GDPR Compliance

Our Commitment to Data Protection

shade-code is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting your personal data and respecting your privacy rights.

This page provides specific information about your rights under data protection law and how we fulfill our obligations as a data controller.

Data Controller Information

For the purposes of UK data protection law, shade-code is the data controller responsible for your personal information.

shade-code
42 Colmore Row
Birmingham B3 2BS
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The specific lawful basis depends on the purpose for which we're using your information:

Contractual Necessity

When you engage our financial advisory services, we process your personal and financial information because it's necessary to perform our contract with you. Without this information, we cannot provide the services you've requested.

Legal Obligations

As a financial services provider, we must comply with various legal and regulatory requirements, including:

• Anti-money laundering and counter-terrorism financing regulations
• Tax reporting and information exchange obligations
• Professional conduct and record-keeping requirements
• Financial services regulatory compliance

Processing for these purposes is necessary to fulfill our legal obligations.

Legitimate Interests

We process certain data based on our legitimate business interests, provided these interests don't override your fundamental rights and freedoms. These legitimate interests include:

• Maintaining accurate client records and service history
• Preventing fraud and ensuring security
• Improving our services and client experience
• Managing and administering our business operations
• Protecting our legal rights and interests

We've carefully balanced these interests against your rights and only process data where we believe the legitimate interest justification is appropriate.

Consent

For certain processing activities, particularly marketing communications, we rely on your explicit consent. You have the right to withdraw consent at any time, though this won't affect the lawfulness of processing based on consent before withdrawal.

Your Rights Under UK GDPR

UK GDPR provides you with important rights regarding your personal data. We respect these rights and have processes in place to facilitate their exercise.

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.

Right of Access

You can request access to your personal data, commonly known as a "subject access request." We'll provide you with:

• Confirmation that we're processing your data
• A copy of your personal data
• Information about how and why we're processing it
• Details about data recipients and retention periods
• Information about your other rights

We'll respond to subject access requests within one month, free of charge, unless the request is manifestly unfounded, excessive, or repetitive.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request correction or completion. We'll take reasonable steps to verify the accuracy of updated information and make corrections promptly.

Given the nature of financial advice, maintaining accurate information is crucial. We encourage you to inform us of any changes to your circumstances or data.

Right to Erasure

Also known as "the right to be forgotten," you can request deletion of your personal data in certain circumstances, including when:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there's no other lawful basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

However, this right is not absolute. We may be required to retain certain information to comply with legal and regulatory obligations, particularly financial services record-keeping requirements. We'll explain if we cannot fulfill an erasure request.

Right to Restrict Processing

In certain circumstances, you can request that we limit how we use your data. This right applies when:

• You contest the accuracy of the data (restriction during verification)
• Processing is unlawful but you don't want data erased
• We no longer need the data but you need it for legal claims
• You've objected to processing (restriction pending verification of legitimate grounds)

When processing is restricted, we can store the data but not use it without your consent, except for legal claims or protecting others' rights.

Right to Data Portability

For data you've provided to us based on consent or contract performance, and which we process by automated means, you can request to receive it in a structured, commonly used, machine-readable format. You can also request that we transmit this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

For direct marketing, we'll stop processing immediately upon objection. For processing based on legitimate interests, we'll cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing relates to legal claims.

Rights Related to Automated Decision-Making

You have rights regarding decisions made solely by automated means that have legal or similarly significant effects on you. While we may use technology to support our analysis, significant financial decisions and advice are made by qualified professionals, not purely automated systems.

How to Exercise Your Rights

To exercise any of your rights, please contact us at [email protected] with the following information:

• Your full name and contact details
• Sufficient information to identify you and verify your identity
• Specification of which right you wish to exercise
• Any relevant details or documentation supporting your request

We'll acknowledge your request promptly and respond substantively within one month. For complex requests, we may extend this period by two additional months, but we'll inform you of any extension and the reasons for it.

We don't charge a fee for most requests, though we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive.

Data Protection Principles

We adhere to the core data protection principles when processing your personal data:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. We're clear about what data we collect, why we collect it, and how we use it.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes. We don't process data in ways incompatible with those purposes.

Data Minimization

We only collect and process data that's adequate, relevant, and necessary for our stated purposes. We don't collect excessive information.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. We promptly rectify or erase inaccurate data.

Storage Limitation

We don't keep personal data longer than necessary for the purposes for which it's processed, subject to legal and regulatory retention requirements.

Integrity and Confidentiality

We process data securely, using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Accountability

We're responsible for demonstrating compliance with these principles and have implemented appropriate policies, procedures, and documentation to do so.

Data Security Measures

We implement appropriate technical and organizational security measures, including:

• Encryption of data in transit and at rest
• Access controls based on role and need-to-know principles
• Regular security assessments and penetration testing
• Staff training on data protection and information security
• Incident response procedures and breach notification processes
• Regular backups and business continuity planning
• Secure disposal procedures for physical and electronic media

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we'll notify you without undue delay. We'll also notify the Information Commissioner's Office within 72 hours of becoming aware of the breach where required by law.

Our notification will include information about the nature of the breach, the likely consequences, and the measures we're taking to address it and mitigate potential adverse effects.

International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. If we transfer data to countries outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions recognizing equivalent data protection standards
• Standard contractual clauses approved by relevant authorities
• Binding corporate rules for intra-group transfers

We'll only transfer your data internationally where there's a valid legal mechanism to do so safely.

Children's Data

Our services are not directed at children under 18. We don't knowingly process personal data of children. If we become aware that we've inadvertently collected such data, we'll take steps to delete it promptly.

Updates to Our Practices

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR and to reflect changes in our operations, technology, or legal requirements. Material changes will be communicated to active clients and reflected in our Privacy Policy with an updated revision date.

Questions and Complaints

If you have questions about our data protection practices or wish to raise concerns, please contact us at [email protected]. We take privacy concerns seriously and will investigate and respond to complaints promptly.

If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Related Policies

For additional information about how we handle your data, please review:

• Privacy Policy - Comprehensive overview of our data practices
• Cookies Policy - Information about cookies and tracking technologies
• Terms of Use - Terms governing use of our website and services