GDPR Compliance

Your data protection rights under UK law

Our Commitment to Data Protection

Frost-Shock Financial Management is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection programme in place which complies with existing law and abides by the data protection principles.

We recognise our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and are committed to processing your data in accordance with those regulations.

Data Controller Information

For the purposes of the UK GDPR, Frost-Shock Ltd is the data controller responsible for your personal data.

Company: Frost-Shock Ltd
Address: 47 Castle Gate, Nottingham, NG1 7AP
Email: [email protected]
ICO Registration: ZA847291

Your Rights Under GDPR

The UK GDPR provides the following rights for individuals. We are committed to upholding these rights:

Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This includes information about how we use your data, how long we retain it, and who we share it with. We provide this information through our Privacy Policy and at the point of data collection.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month and provide the information free of charge in most circumstances.

Right to Rectification

If you believe that any information we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will respond to your request within one month.

Right to Erasure

Also known as the "right to be forgotten", you can request the deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose we originally collected it
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note that we may need to retain certain information for legal or regulatory reasons.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing of it.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller. This right applies to data you have provided to us where processing is based on consent or contract and carried out by automated means.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes. Where you object to direct marketing, we will stop processing your data for that purpose.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling. We do not currently make decisions based solely on automated processing that produce legal effects concerning you.

How We Protect Your Data

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of the effectiveness of security measures
  • Staff training and awareness programmes
  • Access controls and authentication procedures
  • Regular security audits and assessments
  • Incident response procedures

Data Processing Activities

We process personal data for the following purposes:

  • Providing financial management services to clients
  • Managing client relationships and communications
  • Complying with legal and regulatory obligations
  • Improving our services and website functionality
  • Marketing our services (with consent)

Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so. The lawful bases we rely on include:

  • Contractual necessity: Processing required to perform our services
  • Legal obligation: Processing required by law (e.g., regulatory requirements)
  • Legitimate interests: Processing for legitimate business purposes that do not override your rights
  • Consent: Where you have freely given, specific, informed, and unambiguous consent

Data Retention

We only retain personal data for as long as necessary to fulfil the purposes for which it was collected, and to satisfy any legal, regulatory, accounting, or reporting requirements. We have implemented data retention policies that specify retention periods for different categories of data.

International Data Transfers

We primarily process data within the United Kingdom. Where data needs to be transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breaches

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Exercising Your Rights

To exercise any of your rights under the GDPR, please contact us:

Email: [email protected]
Post: Data Protection Officer, Frost-Shock Ltd, 47 Castle Gate, Nottingham, NG1 7AP

We may need to verify your identity before processing your request. We will respond to all legitimate requests within one month. Occasionally, it may take longer if your request is particularly complex, in which case we will notify you and keep you updated.

Complaints

If you are unhappy with how we have handled your personal data or believe we are not complying with data protection law, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

Last updated: January 2024

We Value Your Privacy

We use cookies to enhance your browsing experience and analyse site traffic. By clicking "Accept All", you consent to our use of cookies.

Cookie Preferences

Necessary Cookies

Required for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign performance.