GDPR Compliance

Our commitment to data protection and your rights under the UK General Data Protection Regulation.

Last updated: January 2024

Our Commitment to Data Protection

chip-portal Financial Consulting Ltd is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognise the importance of protecting personal information and have implemented comprehensive measures to ensure lawful, fair, and transparent data processing.

This page outlines our approach to data protection and explains how we uphold your rights as a data subject.

Data Controller Information

For the purposes of applicable data protection legislation, the data controller is:

chip-portal Financial Consulting Ltd
14 Chancery Lane
London, WC2A 1PL
United Kingdom

Data Protection Contact: [email protected]

Principles We Follow

We adhere to the core principles of data protection:

Lawfulness, Fairness, and Transparency

We process personal data lawfully and transparently. You are informed about what data we collect and how it is used.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes and not processed in ways incompatible with those purposes.

Data Minimisation

We collect only the personal data that is necessary for the purposes stated. We do not gather excessive information.

Accuracy

Personal data is kept accurate and up to date. We take reasonable steps to rectify or erase inaccurate data.

Storage Limitation

Data is retained only for as long as necessary. We have defined retention periods and securely dispose of data when no longer needed.

Integrity and Confidentiality

Appropriate security measures protect personal data against unauthorised access, loss, or damage.

Your Data Subject Rights

Under UK GDPR, you have the following rights:

Right of Access

You may request a copy of the personal data we hold about you. We will provide this within one month of receiving your request.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request its correction.

Right to Erasure

In certain circumstances, you may request that we delete your personal data. This right is not absolute and depends on the lawful basis for processing.

Right to Restrict Processing

You may request that we limit how we use your data while concerns about accuracy or lawfulness are resolved.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling. We do not make decisions based solely on automated processing that produce legal effects concerning you.

Lawful Bases for Processing

We rely on the following lawful bases when processing personal data:

  • Performance of a contract: Processing necessary to provide our consulting services to clients
  • Legitimate interests: Processing for business purposes where balanced against your interests and rights
  • Legal obligation: Processing required to comply with legal or regulatory requirements
  • Consent: Where you have specifically agreed to particular processing activities

Special Category Data

Financial consulting may involve information that reveals aspects of your economic circumstances. We handle such data with enhanced care and ensure appropriate safeguards are in place. We do not typically process special category data as defined under UK GDPR unless strictly necessary and with your explicit consent.

Data Security Measures

We maintain robust security measures including:

  • Encryption of personal data during transmission and storage
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and penetration testing
  • Staff training on data protection and security
  • Incident response procedures for potential breaches
  • Physical security measures for our premises

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Communicate the breach to affected individuals without undue delay when required
  • Document the breach, its effects, and remedial actions taken
  • Review and improve security measures as necessary

Third-Party Processors

Where we engage third parties to process personal data on our behalf, we ensure:

  • Data processing agreements are in place
  • Processors provide sufficient guarantees of compliance
  • Processing is conducted only on documented instructions
  • Appropriate security measures are maintained

International Data Transfers

Personal data is primarily stored and processed within the United Kingdom. Any transfers outside the UK are conducted with appropriate safeguards such as Standard Contractual Clauses or adequacy decisions recognised by the UK government.

Exercising Your Rights

To exercise any of your data protection rights, contact us at:

Email: [email protected]
Post: Data Protection, chip-portal Financial Consulting Ltd, 14 Chancery Lane, London, WC2A 1PL

We will respond to your request within one month. In complex cases, this may be extended by a further two months, in which case we will inform you of the extension and reasons.

There is generally no fee for exercising your rights. However, we may charge a reasonable fee for manifestly unfounded or excessive requests.

Complaints

If you believe we have not handled your data appropriately, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk