Privacy policy


If you’re an adviser, please read our adviser privacy policy.




At Guardian Financial Services Limited (we, us, our), your privacy is important to us and we’re committed to protecting and respecting it.

This privacy notice explains how we use your personal data. It’s been drafted to address the requirements of the UK Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 as implemented into UK law (UK GDPR) (together ‘data protection laws’).

Personal data is information about you. It may be information we collect directly from you, or that’s provided to us by:

  • Your Financial Adviser.
  • The providers of other policies held by you or to whom you have applied for cover.
  • The trustees of any trust you’re a beneficiary of.
  • Other sources, as explained in this privacy notice.

Your personal data will be collected by us when your Financial Adviser completes an application to take out a policy with us, while we provide the policy to you and when you use our website.



This privacy notice also applies to the personal data of your family members, trustees and/or beneficiaries. Where you, or others on your behalf, provide us with their personal information, you’re confirming to us that you’re authorised to provide it. It’s also your responsibility to draw this privacy notice to their attention.

It’s important that your contact, trustee and beneficiary details are accurate and up to date. Please let us know if, during your relationship with us, your contact details or your beneficiary or trustee information changes.



This privacy notice covers:

  • Who we are
  • Our contact details
  • Personal data we may collect
  • Why we collect and use your personal data
  • Our legal bases for processing your personal data
  • If you fail to provide personal data
  • Who we share your personal data with
  • Links to third-party websites
  • How long we’ll keep your personal data
  • Cookies and similar technologies
  • Automated decision-making
  • How to access and control your personal data – your rights
  • Your right to object
  • Your right to withdraw consent
  • Your right to make a complaint
  • Changes to our privacy notice



Guardian Financial Services Limited (Guardian) is an appointed representative of Scottish Friendly Assurance Society Limited (SFA) which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. Registered office: Galbraith House, 16 Blythswood Square, Glasgow G2 4HJ. Registration number 110002.

The contact details of our Data Protection Officer are:

Richard Garmon-Jones
Guardian, Forbury Works, 37-43 Blagrave Street, Reading, RG1 1PZ
0808 123 1821



How we receive and use this information depends on who you are. We may collect your personal data directly from you or from third parties such as your Financial Adviser.

As a customer or potential customer, we may collect the following categories of personal data about you (as applicable):



When you contact us with a query:

  • We collect personal information that you give us when you contact us directly by phone, email or webchat. This may include your name, email address, telephone number and details of your enquiry. We may also keep a copy of our correspondence with you.
  • We may record phone conversations we have with you for monitoring and quality purposes, to check we’ve carried out your instructions correctly and to resolve issues or queries.
  • We may also ask you for information about your user experience, such as details on your browsing history, when you report a problem using our website.

When you become our customer:

  • We will hold a copy of the contract you enter into, which may contain your personal information.
  • We may also collect the personal information you provide to us when we contact you in relation to your contract or policy, for example, to amend the contract, to update your contact, trustee or beneficiary details, to process a claim, or in relation to payment queries. This may include additional information relating to your health and trustees/beneficiaries.



We may aggregate and/or anonymise any personal data we collect about you so that it can no longer be linked to you. We may use this information for any purpose and may share it with third parties.



We get personal data about you, your family members, trustees and beneficiaries from your Financial Adviser to process your application and underwrite your policy. This may include your name, date of birth, financial information (such as your salary and outgoings) and special categories of data (such as information about your health).

Where necessary, and only where it is permitted by data protection laws and we have obtained any necessary consents from you, we may also get personal data relating to your health from medical professionals.

We get information about you from third parties when we carry out anti-money-laundering checks using credit and fraud prevention agencies. This will leave a ‘soft footprint’ on your credit history and won’t affect your credit score.

The data we get from the credit reference agency is collated by searching the records of many sources, and we use it to help us to assess the strength of the information you or your Financial Adviser have given before we can accept you as a policyholder. This includes verifying your identity, bank account and residential address. We may also run credit, sanctions and politically exposed persons checks on you when you make a claim. This helps protect our customers and the business from potential criminal activity.

We’re also obliged to carry out anti-money-laundering checks for all beneficiaries and trustees.

We may get information from the FCA and other regulatory bodies we share your personal data with, and from other insurance providers. We may also get information from publicly available sources such as the electoral register and Companies House.

For high-profile or high-risk customers, further and more extensive checks may be needed which you will be informed about at the time.



