GDPR Compliance

Last updated: January 2024

This page provides detailed information about how brisk-moon complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our data protection obligations seriously and have implemented measures to ensure your personal information is handled appropriately.

Our Commitment to Data Protection

As a financial advisory firm, we process significant amounts of personal and sensitive information. We recognise the trust you place in us when sharing this data and are committed to meeting the highest standards of data protection. Our practices are designed to ensure lawfulness, fairness, and transparency in all data processing activities.

Data Controller Information

Brisk-moon acts as the data controller for personal information collected through our advisory services and website. This means we determine the purposes and means of processing your data.

Data Controller: brisk-moon Pension Advisory
Address: 47 St Peter's Square, Manchester, M2 3NQ
Email: [email protected]

Lawful Basis for Processing

We only process personal data when we have a valid legal ground. The lawful bases we rely upon include:

Contractual Necessity

When you engage us for pension advisory services, we process your personal data as necessary to fulfil our contractual obligations. This includes collecting financial information to prepare advice, communicating with you about your engagement, and implementing recommendations.

Legal Obligations

As a regulated financial advisory firm, we are required to collect and retain certain information to comply with Financial Conduct Authority rules, anti-money laundering regulations, and other legal requirements. We must verify client identity, maintain records of advice given, and report to regulators when required.

Legitimate Interests

We process some data based on our legitimate business interests, provided these do not override your rights. Examples include improving our services based on client feedback, maintaining business records, and protecting against fraud.

Consent

For marketing communications and certain optional cookies, we rely on your consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access

You may request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge in most circumstances. If your request is complex or you have made multiple requests, we may extend this period by two months.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request correction. We will address rectification requests within one month.

Right to Erasure

In certain circumstances, you may request deletion of your personal data. This right does not apply where we need to retain data for legal or regulatory compliance. Given our regulatory obligations to maintain client records, erasure requests may be limited in scope.

Right to Restrict Processing

You may request that we limit how we use your data in certain circumstances, such as while we verify accuracy or assess an objection request.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a commonly used, machine-readable format.

Right to Object

You may object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Our pension advice involves human assessment and judgement.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond within one month, though complex requests may require additional time.

Data Security Measures

We implement technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and vulnerability testing
  • Staff training on data protection requirements
  • Secure disposal of data when no longer required
  • Incident response procedures for potential breaches

Data Breach Procedures

In the event of a personal data breach, we have procedures to:

  • Assess the risk to individuals
  • Notify the Information Commissioner's Office within 72 hours where required
  • Communicate with affected individuals when there is a high risk to their rights
  • Document all breaches and our response

International Transfers

We primarily store and process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Third-Party Processors

Where we engage third parties to process data on our behalf, we ensure appropriate data processing agreements are in place. These contracts require processors to implement suitable security measures and only process data according to our instructions.

Data Protection Impact Assessments

For processing activities that are likely to result in high risk to individuals, we conduct Data Protection Impact Assessments to evaluate and mitigate risks before processing begins.

Record Keeping

We maintain records of our processing activities as required by Article 30 of the UK GDPR. These records document the categories of data processed, purposes, retention periods, and security measures.

Complaints

If you are dissatisfied with how we have handled your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our data protection practices regularly and may update this page accordingly. Material changes will be communicated to clients directly.