Our commitment to protecting your data rights under data protection legislation.
Last updated: January 2024
lite-shield Financial Education Ltd takes data protection seriously. Following the United Kingdom's departure from the European Union, we continue to adhere to the high standards set by the General Data Protection Regulation (GDPR) as incorporated into UK law through the UK GDPR and the Data Protection Act 2018.
This page provides specific information about how we comply with data protection requirements and how you can exercise your rights as a data subject.
lite-shield Financial Education Ltd is the data controller for the personal information we collect and process. This means we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is carried out in accordance with the law.
Our contact details are:
lite-shield Financial Education Ltd
47 Queen Street
Edinburgh EH2 3NH
United Kingdom
Email: [email protected]
We adhere to the fundamental principles of data protection:
We only process personal data when we have a valid legal basis to do so. Depending on the circumstances, we rely on one or more of the following:
When you engage our services, we process your personal data as necessary to perform our contract with you. This includes using your contact information to communicate about services, processing financial information you provide to deliver relevant education, and maintaining records of our work together.
We may process personal data where we have a legitimate business interest, provided that interest is not overridden by your rights and freedoms. Our legitimate interests include:
For certain processing activities, we ask for your explicit consent. This typically applies to:
You may withdraw consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
In some cases, we are legally required to process personal data to comply with our obligations under UK law. This may include retaining certain records for regulatory purposes or responding to lawful requests from authorities.
Data protection law gives you specific rights over your personal data. We are committed to respecting these rights and facilitating their exercise.
You have the right to obtain confirmation that we are processing your personal data and to access that data along with certain supplementary information. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month of receipt.
If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will act on reasonable requests without undue delay.
In certain circumstances, you have the right to request that we delete your personal data. This right is not absolute and applies when:
You may request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing pending verification of whether our legitimate grounds override yours.
Where processing is based on consent or contractual necessity and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You have an absolute right to object to processing for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not currently make such decisions, but if this changes, we will inform you and ensure appropriate safeguards are in place.
To exercise any of your rights, please contact us at [email protected] or write to us at the address provided above. To help us respond effectively, please:
We do not charge a fee for responding to rights requests in most circumstances. We may charge a reasonable fee if a request is manifestly unfounded or excessive, or we may refuse to act on such requests.
We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this by a further two months, in which case we will notify you.
We primarily process and store personal data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK authorities or transfers to countries with adequacy decisions.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
If you have concerns about how we handle your personal data, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk
We may update this GDPR compliance information from time to time. Any significant changes will be communicated through our website. We encourage you to review this page periodically to stay informed about how we protect your data.