GDPR Compliance

Your data protection rights and our commitment to compliance

Our Commitment to Data Protection

QuidbridgeTechAI is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognise the importance of safeguarding your privacy and have implemented comprehensive measures to ensure compliance with data protection legislation.

This page outlines our GDPR compliance practices and explains your rights under current data protection law.

Data Controller Information

For the purposes of data protection legislation, QuidbridgeTechAI acts as the data controller for personal information collected through our website and services.

QuidbridgeTechAI
42 Kingsway, Holborn
London WC2B 6EX
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal grounds we rely upon include:

Consent

In certain situations, we process your data based on consent you have explicitly provided. This applies to marketing communications and non-essential cookies. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Contract Performance

When you engage our services, we process personal data as necessary to fulfil our contractual obligations to you. This includes delivering financial advisory services, conducting consultations, and providing ongoing support.

Legitimate Interests

We may process data based on legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Legitimate interests include improving our services, maintaining website security, preventing fraud, and conducting business operations efficiently.

Legal Obligation

Some processing is necessary to comply with legal obligations imposed on us, including tax regulations, financial service requirements, and data protection laws themselves.

Your GDPR Rights

Under UK GDPR, you have comprehensive rights regarding your personal data. We respect these rights and provide mechanisms for you to exercise them:

Right of Access

You have the right to obtain confirmation whether we process your personal data and, if so, to access that data along with specific information about the processing. You can request a copy of your personal data in a commonly used electronic format.

To exercise this right, contact us at [email protected]. We will respond within one month, though this may be extended by two additional months for complex requests.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed. We encourage you to inform us promptly if you notice any inaccuracies so we can update our records.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in specific circumstances:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

This right is not absolute. We may need to retain certain information to comply with legal obligations or establish legal claims.

Right to Restriction of Processing

You can request that we limit how we use your personal data in certain situations:

  • You contest the accuracy of the data while we verify it
  • Processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing while we verify our legitimate grounds

Right to Data Portability

Where processing is based on consent or contract performance and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format. You can also request that we transmit this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object to direct marketing, we will cease such processing immediately. For objections based on legitimate interests, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant impacts. We do not currently engage in automated decision-making that would fall under this provision, but we inform you of this right for completeness.

How We Protect Your Data

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls limiting data access to authorised personnel only
  • Staff training on data protection principles and practices
  • Secure data backup and recovery procedures
  • Confidentiality agreements with employees and third-party processors
  • Regular review and update of security measures

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will also report relevant breaches to the Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by law.

We maintain incident response procedures to quickly identify, assess, and respond to potential data breaches, minimising any impact on affected individuals.

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we ensure they provide sufficient guarantees regarding data protection compliance. We enter into written contracts with processors that:

  • Specify the subject matter, duration, nature, and purpose of processing
  • Define the types of personal data and categories of data subjects
  • Outline the rights and obligations of both parties
  • Require appropriate technical and organisational security measures
  • Mandate cooperation with supervisory authorities
  • Ensure deletion or return of data after service provision ends

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognising equivalent data protection standards
  • Standard contractual clauses approved by relevant authorities
  • Binding corporate rules for intra-group transfers
  • Other mechanisms approved under data protection legislation

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Our retention schedules consider:

  • The nature and sensitivity of the data
  • The purposes for which it was collected
  • Legal, regulatory, and contractual obligations
  • Legitimate business needs

When personal data is no longer required, we securely delete or anonymise it to prevent identification of individuals.

Children's Data

Our services are not directed at children under sixteen years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete that information.

Privacy by Design and Default

We implement data protection principles from the earliest stages of designing systems, services, and processes. This includes:

  • Minimising data collection to only what is necessary
  • Implementing privacy-friendly default settings
  • Ensuring transparency in data processing activities
  • Enabling individuals to exercise their rights easily
  • Conducting data protection impact assessments for high-risk processing

Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]

We will respond to your request within one month. In some cases, particularly for complex requests, this period may be extended by an additional two months. We will inform you of any extension within the initial one-month period.

We do not charge a fee for processing most requests unless they are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee or refuse to act on the request.

Complaints and Supervisory Authority

If you believe we have not handled your personal data appropriately or have concerns about our data protection practices, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Telephone: 0303 123 1113

Website: www.ico.org.uk

Updates to This Information

We may update our GDPR compliance information periodically to reflect changes in our practices or legal requirements. Significant updates will be communicated through our website, and we encourage you to review this page regularly.

Contact Us

For questions about our GDPR compliance, your data protection rights, or our processing activities, please contact us at [email protected]. We are committed to addressing your concerns and ensuring your rights are respected.