GDPR Compliance

Our commitment to protecting your data rights under the General Data Protection Regulation.

Last updated: January 2024

Our Commitment to GDPR

voltix-dash Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take data protection seriously and have implemented measures to ensure your personal information is handled responsibly and securely.

This page provides information about how we comply with data protection regulations and explains your rights as a data subject.

Data Controller Information

voltix-dash Ltd acts as the data controller for personal information collected through our website and services. Our details are:

voltix-dash Ltd
42 Finsbury Square
London, EC2A 1PX
United Kingdom

Email: [email protected]
Company Number: 08274591

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. Depending on the circumstances, we may rely on one or more of the following:

Consent

Where you have given us explicit permission to process your data for a specific purpose. You may withdraw consent at any time by contacting us.

Contractual Necessity

Where processing is required to fulfil a contract with you or to take steps at your request before entering into a contract. This applies when you book our consultation services.

Legitimate Interests

Where processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights. Examples include improving our services and maintaining security.

Legal Obligation

Where we must process your data to comply with a legal requirement, such as maintaining financial records for tax purposes.

Your Rights Under GDPR

The GDPR provides you with specific rights regarding your personal data. We are committed to respecting these rights:

Right to Be Informed

You have the right to know how we collect and use your personal data. This page and our Privacy Policy provide this information.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. Contact us with details of what needs to be updated.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restrict Processing

You can ask us to limit how we use your personal data. This might apply while we verify the accuracy of your data or assess a request for erasure.

Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format so you can transfer it to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making in our services.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the following methods:

  • Email: [email protected] with "Data Protection Request" in the subject line
  • Post: Data Protection, voltix-dash Ltd, 42 Finsbury Square, London, EC2A 1PX

To help us respond efficiently, please include:

  • Your full name and contact details
  • A clear description of the right you wish to exercise
  • Any relevant details to help us locate your information

We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests.

Data We Collect

We collect and process the following categories of personal data:

  • Identity data: Name and title
  • Contact data: Email address and postal address
  • Financial data: Information you share with us during consultations about your financial situation (income, expenses, debts, savings)
  • Technical data: IP address, browser type, device information
  • Usage data: How you interact with our website
  • Communication data: Your preferences for receiving communications from us

Data Security Measures

We have implemented appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit using TLS/SSL
  • Secure storage systems with access controls
  • Regular security reviews and updates
  • Staff training on data protection principles
  • Incident response procedures for potential data breaches
  • Confidentiality agreements with any third-party processors

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are:

  • Consultation records: 7 years from the end of our business relationship
  • Marketing communications: Until you unsubscribe or 3 years of inactivity
  • Website analytics: 26 months
  • Email correspondence: 3 years unless related to a service

After these periods, data is securely deleted or anonymised.

International Data Transfers

We primarily store and process data within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequate data protection laws
  • Standard contractual clauses approved by the ICO
  • Other appropriate safeguards as required by law

Third-Party Processors

We may share personal data with third-party service providers who assist with our operations. These include:

  • Website hosting providers
  • Email service providers
  • Payment processors
  • Analytics services

All third-party processors are required to process data only as instructed by us and to maintain appropriate security measures.

Data Breach Procedures

In the event of a personal data breach, we will:

  • Assess the risk to individuals' rights and freedoms
  • Notify the Information Commissioner's Office within 72 hours if required
  • Inform affected individuals without undue delay if the breach is likely to result in high risk
  • Document all breaches and our response actions

Complaints

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve your concern.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF

Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date. We recommend checking this page periodically for any updates.