services, technology platforms, AI-enabled tools, marketing services, or online directories operated by Plus Group.

We will only send direct marketing communications where we have a lawful basis to do so, such as your consent or a legitimate business interest, and in accordance with applicable marketing laws.

11.2 Managing your marketing preferences

You have control over your marketing preferences and can opt out of marketing communications at any time by:

• Following the unsubscribe link included in marketing emails, or
• Contacting us at hello@plusgroup.org

We will process opt-out requests promptly, though it may take a short period for changes to take effect.

11.3 Third-party marketing

Plus Group does not sell personal data to third parties for marketing purposes and does not permit third parties to use personal data for their own direct marketing.

‍
12. Your Data Protection Rights

Under UK data protection law, you have a number of rights in relation to your personal data. These rights apply to personal data processed by Plus Group when we act as a data controller. Where Plus Group acts as a data processor, requests will be handled in accordance with the instructions of the relevant data controller.

12.1 Your rights

You have the right to:

• The right to be informed
  To receive clear and transparent information about how your personal data is processed. This Privacy Policy provides that information.

• The right of access
  To request a copy of the personal data we hold about you.

• The right to rectification
  To request correction of inaccurate or incomplete personal data.

• The right to erasure
  To request deletion of your personal data in certain circumstances.

• The right to restrict processing
  To request that we limit how your personal data is processed in specific situations.

• The right to data portability
  To receive your personal data in a structured, commonly used format, or to request that it be transferred to another organisation where technically feasible.

• The right to object
  To object to processing based on legitimate interests or to the use of your data for direct marketing purposes.

• The right to withdraw consent
  Where processing is based on consent, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before consent was withdrawn.

12.2 Exercising your rights

To exercise any of your data protection rights, please contact our Data Protection Officer at:

Email: hello@plusgroup.org

We aim to respond to requests within one month. In some cases, we may need to verify your identity or extend the response time where requests are complex or numerous, in line with applicable law.

‍
13. How to Make a Complaint

We take data protection seriously and encourage you to contact us if you have any concerns about how your personal data is handled.

13.1 Contacting us

If you have a complaint or concern regarding the processing of your personal data, please contact our Data Protection Officer using the details below:

Data Protection Officer

Plus Group

Email: hello@plusgroup.org

We will investigate your concern and respond within a reasonable timeframe.

13.2 Contacting the regulator

If you are not satisfied with our response, or believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the UK data protection regulator:

Information Commissioner’s Office (ICO)

Website: www.ico.org.uk/concerns

Telephone: 0303 123 1113

Postal address: Information Commissioner’s Office,

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are based outside the UK, you may also contact your local data protection authority.

‍

14. Changes to This Privacy Policy

14.1 Updates to this policy

We may update this Privacy Policy from time to time to reflect:

• Changes in legal or regulatory requirements
• Updates to our services, platforms, tools, or business operations
• Developments in technology or data protection best practic

We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.

14.2 Notification of changes

Where we make material changes to this Privacy Policy, we will:

• Publish the updated version on our website, and
• Provide additional notice where required by law

The latest version of this Privacy Policy will always include the effective date at the top of the document.

‍