GDPR Information

Understanding your data protection rights under UK GDPR

Our Commitment to Data Protection

Flashy Gear is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about your rights and how we comply with data protection legislation.

Data Controller Information

For the purposes of UK GDPR, the data controller is:

Flashy Gear
45 King Street
Manchester M2 6AH
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The specific lawful basis depends on the purpose for which we use your data:

Contract Performance

When you engage our services, we need to process your personal information to fulfill our contractual obligations. This includes providing financial advice, preparing reports, and managing your account.

Legitimate Interests

We may process your data when we have a legitimate business interest that does not override your fundamental rights. For example, we process data to improve our services, prevent fraud, and maintain business records.

Legal Obligation

As a financial services firm, we are subject to various legal and regulatory requirements. We must process certain data to comply with obligations including anti-money laundering regulations, tax laws, and professional standards.

Consent

In some cases, we ask for your explicit consent before processing your data. For example, we obtain consent before sending you marketing communications. You can withdraw consent at any time.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide this information free of charge within one month of receiving your request.

When making a request, please provide sufficient detail to help us locate your information. We may ask for proof of identity to ensure we release information only to the correct person.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will make the necessary changes and notify any third parties with whom we have shared the information, where appropriate.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. This right applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

This right is not absolute. We may need to retain certain information to comply with legal or regulatory obligations.

Right to Restriction of Processing

You can request that we limit how we use your personal data in the following situations:

  • You contest the accuracy of the data while we verify it
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need the data but you require it to establish, exercise, or defend legal claims
  • You have objected to processing pending verification of whether our legitimate grounds override yours

Right to Data Portability

Where technically feasible, you can request that we provide your personal data in a structured, commonly used, machine-readable format. You can also request that we transfer this data directly to another organization.

This right applies when processing is based on consent or contract performance and is carried out by automated means.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object to direct marketing, we will stop processing your data for that purpose immediately.

For objections based on legitimate interests, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not typically engage in automated decision-making, but if we do, we will inform you and provide an opportunity to contest the decision.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

Email: [email protected]
Post: Data Protection Officer, Flashy Gear, 45 King Street, Manchester M2 6AH

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, in which case we will inform you of the extension and the reasons for it.

We do not charge a fee for most requests. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with such requests.

Data Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls limiting who can view personal data
  • Staff training on data protection and security
  • Secure backup and disaster recovery procedures
  • Confidentiality agreements with employees and third parties

Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also report the breach to the Information Commissioner's Office within 72 hours of becoming aware of it, as required by law.

International Transfers

Your personal data is primarily stored and processed within the United Kingdom. If we transfer your data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules
  • Other mechanisms approved under UK GDPR

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our retention periods are based on:

  • Legal and regulatory requirements
  • The nature of our relationship with you
  • Potential legal claims or disputes
  • Best practices in our industry

Financial advice records are typically retained for at least six years after the relationship ends. Some categories of data may be retained longer when required by law.

Children's Data

Our services are not intended for individuals under 18 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected such data, we will delete it promptly.

Third-Party Processors

When we engage third parties to process personal data on our behalf, we ensure they:

  • Process data only according to our documented instructions
  • Implement appropriate security measures
  • Maintain confidentiality
  • Assist us in meeting our GDPR obligations
  • Delete or return data when the processing relationship ends

We conduct due diligence on all processors and maintain written agreements that meet GDPR requirements.

Privacy by Design

We incorporate data protection considerations into all our business processes and systems. This includes implementing appropriate technical and organizational measures from the outset and throughout the data lifecycle.

Complaints and Concerns

If you have concerns about how we handle your personal data, please contact us first so we can address the issue. If you remain unsatisfied, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: flashy-gear.com

Updates to This Information

We may update this GDPR information from time to time to reflect changes in legislation or our practices. Significant changes will be communicated to you directly where appropriate.

Further Information

For more details about how we collect, use, and protect your personal data, please see our Privacy Policy.

If you have questions about your data protection rights or our GDPR compliance, please contact us at [email protected].