GDPR Information

Understanding your data protection rights under UK GDPR

Introduction

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 provide comprehensive protection for your personal data. This page explains how neural-facet complies with these regulations and outlines your rights.

Data Controller

neural-facet acts as the data controller for personal information collected through our website and services.

Contact details:
neural-facet
42 Division Street
Sheffield, S1 4GF
United Kingdom
Email: [email protected]

What Personal Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Name, title
  • Contact Data: Email address, postal address
  • Financial Data: Information relevant to financial consultation services
  • Technical Data: IP address, browser type, device information
  • Usage Data: How you use our website and services
  • Communication Data: Your inquiries and correspondence with us

Legal Basis for Processing

We process your personal data under the following legal bases:

Consent

We obtain your explicit consent for specific processing activities, such as marketing communications. You may withdraw consent at any time.

Contract Performance

Processing is necessary to provide the services you have requested or entered into a contract for.

Legal Obligation

We process data to comply with legal and regulatory requirements, including financial services regulations and tax laws.

Legitimate Interests

We process data for legitimate business purposes, such as improving our services, preventing fraud, and ensuring network security, provided such processing does not override your fundamental rights.

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a "subject access request."

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as while we verify data accuracy.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with the following information:

  • Your full name
  • Contact details
  • Specific right you wish to exercise
  • Details of your request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any delay.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Staff training on data protection
  • Incident response procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

Retention periods vary depending on the type of data and purpose of processing. Financial records may be retained for up to seven years to comply with UK tax regulations.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognizing equivalent data protection standards
  • Standard contractual clauses approved by the ICO
  • Other legally approved transfer mechanisms

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where required by law.

Children's Data

Our services are not directed at children under 18 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Third-Party Processing

We may engage third-party service providers to process personal data on our behalf. All processors are carefully selected and contractually bound to:

  • Process data only according to our instructions
  • Maintain appropriate security measures
  • Assist with fulfilling data subject requests
  • Delete or return data when processing is complete

Complaints

If you believe we have not complied with UK GDPR or your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Information

We may update this GDPR information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Contact Us

If you have questions about our GDPR compliance or data protection practices, please contact us at [email protected]