Privacy Policy

Mitchell & Mitchell Asset Management Ltd (MMA)

1. Introduction

At Mitchell & Mitchell Asset Management Ltd (“MMA”, “we”, “us”), we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in line with:

  • The UK General Data Protection Regulation (UK GDPR)

  • The Data Protection Act 2018

  • The Financial Conduct Authority (FCA) rules

  • The Markets in Financial Instruments Directive (MiFID II)

  • The FCA’s Consumer Duty

This policy applies to any personal data processed by MMA in connection with our services, including portfolio management, adviser engagement, and online interactions.

2. Who We Are

Mitchell & Mitchell Asset Management Ltd is an FCA-authorised discretionary fund manager. Our company details are:

Mitchell & Mitchell Asset Management Ltd
1 Churchill Court, Horton’s Way, Westerham, Kent TN16 1BT
Company No: 14011694 | FCA No: 992402
enquiries@mmassets.co.uk | 01959 561500

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Advisers and professional contacts: Name, business contact details, regulatory references, communications

  • Clients (via advisers): Name, contact information, investment preferences, risk profile, platform details, and suitability documentation (provided by your adviser)

  • Website and portal users: IP address, cookies, preferences, enquiry content

  • Job applicants and staff: CVs, work history, right-to-work documentation, references

We do not collect data directly from retail clients without their adviser’s involvement.

4. How We Use Your Data

We use personal data for the following purposes:

  • To provide our discretionary portfolio services

  • To fulfil our contractual obligations with advisers and platforms

  • To meet regulatory obligations (FCA, MiFID II, AML, KYC)

  • To communicate updates, reports, or service information

  • To improve our website and service experience

  • For recruitment and HR management

We only process personal data where we have a valid legal basis under Article 6 of the UK GDPR, including legitimate interests, contractual necessity, legal obligation, or consent (where applicable).

5. AI and Data Processing

MMA may use AI-driven tools or analytics platforms to support:

  • Portfolio performance monitoring

  • Investment risk modelling

  • Natural language summarisation of investment commentary

  • Internal operational efficiency (e.g. content tagging, sentiment analysis)

When using AI tools:

  • We do not use AI to make solely automated decisions that have legal or similarly significant effects on individuals

  • AI tools used are governed by appropriate data protection impact assessments (DPIAs)

  • All outputs are subject to human oversight and validation

  • No client-specific decisions are made without adviser involvement

We do not use client personal data to train AI models, nor do we allow AI platforms to retain, reprocess, or repurpose identifiable personal data.

6. How We Share Your Data

We may share personal data with:

  • Your financial adviser or platform provider (as relevant)

  • Third-party service providers who support our business (e.g. IT, compliance, data storage)

  • Regulatory authorities (e.g. FCA) where required

  • Professional advisers (e.g. auditors, legal advisers)

We ensure all third parties adhere to UK GDPR standards via data processing agreements.

We do not sell or rent personal data to any organisation.

7. Telephone Call Recording

In line with our regulatory obligations under MiFID II and FCA COBS 11.8, MMA may record telephone calls involving:

  • Investment-related discussions

  • Transaction instructions (received via advisers)

  • Portfolio management and oversight matters

  • Internal investment committee decisions

These recordings may be used for:

  • Regulatory record-keeping and audit purposes

  • Monitoring service quality and staff training

  • Investigating complaints or incidents

  • Supporting regulatory submissions or supervisory engagement

Call recordings are stored securely and retained in accordance with our data retention policy (typically 5 years, or 7 years where required by law).

8. International Transfers

Where data is transferred outside the UK or EEA (e.g. through cloud providers), we ensure that:

  • Appropriate safeguards are in place (e.g. Standard Contractual Clauses, UK Addendum)

  • Transfers are limited to what is necessary and risk-assessed

  • Providers comply with UK data protection legislation

9. How We Protect Your Data

We have robust technical and organisational measures to ensure the security of your data, including:

  • Encryption of data in transit and at rest

  • Access controls and role-based permissions

  • Regular system testing and security audits

  • Staff training on data protection and confidentiality

10. How Long We Keep Your Data

We retain personal data only as long as necessary to fulfil:

  • Legal and regulatory requirements (e.g. 5–7 years for investment services)

  • Contractual obligations

  • Legitimate business needs

After this period, data is securely deleted or anonymised.

11. Your Rights

Under UK GDPR, you have the right to:

  • Access your data

  • Correct or update inaccurate data

  • Request deletion (where lawful)

  • Restrict or object to certain processing

  • Request data portability (in applicable cases)

  • Complain to the ICO if you believe your data has been mishandled

To exercise your rights, please contact: enquiries@mmassets.co.uk

12. Updates to This Policy

We may update this policy from time to time to reflect changes in regulation or business operations. The latest version will always be published on our website.

Last updated: May 2025