GDPR Compliance Statement

Last updated: January 2024

dazzle-ride Limited is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and your rights as a data subject.

Our Commitment to Data Protection

We recognise that responsible handling of personal data is fundamental to maintaining trust with our clients and website visitors. Our data protection practices are built around the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

Data Controller Information

dazzle-ride Limited acts as the data controller for personal information we collect. Our registration details are:

  • Company name: dazzle-ride Limited
  • Registered address: 42 Threadneedle Street, London EC2R 8AY
  • Company number: 05678901
  • ICO registration number: ZA123456

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right to Be Informed

You have the right to receive clear information about how we collect and use your personal data. Our Privacy Policy and this GDPR statement provide this information.

Right of Access

You may request a copy of the personal information we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to valid requests within one month.

Right to Rectification

If personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. Please contact us if you believe any information requires updating.

Right to Erasure

In certain circumstances, you may request that we delete your personal information. This right is not absolute and may be limited by legal or regulatory obligations, particularly in financial services where we must retain records.

Right to Restrict Processing

You may request that we limit how we use your personal data while concerns are being investigated or addressed.

Right to Data Portability

Where technically feasible and where processing is based on consent or contract, you may request your data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have rights relating to automated decision-making and profiling. Our services do not involve solely automated decisions that produce legal or similarly significant effects.

Lawful Bases for Processing

We process personal data under the following lawful bases:

Contractual Necessity

Processing client data is necessary to provide our financial advisory and management services. Without this information, we cannot fulfil our contractual obligations.

Legal Obligation

Financial services are heavily regulated. We must process certain data to comply with requirements from the Financial Conduct Authority, anti-money laundering legislation, and tax regulations.

Legitimate Interests

We may process data based on legitimate business interests where these do not override individual rights. Examples include website analytics and business development activities.

Consent

Where we rely on consent, it is freely given, specific, informed, and unambiguous. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Data Protection Measures

We implement robust technical and organisational measures to protect personal data:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and penetration testing
  • Staff training on data protection responsibilities
  • Incident response procedures for potential breaches
  • Regular review and updating of security measures

Data Breach Procedures

In the event of a personal data breach, we will:

  • Assess the breach to understand its scope and impact
  • Notify the Information Commissioner's Office within 72 hours where required
  • Inform affected individuals if the breach poses high risk to their rights
  • Document the breach and our response
  • Implement measures to prevent recurrence

International Data Transfers

We primarily process data within the United Kingdom. Where international transfers are necessary, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Protection Officer

Our Data Protection Officer oversees compliance with data protection requirements. Contact details:

Data Protection Officer
dazzle-ride Limited
42 Threadneedle Street
London EC2R 8AY
Email: [email protected]

Exercising Your Rights

To exercise any of your data protection rights, please contact our Data Protection Officer using the details above. We may need to verify your identity before processing requests. Requests are free of charge unless manifestly unfounded or excessive.

Complaints

If you are dissatisfied with how we handle your personal data, we encourage you to contact us first so we can address your concerns. You also have the right to complain to the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Statement

We review our GDPR compliance practices regularly and may update this statement accordingly. Significant changes will be communicated through our website.