1. Who We Are
This privacy policy applies to the websites and digital tools operated under the Aetas in the Workplace brand, including itw.aetaspartners.com and its associated pages. It covers data collected through our websites, the organisational diagnostic tool, and any enquiries made through our booking system.
Data is controlled jointly by two entities, depending on the nature of the service you are receiving:
ICO Registration Number: ZB332228
ICO Registration Number: Z8845129
Authorised and regulated by the Financial Conduct Authority (FCA registration 458421).
References to "we", "us", or "our" in this policy refer to the relevant entity or entities above, depending on the service context. Where both entities are involved, they act as joint data controllers and have agreed appropriate arrangements for handling your personal data responsibly.
2. Data We Collect
We only collect personal data that is necessary for the purposes described in this policy. We do not collect sensitive personal data (such as health, financial account, or identity documentation information) through our websites.
| Source | Data collected |
|---|---|
| Organisational Diagnostic Tool | Full name, job title, organisation name, work email address, sector, number of employees, and diagnostic question responses |
| Meeting / booking requests | Name and email address (collected and processed by our third-party booking provider) |
| Email enquiries | Any personal information you choose to include in a direct email to us |
| Website usage | We do not currently use analytics tools. No browsing or behavioural data is collected beyond what is inherent in standard web server logs. |
We do not collect payment card details, national insurance numbers, passport details, or any other sensitive financial or identity data through our websites.
3. Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing personal data. The bases we rely on are:
- Legitimate interests — when you complete our diagnostic tool or make an enquiry, we process your data to respond to that enquiry and provide our service. We have assessed that our legitimate interest in doing so does not override your rights and freedoms.
- Consent — where we ask for your explicit agreement before using your data for a specific purpose, such as adding you to a mailing list.
- Contract — where processing is necessary to perform a contract with you, or to take steps at your request before entering into one.
- Legal obligation — where we are required to process data to comply with a legal or regulatory requirement, including our obligations under FCA rules.
4. How We Use Your Data
We use personal data collected through our websites for the following purposes:
- To deliver the results of your organisational diagnostic and provide a personalised report
- To follow up on diagnostic submissions and discuss your results and potential next steps
- To respond to meeting requests, enquiries, and questions submitted through our websites or booking system
- To add you to our CRM system so we can manage our relationship with your organisation effectively
- To comply with our legal, regulatory, and professional obligations as an FCA-regulated business and its affiliated advisory firm
- To improve our services and communications over time, based on how organisations engage with our tools and content
We do not use your data for automated decision-making or profiling in a way that produces legal or similarly significant effects.
We will not use your email address to send unsolicited marketing communications. If we wish to add you to a newsletter or marketing list, we will ask for your consent separately and clearly.
5. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share data only with the following categories of third-party processors, and only to the extent necessary to deliver our services:
| Processor | Purpose | Location |
|---|---|---|
| EmailJS | Delivery of diagnostic results to you and notification to Aetas | EU / UK |
| CRM provider | Storage and management of contact and enquiry records | UK / EU |
| Booking system provider | Processing of meeting requests and calendar scheduling | Third-party managed |
| Google (Fonts) | Loading of web fonts used in site design. Google may receive your IP address as part of this request. | Global |
All third-party processors are required to handle your data in accordance with UK GDPR and to implement appropriate technical and organisational security measures.
We may also disclose data where required to do so by law, court order, or regulatory authority — including the FCA, where applicable.
6. How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law or regulation.
- Diagnostic submissions — retained for up to 24 months from the date of submission, or until you request deletion
- CRM records — retained for the duration of our relationship with your organisation, and for up to six years thereafter to meet legal and regulatory record-keeping requirements
- Email enquiries — retained for up to 24 months unless the enquiry leads to an ongoing relationship, in which case our standard CRM retention applies
- Regulated financial services records — where Aetas Wealth provides regulated advice, records are retained for a minimum of six years in accordance with FCA requirements
When data is no longer needed, it is securely deleted or anonymised.
7. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate or incomplete data
- Right to erasure — you can ask us to delete your personal data, subject to any legal or regulatory obligations that require us to retain it
- Right to restrict processing — you can ask us to pause our use of your data in certain circumstances
- Right to data portability — where processing is based on consent or contract, you can request your data in a structured, commonly used format
- Right to object — you can object to processing based on our legitimate interests, and we will cease processing unless we can demonstrate compelling grounds to continue
- Right to withdraw consent — where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at matthew.steiner@aetas-partners.com. We will respond within one calendar month. We may ask you to verify your identity before processing a request.
If you are not satisfied with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Cookies
Our websites use a limited number of cookies and similar technologies. We do not use advertising or tracking cookies, and we do not use Google Analytics or any equivalent behavioural analytics tool.
| Cookie / Technology | Purpose | Type |
|---|---|---|
| Google Fonts | Our pages load typefaces from Google's font servers. Google may set a cookie or log your IP address as part of this request. No personal data is stored by us as a result. | Functional / third-party |
| EmailJS | Used to process and deliver diagnostic form submissions. May set a session cookie for technical purposes. | Functional / third-party |
| Session / browser storage | Used temporarily to support form functionality on the diagnostic tool. No personal data is stored beyond the active session. | Strictly necessary |
We aim to use only cookies that are strictly necessary or functional. If this changes, we will update this policy and introduce appropriate consent mechanisms.
9. FCA Regulation and Financial Data
Aetas Wealth is a trading style of Insight Financial Associates Limited, which is authorised and regulated by the Financial Conduct Authority (FCA registration number 458421). Where Aetas Wealth provides regulated financial advice or planning services, the handling of personal and financial data is subject to additional obligations under FCA rules, including the FCA's Data Protection Policy and COBS (Conduct of Business Sourcebook) requirements.
Aetas Partners Limited is not itself FCA-regulated but operates in close association with Insight Financial Associates Limited and adheres to the same data protection standards in its handling of personal information.
If you receive regulated financial advice through Aetas Wealth, a separate client agreement and data notice will be provided at that stage, setting out the specific basis on which your financial information will be processed.
10. Changes to This Policy
We review this privacy policy periodically and will update it when our practices change, when new services are introduced, or when required to do so by law or regulation. The date at the top of this page shows when the policy was last updated.
Where changes are material, we will take reasonable steps to bring them to your attention. Continued use of our websites following an update constitutes acceptance of the revised policy.
11. Contact Us
If you have any questions about this privacy policy, wish to exercise your data rights, or have a concern about how we have handled your personal information, please contact us:
Website: aetas-partners.com
ICO Registration: ZB332228
ICO Registration: Z8845129
FCA Registration: 458421
If you are not satisfied with our response to a data concern, you have the right to complain directly to the ICO at ico.org.uk.