Effective as of March 2022

This privacy notice applies to all companies within the NFP UK group, as well as any appointed representatives. This includes but is not limited to:

  • NFP Benefits Consultants Limited
  • NFP Commercial Solutions Limited
  • NFP Wealth Management Limited
  • Johnson Fleming Group & subsidiaries
  • Ernest R Shaw Limited

collectively referred to herein as “NFP”.

Any reference to the “Website” refers collectively to www.nfp.co.uk, www.johnsonfleming.com; www.ernestrshaw.com and www.allmybenefits.co.uk

NFP is committed to respecting the privacy rights of its customers, visitors and other users of this Website.

We created this Website Privacy Policy to demonstrate our commitment to fair information practices and the protection of privacy. Our information practices for this Website are described below.

This privacy notice applies to your usage of our Website only. If you engage us for services, you should refer to the Personal Data Protection Agreement, the Privacy Notice or other privacy document that is sent to you at the time of engagement.


In this Privacy Policy, we describe what information we collect when an individual uses, receives or has access to our Website, and how we protect that information, with whom we share it and what privacy options are available to each individual..

Upon accessing our Website, you will be asked to opt-in to cookies which is the primary method in which we collect this information. You can change your cookie preferences at any time by clicking the cookies symbol in the lower left corner. At other times, you may be asked to provide information directly. You can choose not to do so (although this choice may impact the service you receive).


This Website Privacy Policy does not apply to any subsites or third-party sites that might be linked to, or accessible from, the Website.

This Privacy Policy does not address the information practices of any third party, unless as specified otherwise.


Our Privacy Policy will always indicate the date when it was last changed. We encourage you to visit this page regularly to be aware of our current terms.

We may modify or supplement this Privacy Policy from time to time for any reason.

If we make any material changes to this Privacy Policy, we will post the updated Privacy Policy here, along with its effective date, to notify users as required by applicable law. You should review this page regularly to look for changes in this Website Privacy Policy.

Your continued use of this Website after we have posted changes to this Privacy Policy on this page with a new effective date will indicate that you agree to be bound by such changes.

If any change to this Website Privacy Policy is unacceptable to you, your only recourse is to terminate your use of the Website.

Links to Third-Party Websites

This Website may contain links to other websites. NFP does not control the content or privacy policies of such third-party websites or the privacy policies of such third parties. NFP accepts no responsibility or liability for privacy or other issues related to the collection or use of your information by such other websites or third parties.

We urge you to be aware when you leave our Website, and to read the privacy statements of each website on which you land after you click on a link or social networking button located on our Website.

The inclusion of a link to a third party’s website or service does not imply endorsement of the third party’s data handling practices, and does not imply that their practices are covered by this Privacy Policy.


We seek to use reasonable technical, organisational and administrative measures to protect data collected through this Website against unauthorized or unlawful processing and against accidental loss, destruction or damage. We believe that these measures are reasonably adapted to the nature of the information in our custody. However, because no security system can be 100% effective, we cannot guarantee the security of any information we may have collected from or about our users.

When the circumstances require, we use encryption technology (data scrambling) and authentication tools to protect information that you may provide through our Website. In addition, our employees are instructed that such information is to be used only in accordance with the principles of this Website Privacy Policy, or other information security policies and procedures we may adopt from time to time, and the laws applicable to each specific business.

We will not ask you for any information such as your social security number, a bank or credit card account number, through the Website. If you need to send us confidential information and are concerned about the security of the Website, then you should consider sending it via another secure connection or method.

If you believe that your interaction with our Website is no longer secure, please immediately notify us of the problem in accordance with the “How to Contact Us” section below.

Information We Collect

Information Collected Directly

When you visit the Website, your browser automatically provides, and we automatically collect and store, certain information about your device (computer, tablet, smart phone) and your activities. This includes:

  • Preferences and settings: time zone, language and character size
  • Identifiers: computer IP address; unique mobile device identifier
  • Technical information: type of device, operating system or platform (Mac, Windows), browser information (type, version)
  • Connection: Internet provider or mobile carrier name, connection speed and connection type; Internet service provider (ISP)
  • URL of the last Web page visited before visiting our Service; exit page
  • Information about your use of the website: data stamp, pages viewed, time spent on a page, click through, clickstream data, queries made, search results selected, history, comments made
  • Location: general geographic location


Information You Provide to Us

In some circumstances, you may elect to provide us with some information.

This is the case when we invite users to register, such as to obtain a newsletter or information about an event. In this case, users generally provide their names, email addresses, phone numbers or other contact or personal information. In some cases (e.g., surveys), participation is voluntary. In other cases (e.g., if you want to register to receive information or a newsletter), some specific information about you may be required.

Certain features available on the Website may require you to submit some personal information in order for those features to function as designed. This is the case, for example, when setting passwords or for your resume if you are applying for a job through the Website.

