GDPR Compliance

Our commitment to protecting your data rights

Last updated: January 2024

QuidbridgeTechAI is committed to ensuring the protection of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and explains your rights as a data subject.

Our Role as Data Controller

QuidbridgeTechAI acts as the data controller for personal information collected through our website and in connection with our financial education services. As controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with data protection legislation.

Contact Details

QuidbridgeTechAI
47 Chancery Lane
London, WC2A 1PL
United Kingdom
Email: [email protected]

Data Protection Principles

We adhere to the fundamental principles set out in UK GDPR. Your personal data will be:

  • Processed lawfully, fairly, and transparently: We only process data when we have a valid legal basis and always explain how your data will be used
  • Collected for specified, explicit, and legitimate purposes: We clearly define why we need your data and do not use it for unrelated purposes
  • Adequate, relevant, and limited: We only collect data that is necessary for the stated purposes
  • Accurate and kept up to date: We take reasonable steps to ensure data accuracy and correct inaccuracies promptly
  • Retained only as long as necessary: We do not keep your data longer than required for its intended purpose
  • Processed securely: We implement appropriate measures to protect against unauthorised access, loss, or damage

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal grounds we rely upon include:

Consent

Where you have freely given clear consent for us to process your personal data for a specific purpose. For example, when you subscribe to our newsletter or agree to receive marketing communications.

Contractual Necessity

Where processing is necessary to fulfil a contract with you or to take steps at your request before entering into a contract. This includes processing required to deliver our financial education services.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. Examples include fraud prevention, improving our services, and direct marketing to existing clients.

Legal Obligation

Where processing is necessary to comply with a legal obligation, such as maintaining financial records or responding to regulatory enquiries.

Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal information:

Right to Be Informed

You have the right to receive clear, transparent information about how we use your personal data. This notice and our Privacy Policy fulfil this obligation.

Right of Access

You may request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If you believe personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will respond within one month.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including:

  • When the data is no longer necessary for the purpose it was collected
  • When you withdraw consent and there is no other legal basis for processing
  • When you object to processing and there are no overriding legitimate grounds
  • When data has been unlawfully processed

Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing pending verification of legitimate grounds.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We may need to verify your identity before fulfilling your request.

We aim to respond to all valid requests within one month. In complex cases or where we receive numerous requests, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

Exercising your rights is generally free of charge. However, we may charge a reasonable fee for manifestly unfounded or excessive requests, or we may refuse to act on such requests.

Data Security Measures

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it, including:

  • Encryption of data in transit and at rest where appropriate
  • Secure access controls and authentication procedures
  • Regular security assessments and updates
  • Staff training on data protection and security practices
  • Incident response procedures for potential data breaches

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

International Transfers

If we transfer personal data outside the United Kingdom, we ensure that appropriate safeguards are in place to protect your information. These safeguards may include:

  • Transfers to countries with adequate data protection laws
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules for intra-group transfers

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are determined based on:

  • The nature of the data and the purposes of processing
  • Legal, regulatory, and contractual requirements
  • Operational needs and legitimate business interests

When personal data is no longer required, we securely delete or anonymise it.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this notice periodically.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We use cookies to improve your experience on our site. By continuing to browse, you agree to our use of cookies. Learn more

Cookie Preferences

We use different types of cookies to optimise your experience. Choose which cookies you allow below.

Necessary Cookies

Required for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign performance.

Preference Cookies

Remember your settings and preferences for a better experience.