Privacy Policy
Who we are
RIE Solutions Limited helps financial planning firms run better businesses by delivering expert practice management support, strategic operational advice, and transformative mentorship.
We are a company registered in England and Wales (no. 11397990). Our registered office address is 1 Fore Steet Avenue, C/o Praxis, London, EC2Y 9DT and we are registered with the Information Commissioners Office under registration ZA454632.
We are a data controller in respect of personal information you provide to us (i.e. we are the organisation making decisions about how and why your personal information is used).
About this Privacy Notice
​
This privacy notice is for our clients, stakeholders and suppliers. As a data controller we are committed to protecting your personal information and being transparent about what information we hold.
​
The purpose of this policy is to give you a clear explanation about how we collect and use the personal information you provide to us, whether online, via phone, email, in letters or in any other correspondence, or where we receive data from third parties. We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information.
Processing your information in accordance with the law means:
o Being fair and transparent with you.
o Clearly identifying our purpose for processing your information and checking any additional purpose is compatible with data protection legislation. We document these purposes and periodically review these purposes.
o Making sure that the information we process is adequate, relevant and limited to what is necessary for the purpose of processing your information.
o We take all reasonable steps to make sure the information we hold, and process is accurate and where information is incorrect take remedial action to correct this.
o We do not keep information for longer than is required, we identify personal information we no longer need and erase or anonymise information where appropriate.
o Ensuring that we have appropriate technical security measures in place to maintain the integrity and confidentiality of
your information.
How we get the personal information and why we have it
We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below.
Personal data may be provided to us by you directly, or it may be provided to us from other sources, and we have shared below a variety of examples of when and why we process personal information. This list is not exhaustive, and due to the nature of our services there may be times when new categories of personal information may be shared with us for new and evolving reasons, and as a result, we keep this policy under constant review.
​
o To provide you with advice and guidance
o To carry out our obligations arising from any contracts entered into by you and us
o To deliver, manage and audit our services
o To protect our clients, stakeholders and employees
o Helping train our team and support research
o To recruit new members of our team
o To help us identify and manage improvements to our services
o To comply with our legal obligations
o To investigate queries, incidents, complaints or legal claims
o For internal administrative and management purposes, such as record keeping of enquiries, feedback, or complaints
o We may periodically send promotional emails about new services, special offers or other information which we think you may find interesting using the email address which you have provided.
o From time to time, we may also use your information to contact you for market research purposes. We may contact you by
email, phone or post. We may use the information to customise the website according to your interests.
Under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for our processing of this information are:
o Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by
contacting us.
o We have a contractual obligation. For example, where the processing is necessary for the performance of a contract to
which you are a party, or to take steps prior to entering into a contract with you.
o We have a legal obligation. For example, where processing is necessary in order for us to meet our requirements under the
company and finance legislation, or to provide information to law enforcement organisations or the Courts.
o We have a legitimate interest. For example, where it is necessary for the purposes of our legitimate interests, except
where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you).
To determine this, we shall consider several factors such as, what you were told at the time you provided your data, what your expectations are about the processing of your personal data, the nature of the personal data, and the impact of the processing on you.
​
When we process your personal information in this way, we also consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
​
We will not use your information for activities where our interests are overridden by the impact on you, for example where collection and use of your information would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law). Examples of processing based on legitimate interest grounds are:
​
o To measure and understand how our services are used. For example, generating analytics on the demographics of our
clients and services to ensure our services and programmes meet your needs.
To determine this, we shall consider several factors, such as what you were told at the time you provided your data, what your expectations are about the processing of your personal data, the nature of the personal data, and the impact of the processing on you.
​
For sensitive personal data, also known as special category data, the lawful bases we rely on for this processing includes:
o Explicit Consent
Or on rarer occasions:
​
o Where we need to protect your vital interests (or someone else’s interests); and/or
o Where it is needed in the public interest or for official purposes
​
The type of personal information we collect
To be able to provide you with services and support we must process your personal data. The type of personal data we collect depends on the way you interact and use the RIE Solutions services. For example, accessing our services as a client may be a different experience than interacting with us as a supplier.
​
We may collect and process the following personal data from you:
​
o Information you give us. You may give us information by enquiring about or using our services, signing up to our newsletter, corresponding with us by phone, email, post, in person or otherwise. The information you give us may include
both company and personal details such as your company name, your name, address, work email address and phone
number, and company financial information.
o Information given about others. Where you provide us with information about your employees or other stakeholders, you `
will be giving us information about another person. When sharing this data with us you may be the data controller of this
data, with RIE Solutions being the data processor providing you with a service. In this case please ensure the appropriate
information about your data sharing with us is provided to the data subject via your own internal privacy notices and
processes.
o Information we collect from your use of our websites and online services. With regard to each of your visits to our website
or other online platforms provided by us, we may automatically collect the following information:
​​
o If you have a user account on our site or if you use our online services we process details of the activity associated with
your account. This might include records of when you logged in and out of your account, password reset attempts, or posts you share on our forums. We place a cookie on your computer when you log in to your account; this allows you to navigate our site while remaining logged in.
o Information about your visit, including date and time, page response times, and forms you have submitted.
o Your company financial details e.g. details of how you pay us, or information about your financial status.
Special Categories of Personal Data
​
Some categories of personal information are regarded by the law as more sensitive than others. This is known as ‘special category’ or ‘sensitive personal data’ and covers things like information about your health, ethnic origin, religious beliefs, political opinions or any genetic or biometric data that is used to identify you.
​
We do not routinely process sensitive personal data, but there may be rare occasions when this is shared with us by a clients or supplier e.g. to arrange a reasonable adjustment, or an important health update which affects your engagement with us.
​
Information sharing
​
Where necessary and in accordance with data protection legislation we share information internally within RIE Solutions and with third parties as required and where we have a legal basis to do so.
​
We share information where there is a legal, regulatory or professional obligation to disclose your personal information, in order to apply the relevant rules and/or to protect the rights or safety of our clients, supplier and employees past and present.
​
We may also be required to share information with Statutory and Regulatory authorities, law enforcement agencies and courts, or in the event of a transfer of all or a part of our organisation.
​
Sometimes we might share your data with third parties. This could include:
​
o Engaging trusted partners and third-party service providers to deliver a variety of business services and operations on our
behalf. For example, service providers we use for specific purposes, such as for our IT systems or legal counsel for the
provision of legal advice and guidance.
o Regulatory authorities, law enforcement agencies and courts.
o In the event of a transfer of all or a part of our organisation, for example new owners, directors or their professional advisers.
o If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or
to protect the rights, property, or safety of our company, our clients, employees, or others. This includes exchanging
information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Third party (often called Sub-Processor) organisations
For our general day-to-day data processing activities, we use third party organisations or systems to help us administer, deliver, and monitor the services we provide:
o For the provision of IT and software services (e.g. Microsoft who provide our office software) to enable the management of
the RIE Solutions and office administration
o o support our Members Community (e.g. Mighty Networks who host our community platform)
o For financial transactions and accounting (e.g. Stripe, who we use to provide payment management for our subscription
services)
o To help us improve our organisation
o For the administration of our website and online platforms
o For any legal and regulatory guidance regarding the provision of our services
Please note that for those using our subscription services, you will contract separately with Stripe and Mighty Networks and will be asked to accept their terms and conditions directly. This means they will become data controllers of your personal data and we have linked their privacy notices above in order that you can check them out directly.
It is also important to be clear that access to your personal information is only allowed when required by the law or is required as part of fulfilling our service obligations. We do not, and will never, sell your personal information to other third parties.
​
International transfers
​
Where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with the UK data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place. We carry out a detailed assessment to ensure the companies receiving your data can comply with these clauses. Please contact us if you wish to know more.
​
There are also some occasions when you may be based outside the UK. Where this is the case, as we are a UK organisation, you will be sharing your personal information with us here in the UK.
​
Keeping your information safe and secure
​
We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection.
​
How long we keep your data
​
We will only keep your information for as long as necessary to perform our obligations and to fulfil the original processing purpose. Based on the legal basis we may need to keep some information for longer i.e. to comply with tax and accounting law and in some cases, we will anonymise your information so that it can no longer be associated with you.
​
When establishing our Retention Schedule, we consider the legal basis, sensitivity of information, the type of information and once the retention period has ended, how we deal with the information.
​
Links to other websites
​
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
​
Keeping your data correct
​
We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct.
​
Your data protection rights
​
o Your right of access – You have the right to ask us for copies of your personal information.
o Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also
have the right to ask us to complete information you think is incomplete.
o Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
o Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information
in certain circumstances.
o Your right to object to processing – You have the the right to object to the processing of your personal information in
certain circumstances.
o Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another
organisation, or to you, in certain circumstances.
o Your rights in relation to automated decision making and profiling – As a matter of principle, you have the right not to be
subject to a decision based solely on automated processing, including profiling. However, we may automate such a
decision if it is necessary for the entering into or performance of a contract between us, authorised by law or regulation or
if you have given your explicit consent. However, we do not currently make any decisions by automated means.
You are not usually required to pay any charge for exercising your rights. If you make a request, we have a calendar month to respond to you.
Where requests are manifestly unfounded or excessive, in particular where they are repetitive, we may charge a reasonable fee, taking into account the administrative costs of providing the information, or we may refuse to provide the information.
Where we refuse a request, we will explain our reasons for the refusal and remind you of your right to complain.
If you would like further information on your rights or wish to exercise them, please email info@rie.solutions
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk/make-a-complaint/
​
Our use of cookies on our website
Cookies are small text files that are placed on your device when you visit our website. They help the site remember your preferences, improve functionality, and gather information about how you interact with our site.
When you visit our website, you will be presented with a cookie banner that explains whether or not cookies are being used.
Where anything other than essential functional cookies are being used, our cookie banner will provide all the information you need to know about the cookies and will also allow you to accept or reject the cookies and manage your own cookie preferences.
Changes to this policy
​
We’ll amend this privacy policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. Please check back regularly to see if there have been any updates.
This Privacy Policy was last updated in August 2025.