Whether you’re a customer or potential customer, we may use and share the personal information we hold about you for the following activities (as applicable):

  • To arrange insurance contracts for you and carry out our obligations arising from any contracts you enter into.
  • To create a MyGuardian account for you and allow you to participate in MyGuardian when you choose to do so.
  • To notify you about changes to your policy.
  • To provide your Financial Adviser with quotes, offers and decisions for policies they’ve identified may be appropriate for you.
  • To provide you or your Financial Adviser with information about your applications or any active and expired policies.
  • To provide your Financial Adviser with information about you that will help them continue to give you the best possible advice.
  • To identify and request medical tests and evaluate the results, or request other information relating to the administration, maintenance and processing of your application, policy or claim.
  • To provide you with policies, and let you know about important changes or developments to the features and operation of those policies.
  • To respond to your enquiries and complaints.
  • To administer offers, competitions and promotions.
  • To process a claim, payment or other benefit relating to one of our policies.
  • To update, consolidate and improve the accuracy of our records.
  • To detect and prevent crime.
  • For market research and training.
  • For customer modelling and statistical and trend analysis with the aim of developing and improving our policies.
  • To manage our relationship with you and your Financial Adviser.

We may use your data for other purposes where you give your specific permission or, in very limited circumstances when required by law or where permitted under data protection laws.


We only process personal data where we have a legal basis to do so. And we may process your personal data for more than one legal ground, depending on the specific purpose for using your data.

The legal bases for processing your personal data are:

  • It’s necessary for carrying on a contract you enter into, or so that we can take steps at your request before entering into a contract (for example, providing the policies you have engaged us to provide and providing initial information requested by you or your Financial Adviser about our policies).
  • It’s necessary to comply with a legal obligation we’re subject to (for example, adhering to anti-money-laundering rules and complying with our reporting obligations to the Financial Conduct Authority, Information Commissioner’s Office or other regulators).
  • It’s necessary for the purposes of our legitimate interests or those of third parties, provided these are not overridden by your rights and interests. (for example, where we use your personal information for market research, training and analysis purposes). Our legitimate interests include to provide security for our website and on the MyGuardian platform, and to operate our business and provide our services in the best way for our customers and ourselves.
  • Where we request it, your consent.

Whenever we process special categories of personal data (for example, relating to your physical or mental health), our legal basis for processing will be your explicit consent (or that of your relevant family member/beneficiary), or that it’s necessary for:

  • Reasons of substantial public interest – such as preventing or detecting fraud, crime or other unlawful acts, or the data being necessary for an insurance purpose – and in accordance with appropriate safeguards.
  • Establishing, exercising or defending legal claims.

Whenever we rely on legitimate interests, we consider and balance any potential impact on you (both positive and negative) and your rights. We don’t process personal data where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).



Where we need to collect personal data by law, or under the terms of a contract you enter into, and you fail to provide that information when requested, we may not be able to arrange a contract for you.

If we’ve already arranged a contract, we may not be able to carry on the contract with you (for example, to underwrite your policy or deal with a claim you have made under a policy you hold with us). In this case, we may have to terminate the contract, but we’ll let you know at the time if this would be the case.



Organisation/entity Reason for sharing

Credit and fraud prevention agencies

We perform electronic searches using Experian for the purpose of confirming your address and bank account are valid.

  • Full name and date of birth
  • Residential address
  • Direct debit bank account details

You can follow the link below to find out more about the role of the credit reference agencies Credit Reference Agency Explained.

If you make a claim, we may put any information you give to us onto a register of claims and share it with other insurers to prevent fraudulent claims.

Appointed service providers

We use a number of categories of service provider. These include the organisations that provide, develop and support our telecommunications and IT infrastructure including our website and client relationship management system, and our auditors, lawyers and other professional service providers.

FCA and other regulatory bodies and tax agencies

For the purposes of meeting our regulatory obligations and the monitoring of market abuse, including HMRC and other relevant tax agencies.

Financial Adviser

We’ll provide your Financial Adviser with the information necessary to help them give you appropriate advice and to deal with any queries you raise with them.

Legal or regulatory authorities

If required to make a disclosure by a court of law, other tribunal, or relevant market rules or codes of practice.

In the event of merger or acquisition of Guardian, our shareholders or our assets

If we sell, transfer or merge part or all of our business or assets, then we may need to disclose your personal information to a potential buyer and their advisors. However, we will anonymise your personal information where we are able to do so. We will also ensure that any recipients of your personal information are subject to confidentiality obligations and that they only use your personal data for the purpose of the potential transaction.

