GDPR Compliance

Last updated: January 2024

active-asset is committed to protecting your personal data and respecting your privacy rights in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with data protection legislation and outlines your rights as a data subject.

Our Commitment to Data Protection

We recognise that protecting personal data is fundamental to maintaining trust with our clients. Our approach to data protection is built on the following principles:

  • Lawfulness, fairness, and transparency: We process personal data lawfully and are open about how we use it
  • Purpose limitation: We collect data only for specified, explicit, and legitimate purposes
  • Data minimisation: We limit collection to what is necessary for our stated purposes
  • Accuracy: We take reasonable steps to ensure personal data remains accurate and current
  • Storage limitation: We retain personal data only for as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures to protect personal data
  • Accountability: We take responsibility for demonstrating compliance with these principles

Data Controller Information

For the purposes of data protection legislation, the data controller is:

active-asset
27 Finsbury Square
London EC2A 1PL
United Kingdom
[email protected]

Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you. This is commonly referred to as a Subject Access Request (SAR). We will respond within one month of receiving your request, though this period may be extended by a further two months for complex requests.

Right to Rectification

If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will address rectification requests within one month.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This right applies when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the legal basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Right to Restriction of Processing

You may request that we limit how we process your data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose immediately.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. We do not currently engage in such automated decision making.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. When making a request, please provide:

  • Your full name and contact details
  • A clear description of the right you wish to exercise
  • Any information that will help us identify the data in question

We may need to verify your identity before processing your request. This is a security measure to ensure personal data is not disclosed to unauthorised persons.

Legal Basis for Processing

We process personal data under the following legal bases:

Contract Performance

Processing necessary to provide the services you have engaged us to deliver, such as financial guidance consultations.

Legitimate Interests

Processing necessary for our legitimate business interests, provided these do not override your fundamental rights. Our legitimate interests include:

  • Improving our services and website functionality
  • Understanding how clients interact with our content
  • Protecting against fraud and maintaining security
  • Managing business operations and administration

Consent

Where you have given clear consent for us to process your personal data for specific purposes. You can withdraw consent at any time by contacting us.

Legal Obligation

Processing necessary to comply with legal requirements, such as maintaining business records for tax purposes.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption protocols for data transmission
  • Secure storage systems with access controls
  • Regular security reviews and vulnerability assessments
  • Staff training on data protection responsibilities
  • Incident response procedures for potential data breaches

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

International Data Transfers

If we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequate data protection laws as determined by the UK government
  • Standard contractual clauses approved by the UK government
  • Other valid transfer mechanisms under UK GDPR

Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us first so we can try to resolve any issues directly.

Updates to This Information

We review our GDPR compliance practices regularly and may update this page to reflect changes. Significant updates will be communicated through our website.

Contact

For any questions about our GDPR compliance or data protection practices, please contact:

active-asset
27 Finsbury Square
London EC2A 1PL
United Kingdom
[email protected]