GDPR Compliance

Information about our compliance with UK GDPR and your data protection rights

Our Commitment to Data Protection

brisk-wheel is committed to protecting your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about our GDPR compliance practices and your rights under this legislation.

Data Controller Information

For the purposes of UK GDPR, brisk-wheel is the data controller responsible for your personal information.

Contact Details:
brisk-wheel
47 Clerkenwell Road
London EC1M 5RS
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. Our processing activities rely on the following legal grounds:

Contract Performance

We process personal data when necessary to fulfill our contractual obligations to you, including delivering the financial education and consulting services you've engaged.

Consent

In certain situations, we rely on your explicit consent to process specific categories of data. You have the right to withdraw consent at any time by contacting us.

Legitimate Interests

We may process data based on our legitimate business interests, such as improving our services, maintaining security, and communicating about relevant offerings. We balance these interests against your rights and freedoms.

Legal Obligations

We process personal data when required to comply with legal or regulatory obligations, including tax laws and financial service regulations.

Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data. These rights are outlined below with guidance on how to exercise them.

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. This is commonly known as a "subject access request."

How to exercise: Email us at [email protected] with your request. We'll provide the information within one month.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

How to exercise: Contact us identifying the information you believe is inaccurate or incomplete and providing the correct information.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes for which it was collected.

Limitations: This right doesn't apply when we must retain data to comply with legal obligations or establish legal claims.

Right to Restriction of Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You can request to receive personal data you've provided to us in a structured, commonly used, machine-readable format, and transmit that data to another controller.

Scope: This right applies only to data processed based on consent or contract performance, and only when processing is carried out by automated means.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We'll cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significantly affects you. We do not engage in such automated decision-making.

Exercising Your Rights

To exercise any of your data protection rights:

  1. Send a written request to [email protected]
  2. Clearly state which right you wish to exercise
  3. Provide sufficient information to identify you (we may request additional verification to protect your data)
  4. Specify any particular data or processing activities your request concerns

We aim to respond to all requests within one month. If your request is particularly complex, we may extend this by up to two months and will inform you of any extension.

There is no fee for exercising your rights unless your request is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse the request.

Special Category Data

In the course of providing financial consulting services, we may occasionally process special categories of personal data (sensitive data) such as information about your health if it affects your financial situation.

We process such data only when:

  • You've given explicit consent
  • It's necessary for legal claims
  • You've manifestly made the data public

We apply additional safeguards to protect special category data.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls limiting who can view personal data
  • Regular security assessments and penetration testing
  • Staff training on data protection and security practices
  • Incident response procedures for potential data breaches

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all breaches, including facts, effects, and remedial actions taken

Third-Party Processing

When we engage third-party service providers to process data on our behalf (data processors), we:

  • Enter into written agreements that meet UK GDPR requirements
  • Ensure they implement appropriate security measures
  • Verify they only process data according to our instructions
  • Assess their ability to comply with data protection obligations

International Data Transfers

Your personal data is primarily processed within the United Kingdom. If we transfer data to countries outside the UK, we ensure adequate protection through:

  • Adequacy decisions recognizing equivalent data protection standards
  • Standard contractual clauses approved by UK authorities
  • Other lawful transfer mechanisms as appropriate

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Our retention schedule considers:

  • The nature and sensitivity of the data
  • The purposes for processing
  • Legal and regulatory requirements
  • Legitimate business needs

Client service records are typically retained for seven years to meet professional obligations. Website analytics data is retained for shorter periods.

Privacy by Design and Default

We implement data protection principles from the design stage of any new processing activity and throughout the data lifecycle. This includes:

  • Data minimization: collecting only necessary information
  • Purpose limitation: using data only for specified purposes
  • Storage limitation: retaining data no longer than necessary
  • Implementing appropriate default privacy settings

Children's Data

Our services are not directed at children under 18, and we do not knowingly process children's personal data. If we become aware that we've inadvertently collected data from a child, we'll delete it promptly.

Updates to Our Practices

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR. Any significant changes will be reflected in updated versions of our Privacy Policy and this GDPR information page.

Questions and Concerns

If you have questions about our GDPR compliance or concerns about how we handle your personal data, please contact us:

Email: [email protected]

We take all inquiries seriously and will respond promptly to address your concerns.

Right to Lodge a Complaint

While we hope to resolve any concerns directly, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Telephone: 0303 123 1113
Website: brisk-wheel.com

The ICO provides guidance and can investigate complaints about data protection compliance.