How We Collect Information

We (and our service providers) collect information in a variety of ways:

  • Through the website: e.g., when you sign up to register for a seminar or when you apply for a job at NFP through our  www.nfp.co.uk/careers
  • Through advertisements that we publish, and on which you click
  • Through our emails and other electronic communications
  • Through your browser or device, cookies or similar technologies
  • From other sources: we may obtain information through external sources, such as public databases, joint marketing partners, social media platforms, from people with whom you are friends or are otherwise connected through social media platforms, and from third parties
Use of Information

We use the information collected from our users or from the user’s device, or from job applicants as described above, for the following purposes:

  • Review and evaluate an applicant’s resume and perform the activities related to the interview, selection and, as applicable, onboarding of applicants
  • Respond to questions and other requests for information made through the Website
  • Send invitations to our conferences, webinars, and other events that we think may be of interest
  • Send our newsletter or other communications that an individual has requested or that may be of interest to that individual, in accordance with the individual’s preferences
  • Keep record of contact information, and correspondence
  • Provide services, such as seminars and other events
  • Allow a user to send content to a friend through the Website
  • Remember the user’s preferences (e.g., language, font size), when using our Website
  • Remember the user’s interests (e.g., the type of seminars attended)
  • Administer our Website, diagnose technical problems and otherwise manage our business
  • Facilitate the user’s use of the Website
  • Allow the user to navigate or browse through our Website quickly and efficiently
  • Improve user experience, such as by personalizing content to the user’s preferences or interests or by expediting the processing and completion of a transaction
  • Perform data analysis, audit, fraud monitoring and prevention, enhancing, improving or modifying our Website, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities
  • Perform other functions as otherwise described at the time of collection
Sharing and Disclosure of Information

We share user information with the following entities or in the following circumstances:

  • Service providers – We share information with our service providers, suppliers, subcontractors and similar third parties who provide services to us or act on our behalf so that they can assist us with the provision, upkeep and maintenance of the Website and other related activities, such as the organization of conferences and webinars, email delivery or auditing, or with the selection of applicants to job openings at our company. We require these service providers to refrain from using or sharing with others, for other purposes than as directed by us, the information that we provide to them, or that they collect directly from our users.
  • Analytics – We use automated tools and applications, such as Google Analytics, to evaluate use of our Website. These third-party services use cookies and other tracking technologies to perform their services.
  • Affiliates – We share information with entities that are under common ownership or control of our parent company (“affiliates”) for the purposes described in the Privacy Policy. Subject to local requirements, this information may be used to provide legal and related services offered by our affiliates and for the purposes described in this Privacy Policy.
  • Sale, merger, and corporate reorganisation – We may transfer users’ information to a third party in case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset or stocks, including in the event of corporate restructuring of our company or its affiliated entities.
  • Social networking – Your information may be disclosed to anyone to whom you send a message through this Website (e.g., when you forward an article). You may disclose it when you post or transmit information or material through our social networking buttons (e.g., a Facebook button). Please note that any information that you post or disclose through these social networking services may be available to us, or to other users of that service or the public. We urge you to be careful when using these features.
Data Retention

We will hold this for as long as it is needed for the service, or for as long as we are permitted to do so by the applicable regulation. NFP is governed by the General Data protection Regulation (GDPR) and this data will benefit from the protections afforded by the GDPR This means that data we no longer have an interest in keeping the data it will routinely be deleted.

Compliance and Legal Requirements

There may be times when we use, share or disclose information about our users in order to comply with applicable laws or to address legal concerns or liabilities, especially in the following cases:

  • Compliance with applicable laws – When we believe it is necessary or appropriate under applicable laws, including laws outside your country of residence, or to comply with legal process..
  • Fraud prevention and protection of legal rights – When we believe it is necessary to enforce our terms and conditions; to investigate, prevent or respond to suspected illegal or fraudulent activity; to protect the safety, rights or property of our company, and those of its affiliates, users or others; or to exercise or protect legal rights or defend against legal claims; to allow us to pursue available remedies or limit the damages that we may sustain.
  • Government authorities –– If law enforcement authorities, courts or regulators, or other public or government authorities with appropriate jurisdiction – including public and government authorities outside your country of residence – request that we provide user information, and such request is made using the method required by law in the applicable jurisdiction, such as a search warrant, subpoena or a court order, and we believe that such request is facially valid, we will provide any information we have about a user that responds to such request.

Aggregated, Anonymised or Statistical Information

We aggregate information regarding what portions of the Website users are visiting to develop statistics about the use of the Website. This information helps us create a better experience for users of our Website. For example, we may upgrade those parts of the Website that are heavily visited or optimize the Website to work more efficiently with certain operating systems.

We may provide such aggregated, anonymized or statistical information to third parties, such as our advisers or consultants for research, analytical or strategic purposes. This information is not intended to allow the identification of any specific user of our Website.

Cookies and Web Beacons

We use cookies to recognize your device and browser. The next time you visit our Website, we may use information stored in your cookie file to facilitate your use of our Website. For example, we may use your cookie file to store a password so that you do not have to input it every time you move to a different section of a password-protected portion of our Website. A cookie does not tell us your individual identity unless you have chosen to provide it to us.

