GDPR Compliance

Our commitment to protecting your personal data under UK GDPR

Our GDPR Commitment

trendy-compass is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibility to protect your personal data seriously and have implemented comprehensive measures to ensure your rights are respected.

Data Controller Information

For the purposes of UK GDPR, trendy-compass acts as the data controller for personal information collected through our website and in the course of providing our financial services.

Data Controller: trendy-compass Financial Services
Address: 45 Threadneedle Street, London EC2R 8AH, United Kingdom
Contact: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The legal bases we rely on include:

Consent

Where you have given clear, affirmative consent for us to process your personal data for specific purposes, such as receiving marketing communications. You may withdraw your consent at any time by contacting us.

Contract

Where processing is necessary to fulfill our contractual obligations to you as a client or to take steps at your request before entering into a contract for our financial services.

Legal Obligation

Where we must process your data to comply with legal and regulatory requirements, including anti-money laundering regulations, tax obligations, and financial services regulations.

Legitimate Interests

Where processing is necessary for our legitimate business interests or those of a third party, provided these interests are not overridden by your rights and freedoms. This includes:

  • Improving and developing our services
  • Preventing fraud and ensuring security
  • Network and information security
  • Internal administrative purposes

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request, unless the request is manifestly unfounded or excessive.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you. We will correct such data within one month of becoming aware of the inaccuracy.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Please note that we may be unable to delete certain data if we have a legal obligation to retain it, such as financial records required for regulatory compliance.

Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain situations, such as:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing pending verification of legitimate grounds

Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data where:

  • Processing is based on legitimate interests or public interest
  • Processing is for direct marketing purposes
  • Processing is for scientific, historical research, or statistical purposes

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. Currently, we do not engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following details:

Email: [email protected]
Post: trendy-compass Financial Services, 45 Threadneedle Street, London EC2R 8AH, United Kingdom

When making a request, please provide:

  • Your full name and contact information
  • Details of the specific right you wish to exercise
  • Any information that will help us locate your data
  • Proof of identity (we may request this to protect your data from unauthorized access)

We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by up to two months, in which case we will inform you and explain the reason for the delay.

Data Security Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls and authentication measures
  • Staff training on data protection and security
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery planning

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and contractual obligations. Our retention periods are based on:

  • The nature and sensitivity of the data
  • The purposes for which it is processed
  • Legal and regulatory requirements
  • The potential risk of harm from unauthorized use or disclosure

For financial services clients, we typically retain records for seven years from the end of the client relationship to comply with regulatory requirements.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules
  • Other legally recognized transfer mechanisms

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. We will also notify the Information Commissioner's Office (ICO) as required by law.

Third-Party Data Processors

We may engage third-party service providers to process personal data on our behalf. When we do so, we:

  • Conduct due diligence to ensure they provide sufficient guarantees
  • Enter into written contracts that meet GDPR requirements
  • Ensure they process data only on our documented instructions
  • Monitor their compliance with data protection obligations

Children's Data

Our services are not directed at children under 18 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website and, where appropriate, by direct communication to affected individuals.

Complaints and Supervisory Authority

If you believe we have not complied with your data protection rights, you may lodge a complaint with us first by contacting [email protected]. We take all complaints seriously and will investigate thoroughly.

You also have the right to lodge a complaint directly with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your data protection rights, please contact us:

Email: [email protected]
Post: trendy-compass Financial Services, 45 Threadneedle Street, London EC2R 8AH, United Kingdom