GDPR Compliance

Last updated: January 2024

Solidar Structure is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines your rights under these regulations and how we uphold them.

Who We Are

Solidar Structure is the data controller responsible for your personal data. Our contact details are:

Solidar Structure
47 Wellington Street
Leeds, LS1 2DE
Email: [email protected]

Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. We provide this information through our Privacy Policy and through direct communications when we collect your data.

Right of Access

You have the right to request access to the personal data we hold about you. This is commonly known as a "subject access request." We will provide a copy of your personal data, along with information about how it is being processed, within one month of your request.

Right to Rectification

You have the right to request that we correct any personal data that is inaccurate or incomplete. We will respond to such requests within one month.

Right to Erasure

In certain circumstances, you have the right to request that we delete your personal data. This right applies when:

Note that this right does not apply where we are required to retain data for legal or regulatory purposes, such as FCA record-keeping requirements.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not make such decisions without human involvement.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We may need to verify your identity before processing your request.

We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by up to two months, in which case we will inform you of the extension and the reasons for it.

Requests are generally free of charge. However, we may charge a reasonable fee for repetitive, manifestly unfounded, or excessive requests.

Lawful Bases for Processing

We process personal data under the following lawful bases:

Contract

Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering a contract. This applies when you engage our consultancy services.

Legal Obligation

Processing is necessary to comply with legal obligations, such as Financial Conduct Authority requirements for record-keeping and reporting.

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided these interests do not override your fundamental rights. Examples include improving our services and maintaining business records.

Consent

Where none of the above bases apply, we may process data based on your consent. You can withdraw consent at any time, though this will not affect the lawfulness of processing carried out before withdrawal.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. For financial services, FCA regulations require us to retain certain records for at least six years after the end of our relationship with you.

International Transfers

We primarily store and process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures are regularly reviewed and updated as necessary.

Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly.

Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first so we can try to resolve the matter.

Changes to This Information

We may update this GDPR information from time to time. When we make significant changes, we will notify you through appropriate channels.

Further Information

For more details about how we process your personal data, please read our full Privacy Policy. If you have any questions about data protection, please contact us at [email protected].