Most cookies expire after a defined period, or you can delete your cookie file at any time you choose. In addition, you can set your browser to notify you when you receive a cookie so that you can decide whether to accept or reject it. Please note that these actions apply to a specific browser.

You can always choose whether to accept cookies by changing the settings on your browser. Most browsers contain information on how to control or delete cookies. These settings will typically be found in the “Options” or “Preferences” menu of a browser. You may wish to refer to http://www.allaboutcookies.org/manage-cookies/. Further, you can use the cookie icon in the lower left-hand side of the screen to change your cookie preferences with regards to our site at any time.

If you choose to delete or disable cookies, your experience at our Website may be diminished and some features may not work as they were intended. Some cookies cannot be turned off using the cookie preferences menu because they are essential to the function of the Website.

We use Web beacons. A Web beacon can help us track your activity on the Website, such as which page you are viewing or how long you are staying on that page. Some technologies will notify you of the presence of Web beacons, but browsers typically do not notify you of them.

Third Parties’ Cookies and Beacons

Third parties’ cookies and beacons are used for functionality, performance and analytic purposes. These cookies and beacons collect and store automatically information about a user’s computer or mobile device, and the use of the Service. This information is used in aggregate form only.

The practices of these third parties are subject to the third parties’ privacy policies, some of which we have no control over. We encourage you to read their privacy policies.

Social Media and Other Areas Beyond Our Control

You may find additional information on our products and services through our social media Websites, such as Facebook, LinkedIn and Twitter. These Websites have their own privacy policies and data handling practices, which are different from ours.

Please take the time to review these policies before disclosing or posting information on or through these Websites or any button that links to these Websites.

Please keep in mind that any information you share on social media Websites, interactive forums, message boards or chat rooms may become public information. You should exercise caution when deciding to disclose or share your personal information.

Users' Rights

Choice Regarding Marketing

We do not send marketing material to individuals that have not opted-in to marketing. If you have opted in and no longer want to receive marketing-related material from us, you may opt-out of receiving these materials by following the unsubscribe instructions in such messages or by contacting us as indicated in the “How to Contact Us” section. We will try to comply with your request as soon as practicable. Please note that you cannot opt-out of receiving administrative messages.

Data Subject Requests

Each user has the right to review, change, suppress or erase personal information that can reasonably be linked to, and that we have collected from that user. You may exercise this right by contacting us as indicated in the “How to Contact Us” section. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable, but in any event we will carry out this request within 30 days. If we cannot fully comply with your request within 30 days, we will notify you to inform you of this, provide our reasons and inform you of what other rights you have available to you.

However, please note that we reserve the right to refuse to act on a request that is manifestly unfounded or excessive (e.g., because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or the communication or taking the action requested. If you have a question, comment or request, please contact us as explained in the “How to Contact Us” section below.

Do Not Track

Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. The “Do Not Track” feature of these browsers sends a signal that informs operators of services online that the user does not want certain information about their online activities to be collected over time and across Websites or online services.

The internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Consequently, due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated “Do Not Track” signals.

Special Notice for California Users

California law requires that we inform California residents who have provided us with personal information that is primarily used for personal, family or household purposes that they may request that we provide information about our disclosures of certain categories of personal information to third parties for such third parties’ direct marketing purposes.

Special Notice for EU/EEA/UK Users

The GDPR governs the way we handle your data. You are free to utilise your rights under the GDPR by reaching out to us using the contact details provided in the How to Contact Us section. Your rights mean that you can request that NFP:

  1. provide a copy of the personal information we hold (once requested, we have a maximum of one month to give an individual such information);
  2. rectify information, if it is inaccurate or incomplete;
  3. delete or remove your personal data where there is no compelling reason for its continued processing;
  4. suppress processing of your personal data, when processing is restricted, we are permitted to store the personal data, but not carry out further processes. We will retain sufficient information about the individual to ensure that the restriction is respected in future;
  5. object to certain uses your personal information;
  6. withdraw any permission you may have previously provided; andand
  7. complain to the Information Commissioner’s Office at any time if you are not satisfied with our use of such information (please see “registering a complaint” for more information)

Additional Rights

Applicable laws may give you additional rights that are not described in this Website Privacy Policy.

How to Contact Us

To write to us regarding this Privacy Policy and our personal information handling practices, please email complianceUK@nfp.com

Regarding email communications: note that email communications are not always secure. Thus, please do include any confidential or sensitive information in any emails. We subscribe to some secure data transfer services. Please ask us about this if you would like to transfer data to us securely

Regarding postal communications: be aware that it may take us longer to route and process your request if it is made on paper than we would take with an electronic message.

Registering a complaint

If you have a complaint about the way your personal data is processed, we’d ask that you reach out to us about this in the first instance.

In addition to reaching out to us, you also have the right to lodge a complaint with the supervisory authority for data protection if you’re unhappy with how your personal data is being processed. In the UK, the relevant supervisory authority is:


The Information Commissioner’s Office
Wycliffe House
Water Lane

Tel: 0303 123 1113 (calls are charged at local rates)