GDPR Compliance

Your data protection rights under UK GDPR

Last updated: January 2024

Our Commitment to Data Protection

solidarbor-tech Ltd takes data protection seriously. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and outlines your rights as a data subject.

As a financial services firm, we process sensitive personal and financial information. We recognise the trust you place in us and are committed to handling your data responsibly, transparently, and securely.

Data Controller Information

solidarbor-tech Ltd is the data controller for personal information collected through our website and in the course of providing our services.

Registered Address:
14 Whitmore Gardens
London, NW10 5HB
United Kingdom

Email: [email protected]

Company Registration: 07284156

ICO Registration: ZA847291

Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Contractual Necessity

We process personal data that is necessary to provide our retirement planning services. This includes collecting information about your pensions, income, and financial goals to deliver personalised advice.

Legal Obligation

As an FCA-authorised firm, we are required to collect and retain certain information to comply with financial services regulations, anti-money laundering requirements, and tax obligations.

Legitimate Interests

We may process data based on our legitimate business interests, such as improving our services, maintaining security, and communicating with enquirers. We always balance these interests against your rights and freedoms.

Consent

For certain processing activities, particularly marketing communications, we obtain your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data:

Right of Access

You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with supplementary information about how it is processed.

Right to Rectification

You may request correction of inaccurate personal data or completion of incomplete data we hold about you.

Right to Erasure

In certain circumstances, you may request deletion of your personal data. However, this right does not apply where we need to retain data for legal or regulatory compliance.

Right to Restriction

You may request that we restrict processing of your data in certain situations, such as while we verify the accuracy of contested data.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.

Right to Object

You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not make such automated decisions about our clients.

Exercising Your Rights

To exercise any of your data protection rights, please contact us by email at [email protected] or write to us at our registered address. We will respond to your request within one month.

Before processing your request, we may need to verify your identity to ensure we release information only to the correct individual. We will not charge a fee for most requests, though we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

Data Transfers

We primarily process personal data within the United Kingdom and European Economic Area. Where we transfer data outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner.

Data Security Measures

We implement technical and organisational measures appropriate to the sensitivity of the data we process:

  • Encryption of data in transit and at rest
  • Access controls based on business need
  • Regular security training for all staff
  • Incident response procedures
  • Regular testing of security measures
  • Secure disposal of data no longer required

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay.

Record Keeping

We maintain records of our data processing activities as required under Article 30 of the UK GDPR. These records document the categories of data we process, purposes of processing, recipients, retention periods, and security measures.

Complaints

If you are dissatisfied with how we handle your personal data, please contact us in the first instance. We will investigate your concerns and work to resolve any issues.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: ico.org.uk

Updates to This Information

We review our GDPR compliance practices regularly and will update this page to reflect any changes. Significant updates will be communicated to clients directly where appropriate.