Tobica Privacy Policy


This document refers to personal data, this is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.

The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulations (GDPR) which is EU wide and far more extensive, seek to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain such as Companies House data.

Who we are

Tobica is a company specialising in finding suitably qualified financial advisers to deal with website enquiries. The financial advisers that we select have undertaken our in-depth due diligence process. All financial advisers are regulated by the FCA.

Our DD process involves questioning on solvency, governance, adviser knowledge, investment proposition, back office processes, advice process, client review process adviser-consultancy charge. we also normally undertake site visits.

We will contact you to discuss the information you have entered on a website that has been passed to us to help us to find the best suited financial adviser for your requirements.

You agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge our services to you.

Personal Data

We work with a group company that is responsible for managing our data. The systems utilise a secure environment to allow users to refer manage and update client data in a secure and compliant manner.

Personal data is collected about you from information entered on our forms, from records of our correspondence and phone calls.

The website uses cookies, which is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the website.

When you give us personal information, we take steps to make sure that it’s treated securely. Any sensitive information is encrypted and protected with 128 Bit encryption using SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

Any information we hold about you encompasses all the details we hold about you and any sales transactions. We will only collect the information needed so that it can provide you with data management services.

Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

We will not send any of your data to our third- party providers that isn’t secure


You consent to us processing your personal data for the purposes outlined.
You can withdraw consent at any time by emailing or in writing to the following address:-
The Data Controller Tobica limited, 2, Neptune House, Nelson Quay, Milford Haven, Pembrokeshire, SA73 3BH


Tobica may on occasions pass your Personal Information to third parties exclusively to process work on its behalf. Tobica requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR. We do not broker or pass on information gained from your engagement without your consent. However, Tobica may disclose your Personal Information to meet legal obligations, regulations or valid governmental request.

Retention Policy

Tobica will process personal data during the duration of any contract and will continue to store only the personal data needed for seven years after the contract has expired to meet any legal obligations. After seven years any personal data not needed will be deleted.

Data storage

Data is held in the United Kingdom using different (multiple) servers. Some data is backed-up. Tobica does not store personal data outside the EEA. We secure your personally identifiable information on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. All our servers run in an enterprise-grade clustered cloud computing environment ensuring maximum uptime. We use private networks, firewalls and VPN features to defend your data and applications from malicious attack.

Your rights as a data subject

At any point whilst Tobica is in possession of or processing your data you have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

In the event that Tobica refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

Transfer of data

You have a right under GDPR to receive your data in structured, commonly used and machine- readable format and to transfer your data to another service provider or data controller. This right applies where your data is being processed on the basis of consent or in line with a contract.

Tobica at your request can confirm what information it holds about you and your clients and how it is processed. Any request to transfer data to another data controller should be sent to: or in writing to the following address The Data Controller, Tobica, 2, Neptune House, Nelson Quay, Milford Haven, Pembrokeshire, SA73 3BH

Data access requests – You can request the following information:

  • Identity and the contact details of the person or organisation that has determined how and why to process your data.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of CRIS or a third party such as one of its clients, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority (ICO).
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
  • The process to allow you to view the data we hold

All requests should be made to:- or in writing to the following address:- The Data Controller, Tobica, 2, Neptune House, Nelson Quay, Milford Haven, Pembrokeshire, SA73 3BH.

The data controller will confirm the information that will be required to allow us to disclose data.


In the event that you wish to make a compliant about how your personal data is being processed by Tobica or its partners, you have the right to complain to the ICO at the above address

Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone 0303 123 1113 or email:


What is personal data? Personal data relates to any information about a natural person that makes a person identifiable

What is sensitive personal data? Sensitive personal data refers to the above but includes genetic data and biometric data.

What is a Data Controller? For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

What is a Data Processor? A “data processor” is a person or organisation which processes personal data for the controller.

What is Data Processing? Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.

What are Cookies? are text files put on your computer to collect standard internet log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity. For more information visit www.aboutcookies.or g or

What is an IP Address? An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet.

Last updated December 2019