Last updated: July 2023

The Verve Group are committed to protecting your data. We will never pass your personal data to anyone else, except for any sub processors in title to our business, without your explicit permission. Types of personal data that is collected includes:

  • Name 
  • Addresses 
  • Date of Birth 
  • Email Addresses 
  • Financial Information
  • Medical Information
  • IP Addresses  

Verve Holdings Limited use certain sub processors to assist in providing our services. We use service providers that may store and process personal data about you and your end users (each, a “Sub-Processor”). This page provides important information about the identity, location and role of these material Sub-Processors.  

Third party Sub-Processor 

 Purpose  Applicable Service Type  Sub-Processor Location 

Privacy Information 
Amazon (AWS)  Hosting and Asset Storage   All EU  Link 
ANS  Hosting   All  United Kingdom  Link 
CashCalc  Cashflow modelling software for financial planning.  Paraplanning, Training   United Kingdom  Link 
CII  Membership, study material and exams.   Training   EEA   Link 
Cognito Forms  Survey and form software – data collection.   DNA Services  United States   Link  
Defaqto  To complete paraplanning services such as risk profiling, fund research, provider research.   Paraplanning  United Kingdom  Link 
Efax  Digital Faxing Solution  Paraplanning, All relevant  Ireland   Link  
Expert Pensions  Training  Training United States  Link 
FCA Connect  FCA Applications  Compliance  United Kingdom  Link 
FCA Regdata  FCA Reporting  Compliance  United Kingdom  Link  
FE Analytics   Fund research/risk profiling. Calculation of Reduction in Yield  Paraplanning, DNA Services  United Kingdom  Link 
 GBG   Identity verification and Fraud prevention Solutions  Compliance  United Kingdom  Link 
GoCardless   Taking payments via direct debit  All  United Kingdom  Link 
Google Analytics  Website & System Analytics  All United States  Link 
Hubspot  CRM system for Sales & Marketing  All United Kingdom  Link 
I4C Cashflow Cashflow modelling software for financial planning.  Paraplanning United Kingdom Link
Locktons  Insurance broker Consultancy, Compliance  United Kingdom  Link
MICAP Investment research  Paraplanning, DNA Services  United Kingdom  Link 
Moneyscope  Cashflow modelling software for financial planning.  Paraplanning United Kingdom, EEA  Link 
Protean Risk  Insurance broker  Consultancy, Compliance  United Kingdom  Link 
Pusher System APIs All  EU Link 
Rackspace Hosting and asset storage All  EU Link 
SelectaPension Pension provider comparison and research.   Paraplanning, DNA Services  United Kingdom  Link 
Sentry System Development  All United States Link
SignRequest Used for TOB agreements and document e-signatures.  All services United Kingdom / EU Link
Stripe   Payment terminal  All relevant  Ireland  Link 
Synaptics   Provider and fund research.   Paraplanning, DNA Services  United Kingdom  Link 
TalentLMS  Training platform  Training   EU  Link 
Teamtailor Recruitment applicant tracking tool system Recruitment services  EU Link
Tech-Link   External technical consultants, used to answer particular technical queries.  All relevant services  United Kingdom  Link 
UK Global   Insurance broker  Consultancy, Compliance  United Kingdom  Link 
Xero   Accounting software  All  United Kingdom  Link  
20i   Hosting  All  United Kingdom  Link 

Our services have been grouped into a summary list as follows however there is also cross over:

  • Direct Authorisation (Going it Alone)
  • PROD, CIP, PDD, CIP, ESG, CRP, EIS, VCT (DNA Services)
  • Paraplanning Services
  • Compliance Services
  • Suitability Report Templates
  • Training
  • Training & Competence
  • Marketing & Design
  • Consultancy
  • Platform Migration Support
  • Portfolio Creation and Maintenance

Nature and purpose of the processing personal protected data:

Provision of the services  

Nature of data processing 
Direct Authorisation (Going it Alone) Providing intermediaries with support and FCA applications. Data required to ensure legal and regulatory accuracy in the application.  
PROD, CIP, PDD, CIP, ESG, CRP, EIS, VCT (DNA Services) Providing services to the intermediary, concerning their investment solutions and provider research. Data required via research systems to ensure accuracy and time-sensitive data.  
Paraplanning Services  Providing research and reports for end clients for the purpose of financial advice. Data required to ensure client-specific information and up to date financial information relating to research and analysis.  
Compliance Services Providing technical advice and regulatory support to the intermediary. Data required to ensure accurate regulatory information.  
Suitability Report Templates Providing non-client specific documentation to the intermediary to allow them to provide reports to their clients. Data used to ensure the intermediate needs are required.  
Training  Support services to individuals concerning the CII diploma and soft skills. System used to log and support students with their training and to provide current training materials.  
Training & Competence  Providing support to those in Financial Services to ensure their competency to complete their job. Systems used to log data to provide FCA reporting.  
Marketing & Design  Support to intermediaries with their branding and marketing. Intermediary data used via marketing systems to ensure client specific outcome.  
Consultancy  Offering business and compliance support to intermediaries. Systems used to ensure suitable outcomes in relation to business needs. Feeds into the other.  
Platform Migration Support Assisting with the paraplanning and administration involved in platform migration. Provided to the intermediary. Refer to paraplanning for system data.  
Portfolio Creation and Maintenance Assisting the intermediary with their investment solutions. System access required for fund and investment research.  

To complete the above the processing activities of the data include; Access; collection; recording; retrieval; use; modification; hosting; storage; making available; monitoring (service delivery); deletion; destruction.

Verve Data Protection

Technical & Organisational measures

Ongoing confidentiality, integrity, availability and resilience of processing systems.

System architecture   We maintain available system configurations hosted via Rackspace (Apricity system), 20i (Para-Sols Rise), and AWS (Dextera), ensuring low levels of downtime, therefore minimising the risk of data loss. 
Encryption   Data is encrypted in transit using HTTPS for web & API requests. 
Update testing   New deployments to production systems are subject to code review, manual testing, automated testing, and product manager reviews before being released. 
Vulnerability testing   We carry out vulnerability and penetration testing with each new release of all production systems. 
System security   Our cloud servers are monitored, with SSH access restricted to a set of IPs. Our load balancers only accept connections on port 443, ensuring secured connection. 
Access control   We maintain records of security privileges of individuals with access to our systems and adopt a policy of least privilege. Security privileges are reviewed periodically and as part of starter/mover/leaver checks.  
User authentication   Access is via email address, and the use of a secure encrypted token.

Restoring availability and access to personal data in a timely manner in the event of a physical or technical incident.

Disaster recovery               System data is backed up daily to cloud based servers, providing additional resilience and a recent recovery point in the unlikely event of system failure. 

Regular testing, assessing and evaluating of these measures’ effectiveness.

Information security management Responsibility for information security is shared between the technical and operational teams, the leadership of which aims to regularly review and improve existing practice. This includes penetration testing as part of development releases and running internal audits. 

§