GDPR Compliance

Last updated: January 2024

Hyper-Crypt Financial Consultants Ltd takes data protection seriously. This page outlines our commitment to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our Commitment

We are committed to processing personal data lawfully, fairly, and transparently. As a financial services provider, we understand the sensitive nature of the information entrusted to us and maintain rigorous standards for its protection.

Data Controller Information

Hyper-Crypt Financial Consultants Ltd acts as the data controller for personal information collected through our website and in the course of providing our services.

Registered Address: Suite 412, Piccadilly Business Centre, 67 Piccadilly, Manchester M1 2BS

Company Number: 09847623

Contact for Data Matters: [email protected]

Lawful Bases for Processing

We only process personal data when we have a valid lawful basis. The bases we rely upon include:

Contract Performance

When you engage our services, we process your personal data as necessary to fulfil our contractual obligations. This includes collecting financial information to provide advice, maintaining records of our work together, and communicating about your account.

Legal Obligations

As a regulated financial services firm, we are required to collect and retain certain information to comply with anti-money laundering regulations, financial services rules, and tax reporting requirements.

Legitimate Interests

We may process data for our legitimate business interests where those interests do not override your fundamental rights. Examples include improving our services, protecting against fraud, and administering our business effectively.

Consent

Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time. This applies primarily to optional communications and non-essential cookies.

Your Rights Under GDPR

The GDPR provides you with specific rights regarding your personal data:

Right of Access

You may request confirmation of whether we process your personal data and, if so, request a copy of that data. We will provide this information free of charge within one month of your request.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will act on valid rectification requests without undue delay.

Right to Erasure

In certain circumstances, you may request that we delete your personal data. This right applies where the data is no longer necessary for its original purpose, where you withdraw consent, or where we have no overriding legitimate ground to continue processing.

Please note that regulatory requirements may prevent us from erasing certain data, particularly records relating to financial advice provided.

Right to Restriction

You may request that we restrict processing of your data in specific circumstances, such as while we verify the accuracy of contested data or where processing is unlawful but you do not want erasure.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

Right to Object

You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal effects or significantly affect you.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with your request. To help us locate your data and respond efficiently, please provide:

  • Your full name and contact details
  • Enough information to identify your relationship with us
  • A clear description of the right you wish to exercise

We will acknowledge your request within 72 hours and provide a full response within one month. If your request is complex, we may extend this by two months, but we will inform you of any extension within the initial month.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data both in transit and at rest
  • Regular testing and evaluation of security measures
  • Access controls ensuring data is only available to authorised personnel
  • Secure disposal procedures for data no longer required
  • Regular staff training on data protection principles
  • Incident response procedures for potential data breaches

Data Breach Procedures

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where a breach is likely to result in a high risk, we will also inform affected individuals without undue delay.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK authorities.

Data Protection Impact Assessments

Where processing is likely to result in high risk to individuals, we conduct Data Protection Impact Assessments to identify and minimise risks. This ensures privacy considerations are embedded in our processes.

Third-Party Processors

Where we engage third parties to process data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance. All processors are bound by data processing agreements that require them to process data only on our instructions and implement appropriate security measures.

Retention of Data

We retain personal data only for as long as necessary for the purposes for which it was collected or to comply with legal requirements. Our retention periods are:

  • Client engagement records: Seven years from the end of the engagement
  • Financial advice documentation: Indefinitely, as required by FCA regulations
  • Marketing contact data: Until consent is withdrawn
  • Website analytics: Twenty-six months

Supervisory Authority

If you believe we have not handled your data in compliance with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns directly before you approach the ICO, so please contact us first if possible.

Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Contact Us

For any questions about our GDPR compliance or data protection practices, please contact:

Hyper-Crypt Financial Consultants Ltd
Suite 412, Piccadilly Business Centre
67 Piccadilly, Manchester M1 2BS
Email: [email protected]