GDPR Compliance

Your data protection rights and how we uphold them

Our Commitment to Data Protection

QuidbridgeTechAI is committed to complying with the UK General Data Protection Regulation and the Data Protection Act 2018. We recognise that protecting your personal information is not just a legal obligation but a fundamental aspect of the trust you place in us.

Data Controller Information

QuidbridgeTechAI acts as the data controller for personal information collected through our services. Our contact details are:

QuidbridgeTechAI
47 Victoria Street
Birmingham, B1 3SL
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by the GDPR:

Contract Performance

Processing is necessary to perform our contract with you when providing financial planning and advisory services. This includes collecting and analysing your financial information to deliver personalised recommendations.

Legitimate Interests

We process certain data based on our legitimate business interests, such as:

  • Improving and developing our services
  • Maintaining the security of our systems
  • Communicating relevant information about our services
  • Conducting business analytics and research

We always balance these interests against your rights and freedoms, and you can object to processing based on legitimate interests.

Legal Obligation

We process data when required to comply with legal and regulatory obligations, including financial services regulations, tax requirements, and anti-money laundering laws.

Consent

For certain processing activities, particularly marketing communications, we rely on your explicit consent. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Your Rights Under GDPR

Right of Access

You have the right to obtain confirmation about whether we process your personal data and, if so, to access that data. We will provide a copy of your personal information in a commonly used electronic format.

Right to Rectification

If your personal information is inaccurate or incomplete, you have the right to have it corrected. We encourage you to notify us promptly of any changes to ensure our records remain accurate.

Right to Erasure

In certain circumstances, you can request the deletion of your personal data. This right is not absolute and may be limited by legal obligations requiring us to retain certain information.

Right to Restriction of Processing

You can request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. When you object to marketing, we will stop processing your data for that purpose immediately.

Rights Related to Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our financial recommendations always involve human review and judgment.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We will respond to your request within one month, though in complex cases we may extend this by two additional months.

We may need to verify your identity before processing requests to protect your information from unauthorised access.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls and authentication mechanisms
  • Staff training on data protection and security
  • Incident response procedures
  • Regular backups with secure storage

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. The notification will include:

  • The nature of the breach
  • The likely consequences
  • Measures taken to address the breach
  • Recommended actions you should take

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our standard retention periods are:

  • Client financial records: minimum six years from end of engagement
  • Marketing consent records: until consent is withdrawn
  • Website analytics: 26 months
  • Correspondence: three years from last contact

International Transfers

We primarily store and process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK authorities
  • Adequacy decisions recognising equivalent data protection standards
  • Binding corporate rules where applicable

Third-Party Processors

When we engage third-party service providers to process data on our behalf, we ensure they:

  • Provide sufficient guarantees of appropriate technical and organisational measures
  • Process data only according to our documented instructions
  • Maintain confidentiality of personal data
  • Assist us in meeting our GDPR obligations

Children's Data

Our services are not intended for individuals under 18 years of age. We do not knowingly collect or process personal data of children. If we discover we have inadvertently collected such data, we will delete it promptly.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website or by email.

Complaints

If you believe we have not complied with data protection law, you can lodge a complaint with us at [email protected]. We take all complaints seriously and will investigate thoroughly.

You also have the right to lodge a complaint directly with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: www.quidbridgetechai.com

Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact:

Email: [email protected]
Address: 47 Victoria Street, Birmingham, B1 3SL, United Kingdom