GDPR Compliance

CotswoltechAI Financial Education Ltd takes data protection seriously. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our commitment to protecting your personal data and explains your rights.

Our Role as Data Controller

We act as the data controller for personal information collected through our website and during the provision of our services. This means we determine how and why your personal data is processed and are responsible for ensuring compliance with data protection law.

Data Controller: CotswoltechAI Financial Education Ltd
Address: 14 Market Square, Cirencester, GL7 2NW
Contact: [email protected]

Principles We Follow

In accordance with the GDPR, we ensure that personal data is:

• Processed lawfully, fairly and transparently: We explain clearly how we use your data and only process it on valid legal grounds
• Collected for specified, explicit and legitimate purposes: We only collect data for defined reasons and do not use it for incompatible purposes
• Adequate, relevant and limited: We collect only the data necessary for our stated purposes
• Accurate and kept up to date: We take steps to ensure data accuracy and correct errors promptly
• Retained only as long as necessary: We delete data when it is no longer needed
• Processed securely: We implement appropriate technical and organisational measures to protect your data

Legal Bases for Processing

We process personal data under the following legal bases:

Contractual Necessity

When you engage our services, we process your data to fulfil our contractual obligations. This includes scheduling consultations, providing financial guidance, and managing your account.

Legitimate Interests

We may process data where we have a legitimate business interest, provided this does not override your fundamental rights. Examples include improving our services, maintaining security, and sending service-related communications.

Legal Obligation

Certain processing is required to comply with legal obligations, such as maintaining financial records and responding to regulatory requirements.

Consent

For marketing communications and non-essential cookies, we rely on your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you. We will provide this within one month of receiving your request, free of charge for reasonable requests.

Right to Rectification (Article 16)

If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will make corrections within one month.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purpose it was collected or if you withdraw consent.

Right to Restrict Processing (Article 18)

You can request that we limit how we use your data in specific situations, such as while we verify its accuracy or assess an objection you have raised.

Right to Data Portability (Article 20)

You can request your personal data in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds.

Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects or similarly significant outcomes. Should this change, you would have the right to human intervention and to contest such decisions.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond within one month. If your request is complex or we receive numerous requests, we may extend this by a further two months, but we will inform you of any delay within the first month.

We may request proof of identity before processing your request to ensure we are providing information to the correct person.

Data Transfers

Your personal data is primarily processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office or adequacy decisions.

Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay. We will also report qualifying breaches to the Information Commissioner's Office within 72 hours of becoming aware of them.

Children's Data

Our services are intended for adults. We do not knowingly collect or process personal data from individuals under 18 years of age. If we discover we have collected such data, we will delete it promptly.

Complaints

If you are dissatisfied with how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our data protection practices regularly and may update this page to reflect changes. We encourage you to check back periodically for the latest information about our GDPR compliance.

Contact for Data Protection Matters

For any questions about this page or our data protection practices:

CotswoltechAI Financial Education Ltd
14 Market Square
Cirencester, GL7 2NW
Email: [email protected]