Data Privacy Policy

This Privacy Policy sets out how Gibson Lamb uses and protects any information that you give us when you use this website.


This notice informs you how we use the information you give us and how Gibson Lamb protects your privacy. It also explains your rights under the UK Data Protection Act 2018 and the EU General Data Protection Regulations 2018. We abide by UK Law and our data protection regulator within the UK is the Information Commissioner’s Office (details below). Our licence number is Z9414353. This can be checked by contacting the Information Commissioner’s Office (details below).


We aim to offer advice that helps you plan your financial future. To provide such a service, we may need to collect personal data such as employment, income, expenses, financial arrangements you hold, family details or your legal commitments.

Medical details may be required to provide relevant insurance products and / or claims handling services that may be suitable. Any medical details will always be kept confidential within the firm and if shared will be marked Private & Confidential to the Chief Medical Officer.

Your information may be used to introduce you to a range of products and services we offer, to help with ongoing administration, to contact you with any review or changes that are applicable, for our own business research and analysis or for the processing of a claim.

Withholding of the required data may result in an insufficient service being provided or future claims being declined.

We may obtain data from individual customers, from introducer companies or from employers.


We are a ‘data controller’ under the terms of GDPR and there are six lawful basis for processing data, but only the first four are likely to apply to Gibson Lamb’s clients.

As a client, the first basis will apply; consent. By signing this document, you are consenting to us processing your data.

The second basis, legitimate interest pursued by a controller applies should we wish to contact an existing client whom has not given us consent. The communication might be information that we consider to be of interest, such as changes to pension legislation for retired clients. Importantly, this basis only allows for non-electronic marketing (i.e. via the post), and does not allow emails, SMS or telephone.

The third basis, necessity, applies when passing your details to a ‘platform provider’ (or insurance company in old parlance), in order to complete our contractual obligations such as processing a new investment. Also, this basis applies when a prospective client sends some basic financial information which needs to be processed before deciding what level of service might apply.

The fourth basis, legal obligation applies when the Regulator, the FCA, or the Financial Ombudsman Service or a court requires us to provide information.


As a part of our day-to-day processes, we may share your personal data with organisations that help us to provide our service. Examples are as follows:

  • Our paraplanners who provide research, analysis, the generation of reports and administrative support.
  • Our ‘business mentors’ who sit on our board and help us make long term strategic decisions.
  • Our external compliance support
  • Our investment research company
  • Our online valuation website provider
  • Our client relationship management software provider
  • Our secure client communications portal
  • Our cloud-based server platform
  • Our email, telephone, ‘word processing’ and calendar software
  • Our cloud storage software
  • Our email ‘pre-scan’ hosting company and disaster recovery plan partner
  • Our ‘third layer’ cloud-based backup software
  • Our physical paper file storage company
  • Your investment company or insurer with whom we obtain quotations and with whom we agree to place your business
  • Our accountants, for specialist tax or accountancy related guidance
  • The Financial Conduct Authority with whom we are regulated, or other regulated bodies as required
  • Any law enforcement entities as required in UK law
  • Our identity verification and anti-money laundering software

We will not sell your information to any other third parties.


We are not able to inform you at present of the period for which we propose to hold the Data but we will apply the following criteria to determining how long we hold it:

  1. Is the contract with you still in place?
  2. Is the purpose for which the data was originally gathered still ongoing?
  3. Have we been advised to retain it for legal or regulatory purposes?
  4. Does the data relate to an existing investment?


We may be required to transfer your data outside of the EU/UK or the EU commission arrangements. This would include such countries as The United States (where Microsoft are based) and South Africa (from where the support for our main database, Xplan, is provided). In these circumstances, we will ensure that full safeguarding due diligence has been undertaken on the organisation to which data is being transferred.


We have in place a full information security policy, business continuity and disaster recovery plans. We take data security very seriously and have in place what we feel are the most secure options available to store and transfer your data securely. We can provide details on request.


  • Should your data be inaccurate we will rectify this without delay
  • Should you wish us to delete your data at any point, please contact the office as shown below to request, but please bear in mind our statement above about data retention
  • Should you wish to transfer your data to another organisation, please contact the office as below and we will organise this for you
  • You can request access to your data at any time. We will provide you with a full copy within one month of your request
  • You can withdraw consent to us holding and processing your information at any time. Please contact the office as below should you wish to do this, but bear in mind our statement above about data retention
  • We may provide you with newsletters and bulletins which are appropriate to your plans on an ongoing basis. You can opt out of these should you wish to – contact us to do so


Should you wish to contact us in relation to any issues within this notice, please contact:

Person responsible for GDPR:Dave Lamb
Contact address:Regus Admirals Park, Crossways, Victory Way, Dartford DA2 6QTD.
Contact telephone:020 7839 3582

You will be responded to as promptly as possible. We do not have an appointed Data Protection Officer.


Should you wish to make a complaint in relation to data protection issues relating to our firm, you can contact us as above or you can contact our regulator as follows:

The Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113 (local rate)


01625 545 745 if you prefer to use a national rate number

Consent – We are required under the regulations to obtain your consent to our collection, processing, sharing and holding of your personal data. Please ensure you have read this notice fully and accept all that it contains. If you have any queries, please contact us directly.

Please contact us should you not be able to read or understand this notice sufficiently.

Version 1.3