GDPR Compliance

Your data protection rights and our commitment to safeguarding your information

Our Commitment to Data Protection

Savage Bloom Financial Management takes data protection seriously. We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring your personal information receives the highest level of protection.

As a financial services provider, we understand that you trust us with sensitive information. This page explains how we honor that trust through robust data protection practices.

Data Controller Information

For the purposes of UK GDPR, the data controller is:

Savage Bloom Financial Management
15 Cathedral Road
Cardiff CF11 9HA
United Kingdom
Email: [email protected]

Your Rights Under UK GDPR

UK GDPR grants you specific rights regarding your personal data. We respect and facilitate these rights:

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. Our Privacy Policy provides comprehensive details about our data processing activities.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information within one month of your request, free of charge in most cases.

Right to Rectification

If information we hold about you is inaccurate or incomplete, you have the right to request corrections. We will update our records promptly once we verify the correct information.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances. However, we may be required to retain certain information to comply with legal or regulatory obligations in the financial services sector.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format. You can also request that we transfer this data to another organization where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you. We do not currently use automated decision-making processes for our services.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

  • Email: [email protected]
  • Post: Savage Bloom Financial Management, 15 Cathedral Road, Cardiff CF11 9HA, United Kingdom

When making a request, please provide sufficient information to help us identify you and understand your request. We may request additional verification to ensure we release information only to the rightful individual.

We will respond to valid requests within one month. In complex cases, we may extend this period by two additional months and will inform you if this becomes necessary.

Legal Bases for Processing

We process personal data only when we have a lawful basis. The legal bases we rely on include:

Contractual Necessity

Processing is necessary to fulfill our service agreement with you or to take steps at your request before entering into a contract.

Legal Obligation

We must process certain data to comply with legal and regulatory requirements governing financial services, including anti-money laundering regulations and tax reporting obligations.

Legitimate Interests

We may process data where necessary for our legitimate business interests, provided this does not override your fundamental rights and freedoms. This includes fraud prevention, business analytics, and improving our services.

Consent

For certain processing activities, particularly marketing communications, we rely on your explicit consent. You can withdraw consent at any time, though this will not affect the lawfulness of processing before withdrawal.

Data Protection Measures

We implement comprehensive technical and organizational measures to protect personal data:

  • Encryption of sensitive data both in transit and at rest
  • Regular security assessments and penetration testing
  • Strict access controls limiting data access to authorized personnel
  • Secure backup systems with appropriate retention schedules
  • Staff training on data protection obligations and best practices
  • Incident response procedures to address potential data breaches
  • Regular review and updating of security protocols

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and steps we are taking
  • Offer guidance on measures you can take to protect yourself

International Data Transfers

We primarily process data within the United Kingdom. If we need to transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognizing equivalent data protection standards
  • Standard contractual clauses approved by regulatory authorities
  • Binding corporate rules for intra-group transfers

Data Retention

We retain personal data only as long as necessary for the purposes it was collected or as required by law. Financial services regulations typically mandate specific retention periods:

  • Client records: Minimum of six years after relationship ends
  • Financial advice records: Indefinitely or as required by regulation
  • Tax-related information: As required by HMRC regulations
  • Marketing communications: Until consent is withdrawn

When retention periods expire, we securely delete or anonymize personal data in accordance with our data retention policy.

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately so we can delete it.

Updates to Our Practices

We regularly review our data protection practices to ensure continued compliance with UK GDPR and to incorporate best practices. Any significant changes will be communicated through our website and, where appropriate, directly to affected individuals.

Questions and Concerns

If you have questions about our GDPR compliance or concerns about how we handle your data, please contact us:

Email: [email protected]
Post: Savage Bloom Financial Management, 15 Cathedral Road, Cardiff CF11 9HA, United Kingdom

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office if you believe we have not complied with data protection law:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

However, we would appreciate the opportunity to address your concerns directly before you approach the ICO, so please contact us first if possible.