Home Privacy
Legal · Privacy

Privacy policy.

How Aurelian Reserve collects, uses, retains, and protects personal information, in compliance with the UK General Data Protection Regulation and the Data Protection Act 2018.

Effective: 1 February 2026 · Last updated: 1 February 2026

1. Who we are.

Aurelian Reserve Ltd ("Aurelian", "we", "us") is a private custodian of physical gold and precious assets, registered in England and Wales (Company No. 09487213), with its registered office at 14 Throgmorton Avenue, London EC2N 2DL. We are the data controller in respect of personal information processed in connection with our services.

For all enquiries about this policy or your personal data, please write to our Data Protection Officer at dpo@aurelianreserve.co.uk.

2. Data we collect.

We collect personal information necessary to open, maintain, and service a custody or shipping account. This includes:

  • Identity information: full name, date of birth, nationality, photo identification, and proof of address (required for AML and KYC compliance)
  • Contact information: postal address, email, and telephone numbers
  • Account information: username, password (stored only as a one way hash), and login history
  • Transaction information: holdings, deposit and withdrawal records, monthly storage charges, and shipment dates and routes
  • Communications: emails, letters, and notes of telephone calls relating to your account
  • Technical information: IP address and basic browser metadata captured when you use our online portal

3. How we use it.

Personal information is used solely to operate the firm and provide our services. Specifically:

  • To verify your identity and conduct anti money laundering due diligence
  • To open and administer your account and to process transactions
  • To produce and dispatch monthly statements and audit reports
  • To communicate with you about your account, including security notices
  • To meet our regulatory and legal obligations to the FCA, HMRC, and the courts

We do not sell your data to third parties. We do not use your data for marketing of unrelated products. We do not profile clients for advertising.

4. Lawful basis.

We process personal information under the following lawful bases:

  • Contract: processing necessary to provide custody and shipping services agreed with you
  • Legal obligation: identity verification, AML, sanctions screening, and statutory reporting
  • Legitimate interests: operating and securing our portal, preventing fraud, and managing our business

5. Sharing and transfers.

We share personal information only where strictly necessary, and only with parties bound by appropriate confidentiality and data protection obligations. These parties may include:

  • Our independent auditor (Bureau Veritas) for the quarterly vault audit
  • Our insurer (Lloyd's of London marine and specie syndicate) for cover and claims
  • Our cloud infrastructure provider (Google Cloud / Firebase) hosting our portal in the European Economic Area
  • Couriers and logistics partners involved in the dispatch of your consignments
  • Our regulators, law enforcement, and the courts where required

Where personal data is transferred outside the United Kingdom or EEA, we rely on UK adequacy regulations or the International Data Transfer Addendum to the EU Standard Contractual Clauses to ensure equivalent protection.

6. Retention.

We retain account records for the duration of the client relationship and for a minimum of seven years after closure, in line with our regulatory obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Records may be retained for longer where necessary to defend a legal claim.

7. Your rights.

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request erasure where lawful (subject to our regulatory retention obligations)
  • Restrict or object to certain processing
  • Receive a copy of your data in a structured, commonly used format
  • Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, please write to our Data Protection Officer. We respond to verified requests within thirty days.

8. Security.

Our information security programme is certified to ISO 27001. Account passwords are stored as one way hashes. Transmission of personal data over the public internet is protected with TLS 1.2 or above. Physical records are held in a controlled, access logged environment. Our staff are trained in data protection awareness on appointment and annually thereafter.

9. Cookies.

We use a small number of strictly necessary cookies and equivalent storage to keep you signed in to the portal and to maintain your session. We do not use advertising cookies, tracking pixels, or third party analytics on the client portal. The marketing pages of our website may use a single first party analytics cookie, which can be declined without affecting your access.

10. Complaints.

We hope to resolve any concerns you have about your personal data directly. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone: 0303 123 1113. Website: ico.org.uk

11. Changes to this policy.

We may revise this policy from time to time to reflect changes in law, regulation, or our practices. The effective date at the top of this page indicates the most recent revision. Material changes will be communicated to active clients in advance.