GDPR Compliance

Our Commitment to Data Protection

cryptic-burst Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and process personal data responsibly, transparently, and lawfully.

This page provides detailed information about how we handle your personal data in compliance with data protection legislation.

Data Controller Information

For the purposes of data protection law, the data controller is:

Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so. The legal bases we rely on include:

Contract Performance

When you engage our services, we process your personal data as necessary to fulfil our contractual obligations. This includes processing information to:

• Schedule and conduct consultations
• Provide personalised financial education
• Process payments for services
• Send service-related communications

Legitimate Interests

We may process data based on legitimate interests, where such processing does not override your fundamental rights. Examples include:

• Improving our services based on client feedback
• Website analytics to enhance user experience
• Marketing our services to existing clients
• Protecting against fraud and ensuring security

Consent

For certain processing activities, we rely on your explicit consent. You may withdraw consent at any time, and this will not affect the lawfulness of processing before withdrawal. Consent-based processing includes:

• Marketing communications to prospective clients
• Non-essential cookies and tracking technologies
• Sharing your testimonial or case study

Legal Obligation

We may process data to comply with legal requirements, such as:

• Tax and accounting obligations
• Responding to lawful requests from authorities
• Maintaining records as required by professional standards

Your Rights Under GDPR

Data protection law provides you with specific rights regarding your personal data. We are committed to respecting and facilitating these rights.

Right to Be Informed

You have the right to clear, transparent information about how we use your data. This notice, along with our Privacy Policy and Cookies Policy, fulfils this requirement.

Right of Access

You can request a copy of the personal data we hold about you. We will respond to your request within one month, providing the information in a commonly used electronic format unless you request otherwise.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. Please inform us of any changes to your information so we can keep our records accurate.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including:

• When the data is no longer necessary for its original purpose
• When you withdraw consent (where consent was the legal basis)
• When you successfully object to processing
• When data has been unlawfully processed

Note that we may need to retain certain data for legal or professional obligations.

Right to Restrict Processing

You can request that we limit the processing of your data in certain situations, such as while we verify the accuracy of your data or assess an objection you have raised.

Right to Data Portability

Where technically feasible, you can request to receive your personal data in a structured, commonly used, machine-readable format, or have it transmitted directly to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with your request. To help us locate your records efficiently, please include:

• Your full name
• The email address associated with our services
• A clear description of your request

We may need to verify your identity before processing your request. We will respond within one month, or inform you if we need additional time (up to two months for complex requests).

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Transfers to countries with adequate data protection laws
• Standard contractual clauses approved by the ICO
• Other lawful mechanisms ensuring equivalent protection

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data during transmission and storage
• Regular testing and evaluation of security measures
• Access controls limiting data access to authorised personnel
• Secure disposal of data no longer required
• Staff training on data protection and security
• Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay.

Complaints

If you are dissatisfied with how we handle your personal data, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:

Updates to This Information

We may update this GDPR compliance information from time to time. Significant changes will be communicated through our website or directly to affected individuals where appropriate.

This page was last reviewed in January 2024.