Scottish Friendly Assurance Society Limited (SFA) and other underwriters

We’ll pass on information we receive about you to SFA who provide the policies we issue. We may also, with your explicit consent, pass on the results of any medical screening we’ve commissioned with any other insurers you’ve applied to.


If our screening identifies any concerns about your health that we believe you may be unaware of, we’ll inform your GP so that they can contact you to discuss any potential issues and provide appropriate support.

Sharing personal information between dual life applicants

Sometimes, when you take out a policy on a dual life basis, this may mean your personal data will be shared with the other applicant.


Some organisations – such as SFA, regulatory bodies, credit and fraud agencies, and our professional advisers – are usually independent controllers with their own privacy notices explaining how and why they use your data. Others are generally our processors, and we have written contracts with them incorporating essential protections for your data.



The Guardian website and MyGuardian may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave the Guardian website, we encourage you to read the privacy policy of every website you visit.

Communication, engagement and actions taken through external social media platforms that we participate on are subject to their terms and conditions as well as the privacy policies held with each social media platform respectively.



We’ll only keep your personal data for as long as we need to in order to fulfil the purposes we collected it for, as set out in this privacy notice, and for as long as we’re required to keep it by law.

To make sure we meet our obligations, we have a designated data retention policy indicating when personal data should be disposed of. This relates to, but isn’t limited to:

  • All physical documents.
  • Electronic versions of documents.
  • Digital voice recordings.
  • Data held in systems relating to our customers.

For more information on this, contact our Data Protection Officer, Richard Garmon-Jones, as noted in ‘Who we are’.

We securely dispose of personal data when it’s no longer needed.



When we collect information automatically, we and our service providers use internet server logs, cookies, tags, software development kit, tracking pixels and other similar tracking technologies. We use these technologies to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. As we adopt additional technologies, we may also gather information in other ways.

For more information on the cookies we use, the purposes we use them for and how you can control them, please see our cookies policy here.


When your Financial Adviser makes an application on your behalf for one of our policies, we may use automated decision-making to assess your eligibility for that policy and, if you are eligible, determine the quote. This automated decision-making process may accept your application, decline your application or refer it to a manual decision-making process.

You have the right, in certain circumstances, not to be subject to a decision which is based solely on automated processing. Please see the section below for further details of this right.




You have certain rights over your information which are summarised below. Some of the rights are complex so not all details are included in the summary:

  • Right to be informed: you can take a copy of this privacy notice by printing this page from our website.
  • Right of access: you can ask for copies of information that we process about you.
  • Right to rectification: you can ask to have any inaccurate information we hold about you corrected.
  • Right to erasure: you can ask for the information held about you to be erased (subject to certain criteria).
  • Right to restriction of processing: you can ask us to stop processing your information (under certain circumstances).
  • Right to data portability: you can, under certain circumstances, ask us to transmit the personal information that you’ve given us to another provider of services.
  • Rights relating to automated decision-making and profiling: you have the right not to be subject to a decision based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you (under certain circumstances).



You can object to your information being processed if our legal basis for processing it is based on ‘legitimate interests’. To check whether we use your information for legitimate interests, see the section ‘Why we collect and use your personal data’ above.

If you’d like to exercise any of your rights mentioned above, or get more information about those rights, you can do so by writing to or emailing our Data Protection Officer as detailed in ‘Who we are’.



Where you’ve given your consent for us to process your information, you can withdraw it at any time. Your withdrawal won’t affect the lawfulness of processing before you withdrew your consent.

You can withdraw your consent to our use of your data by contacting our Data Protection Officer as detailed in ‘Who we are’.



If you have a complaint about the way we process your personal data, or think we’ve not complied with your data privacy rights, this is something we’d like to resolve with you directly if possible.

Please contact in the first instance our Data Protection Officer:

Richard Garmon-Jones
Guardian, Forbury Works, 37-43 Blagrave Street, Reading, RG1 1PZ
0808 123 1821

While we’d always like the opportunity to address your data privacy complaint directly, you also have the right to refer it to the ICO:

The Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
0303 123 1113
01625 524510



We keep our privacy policy under regular review and reflect any updates in this notice. You will be informed of changes to this policy by notification on our website. It was last updated in April 2024.