GDPR Information

Your data protection rights explained

Last updated: January 2024

This page provides detailed information about how flickering-glade complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your personal data and respecting your privacy rights.

Our Commitment to Data Protection

As a financial services provider, we handle sensitive personal and financial information. We recognise the trust you place in us and take our responsibilities as a data controller seriously. Our data protection practices are designed to ensure your information is processed lawfully, fairly, and transparently.

Data Controller Information

flickering-glade Ltd acts as the data controller for personal information collected through our services and website. This means we determine the purposes and means of processing your personal data.

Contact details:
flickering-glade Ltd
47 Gracechurch Street
London EC3V 0BT
[email protected]

Lawful Bases for Processing

Under UK GDPR, we must have a valid legal basis to process your personal data. The lawful bases we rely on include:

Contractual Necessity

When you engage our services, we need to process certain personal data to fulfil our contractual obligations. This includes your contact information, financial details relevant to the services requested, and communication records.

Legitimate Interests

We may process data based on our legitimate business interests where such interests do not override your fundamental rights. Examples include improving our services, maintaining security, and managing client relationships. We conduct balancing tests to ensure this basis is appropriate for each processing activity.

Legal Obligations

As an FCA-regulated firm, we must comply with various legal and regulatory requirements. This includes anti-money laundering checks, client identification procedures, and maintaining records as required by financial services regulations.

Consent

For certain activities, such as sending marketing communications or using non-essential cookies, we rely on your explicit consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right of Access

You have the right to obtain confirmation that we process your data and to access that data along with supplementary information about our processing activities. We provide this information free of charge, typically within one month of your request.

Right to Rectification

If personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We will make reasonable efforts to verify and update information promptly.

Right to Erasure

Also known as the right to be forgotten, you may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose or when you withdraw consent. However, this right is not absolute and may be limited by legal retention requirements.

Right to Restrict Processing

You can request that we limit how we use your data while we verify its accuracy, assess legitimate interest objections, or in other specified circumstances.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You may object to processing based on legitimate interests at any time. We must then demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or show the processing is necessary for legal claims.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects without human involvement.

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We aim to respond within one month, though this may be extended for complex requests.

We will not charge a fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests, or refuse to act in such cases.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Pseudonymisation and encryption of personal data where appropriate
  • Systems designed to ensure ongoing confidentiality, integrity, availability, and resilience
  • Regular testing and evaluation of security measures
  • Staff training on data protection responsibilities
  • Access controls limiting data access to authorised personnel

Data Breach Procedures

We maintain procedures to detect, report, and investigate personal data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also report relevant breaches to the Information Commissioner's Office within 72 hours of becoming aware.

International Data Transfers

When we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place. This may include transferring only to countries with adequate data protection laws, using standard contractual clauses, or relying on other approved transfer mechanisms.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when processing is likely to result in a high risk to individuals' rights and freedoms. This helps us identify and minimise data protection risks for new projects and processing activities.

Records of Processing

We maintain records of our processing activities as required by Article 30 of the UK GDPR. These records include purposes of processing, categories of data subjects and personal data, recipients, international transfers, retention periods, and security measures.

Supervisory Authority

The Information Commissioner's Office (ICO) is the UK supervisory authority for data protection. If you are unhappy with how we have handled your data or responded to your requests, you have the right to lodge a complaint with the ICO.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
ico.org.uk

Updates to This Information

We review our data protection practices regularly and may update this information accordingly. Significant changes will be communicated through our website.

Further Information

For additional details about how we handle personal data, please refer to our Privacy Policy. For questions specific to your data or to exercise your rights, contact us at [email protected].