GDPR Compliance

Your data protection rights

Our Commitment to Data Protection

Spectra Glide Financial Services Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page provides specific information about your rights under these regulations and how we fulfill our obligations as a data controller.

Data Controller Information

Data Controller: Spectra Glide Financial Services Ltd
Registered Address: 29 Castle Street, Liverpool L2 4SU, United Kingdom
Company Number: 09127456
ICO Registration Number: ZA543876
Contact Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a valid legal basis to do so. For our clients and prospective clients, we rely on the following legal grounds:

Contractual Necessity

Processing your financial information is essential to providing the advisory services outlined in our engagement agreements. Without this information, we cannot deliver the services you've requested.

Legal Obligations

As a regulated financial services firm, we are legally required to collect and retain certain client information to comply with Financial Conduct Authority regulations, anti-money laundering legislation, and tax reporting requirements.

Legitimate Interests

We process some information based on legitimate business interests, such as maintaining client records for quality assurance, defending legal claims, and improving our services. We balance these interests against your privacy rights and provide safeguards to protect your data.

Consent

For marketing communications and certain optional data uses, we rely on your explicit consent. You can withdraw consent at any time without affecting other aspects of our service.

Your Rights Under UK GDPR

UK data protection law grants you specific rights regarding your personal information. Here's what you can request and how to exercise these rights:

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This is provided through our privacy policy and client documentation.

Right of Access

You can request a copy of all personal data we hold about you, free of charge. This is commonly known as a Subject Access Request. We will provide this information within one month, along with details about how we use it, who we share it with, and how long we keep it.

How to request: Email [email protected] with "Subject Access Request" in the subject line. We may ask for identification to verify your identity before releasing information.

Right to Rectification

If personal information we hold is inaccurate or incomplete, you can request that we correct it. This is particularly important for financial data where accuracy affects the quality of our advice.

How to request: Simply inform us of the inaccuracy and we'll update our records promptly. For significant changes, we may ask for supporting documentation.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances, such as when the information is no longer necessary for the purpose it was collected.

Important limitation: As a regulated financial firm, we are legally required to retain client records for at least six years after a relationship ends. We cannot erase data where retention is legally mandated, but we will delete information once the retention period expires.

Right to Restrict Processing

You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of information or object to processing based on legitimate interests. During a restriction period, we will store your data but not actively use it except with your consent or for legal claims.

Right to Data Portability

Where we process your data based on consent or contract, and do so by automated means, you can request that we provide your information in a structured, machine-readable format. You can also request that we transmit this data directly to another provider where technically feasible.

This right facilitates moving between financial advisors if you choose to do so.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

For direct marketing, we must stop processing immediately upon receiving your objection. For other legitimate interest processing, we will cease unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant impacts. Our financial planning process involves human advisors making all meaningful decisions. While we use software tools for analysis, no automated system makes final recommendations without advisor review.

How to Exercise Your Rights

To exercise any of the rights described above, contact us at [email protected]. Please specify which right you wish to exercise and provide sufficient information to verify your identity.

We aim to respond to all requests within one month. If your request is particularly complex or we receive multiple requests from you, we may extend this period by two additional months. We'll inform you of any extension within the first month.

We do not charge fees for most requests. However, if a request is clearly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse the request.

Data Protection Measures

We implement appropriate technical and organisational measures to protect your personal data:

Technical Security

  • Encryption of data in transit and at rest
  • Secure servers with regular security updates
  • Multi-factor authentication for system access
  • Regular penetration testing and vulnerability assessments
  • Secure backup systems with off-site storage

Organisational Measures

  • Access controls limiting staff access to client data on a need-to-know basis
  • Regular data protection training for all staff
  • Clear policies on data handling and retention
  • Confidentiality agreements with all staff and contractors
  • Regular reviews of data processing activities

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. We will also notify the Information Commissioner's Office as required by law.

Notifications will include the nature of the breach, likely consequences, and measures taken to address it.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK authorities or transfers to countries with adequacy decisions.

Currently, some of our IT service providers use cloud servers located in the European Economic Area, which has adequacy status under UK law.

Data Protection Impact Assessments

For high-risk processing activities, we conduct Data Protection Impact Assessments to identify and mitigate privacy risks. This ensures that privacy considerations are built into our systems and processes from the outset.

Third-Party Processors

When we engage third parties to process data on our behalf, we ensure they comply with UK GDPR through written contracts that specify their obligations, limit their use of data, and require appropriate security measures.

We regularly audit processor compliance and only work with reputable providers who demonstrate strong data protection practices.

Retention Periods

We retain personal data only as long as necessary for the purposes it was collected and to meet legal obligations:

  • Active client records: Retained for the duration of our relationship
  • Former client records: Minimum six years after relationship ends, as required by FCA regulations
  • Enquiries that don't become clients: Deleted after two years unless there's a legitimate reason for longer retention
  • Marketing consent records: Retained until consent is withdrawn, then deleted within 30 days
  • Website analytics: 12-24 months depending on data type

Complaints and Further Information

If you have concerns about how we handle your personal data, please contact us first so we can address the issue:

Email: [email protected]
Subject line: "Data Protection Concern"

If you remain dissatisfied after we've responded, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to GDPR Practices

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR. Material changes to how we process personal data will be communicated to affected individuals.

This GDPR information page was last reviewed in April 2026.