Privacy Policy

Last updated: January 2024

Introduction

Frost-Shock Financial Management ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We take data protection seriously and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully to understand our practices regarding your personal data.

Information We Collect

Information You Provide Directly

When you engage with our services or contact us, we may collect:

  • Name and contact details (email address, postal address)
  • Financial information necessary for providing our services (income details, expense records, debt information, savings data)
  • Employment information
  • Identification documents where required for regulatory purposes
  • Communication records from emails, consultations, and correspondence

Information Collected Automatically

When you visit our website, we may automatically collect:

  • Device information (browser type, operating system)
  • IP address and approximate location
  • Pages visited and time spent on our site
  • Referring website or search terms used

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and improve our financial management services
  • To communicate with you about your enquiries and our services
  • To create and maintain your client records
  • To comply with legal and regulatory obligations
  • To analyse website usage and improve user experience
  • To send service updates and relevant information (with your consent)

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide services you have requested
  • Legal obligation: Processing required to comply with regulatory requirements
  • Legitimate interests: Processing for business purposes where your rights do not override our interests
  • Consent: Where you have given explicit consent for specific processing activities

Data Sharing

We do not sell your personal information. We may share your data with:

  • Professional advisers (accountants, lawyers) when necessary for service delivery
  • Regulatory bodies when legally required
  • Service providers who assist our operations (IT support, cloud storage) under strict data processing agreements

Any third parties we work with are required to protect your data in accordance with applicable law and our instructions.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and updates
  • Staff training on data protection practices
  • Secure physical storage for paper records

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Typical retention periods are:

  • Client records: 7 years after the end of the client relationship
  • Financial records: 6 years as required by HMRC
  • Marketing consent records: Until consent is withdrawn
  • Website analytics: 26 months

Your Rights

Under data protection law, you have rights including:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data in certain circumstances
  • Restriction: Request limitation of processing in certain circumstances
  • Portability: Request transfer of your data to another organisation
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month.

International Transfers

Your data is primarily stored and processed within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website with a new "last updated" date.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Frost-Shock Financial Management
Data Protection Officer
47 Castle Gate
Nottingham, NG1 7AP
Email: [email protected]

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

We Value Your Privacy

We use cookies to enhance your browsing experience and analyse site traffic. By clicking "Accept All", you consent to our use of cookies.

Cookie Preferences

Necessary Cookies

Required for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign performance.