GDPR Compliance

AlbiovordTechPro Ltd is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and outlines your rights as a data subject.

Our Role as Data Controller

AlbiovordTechPro Ltd acts as the data controller for personal information collected through our website and during the provision of our services. This means we determine how and why your personal data is processed and are responsible for ensuring this processing complies with data protection law.

Data Controller: AlbiovordTechPro Ltd
Company Number: 08234567
Registered Address: 47 Whitfield Street, London W1T 4HF
ICO Registration Number: ZA123456

Lawful Basis for Processing

We only process personal data when we have a valid lawful basis to do so. The lawful bases we rely upon include:

Contractual Necessity

We process certain data because it is necessary to perform our contract with you or to take steps at your request before entering into a contract. This includes processing data to deliver our financial education services, manage bookings, and handle payments.

Legitimate Interests

We may process data based on our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Examples include improving our services, maintaining security, and preventing fraud. We conduct balancing tests to ensure our interests do not unduly impact you.

Consent

For certain processing activities, we rely on your explicit consent. This applies to marketing communications and the use of non-essential cookies. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal Obligation

We process some data to comply with legal obligations, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.

Your Rights Under GDPR

The UK GDPR grants you several important rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data along with information about how it is processed. You may request a copy of your personal data free of charge. We will respond to access requests within one month.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and completion of incomplete data. We will respond to rectification requests without undue delay.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for its original purpose
• You withdraw consent (where consent is the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required by law

This right is not absolute. We may need to retain certain data for legal, contractual, or legitimate business reasons.

Right to Restriction of Processing (Article 18)

You may request restriction of processing in certain circumstances, such as while we verify the accuracy of contested data or assess an objection to processing. Restricted data can only be processed with your consent or for legal claims.

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or processing is necessary for legal claims. You have an absolute right to object to direct marketing at any time.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

Data Protection Principles

We adhere to the data protection principles set out in Article 5 of the UK GDPR:

• Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
• Data Minimisation: We only collect data that is adequate, relevant, and limited to what is necessary
• Accuracy: We keep personal data accurate and up to date
• Storage Limitation: We retain data only as long as necessary for its purposes
• Integrity and Confidentiality: We process data securely with appropriate technical and organisational measures
• Accountability: We can demonstrate compliance with these principles

International Data Transfers

We primarily process and store personal data within the United Kingdom. Where we transfer data outside the UK, we ensure adequate safeguards are in place, such as:

• Transfers to countries with adequacy decisions
• Standard contractual clauses approved by the ICO
• Binding corporate rules where applicable

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing operations that are likely to result in high risk to individuals' rights and freedoms. This includes assessing new systems, processes, or significant changes to existing operations involving personal data.

Records of Processing Activities

We maintain detailed records of our processing activities as required by Article 30 of the UK GDPR. These records document the categories of data we process, the purposes of processing, data retention periods, and the security measures in place.

Exercising Your Rights

To exercise any of your data protection rights, please contact us using the following details:

Data Protection Officer
AlbiovordTechPro Ltd
47 Whitfield Street
London W1T 4HF
Email: [email protected]

We will respond to your request within one month. In complex cases or where we receive numerous requests, we may extend this period by two months, but we will inform you of any extension within one month of receiving your request.

Complaints

If you believe we have not handled your data appropriately, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

Related Policies

For more information about how we handle your data, please also refer to:

• Privacy Policy
• Cookies Policy
• Terms of Use