3M Financial — Support Redefined

Legal

Privacy Policy

Last updated: 7 June 2026

Who we are

3M Financial Ltd (company number 17128047, registered office 62 Cotham Drive, Wakefield, England, WF2 7BS) provides outsourced administration and paraplanning support to UK financial advisers.

Our GDPR role

For personal data uploaded to the adviser portal in respect of end clients, 3M Financial acts strictly as a Data Processor under the UK GDPR. The instructing IFA firm remains the Data Controller. For data we collect directly from advisers in order to operate their account (name, firm, email, phone), we act as a Data Controller.

What we process

  • Adviser account data: name, firm, email, phone, authentication factors.
  • Case data: client name, supporting documents, policy numbers, asset values and other case details uploaded by the Firm.
  • Operational data: sign-in events, MFA challenges and audit logs needed to keep the Service secure.

How long we keep it

Once a case is marked Completed, all supporting files, client documents, policy numbers, asset values and other special category data are permanently deleted 30 days later. A minimal commercial record (adviser name, client name, IFA firm name, case cost and case reference number) is retained for 6 years plus the current financial year to satisfy our own statutory and regulatory obligations.

Security

All data is encrypted in transit (TLS 1.2+) and at rest. Access requires Multi-Factor Authentication. Infrastructure is hosted in the United Kingdom or European Economic Area. We will notify the Firm of any personal-data breach without undue delay and in any event within 72 hours of becoming aware of it.

Your rights

Data subjects can exercise their UK GDPR rights (access, rectification, erasure, restriction, portability and objection) by contacting the instructing IFA firm. For data we hold as Controller, contact us at Jessica@3mfinancial.co.uk. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

Firm-managed support staff accounts

An adviser can invite in-house admin or support staff to the portal from their account. Those accounts are created and managed by the adviser's firm, who acts as Controller for the staff member's personal data; 3M Financial only processes that data to operate the portal. The inviting adviser can view the staff member's name, email and phone number, and can delete the account at any time, but cannot view, reset or bypass the staff member's password or two-factor authentication. Those personal security settings are managed by the staff member alone.

Administrator access at 3M Financial

A small number of 3M Financial personnel hold an "administrator" role with elevated access for the sole purpose of running the Service (approving advisers, setting case costs, responding to support requests). Granting or revoking the administrator role is logged and requires explicit confirmation by another administrator.

More

See our Terms & Conditions for the full agreement, including the incorporated Data Processing Agreement.