GDPR Compliance

Your data protection rights under UK GDPR

Our Commitment to Data Protection

neat-funds is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and what rights you have regarding your personal information.

Data Controller Information

For the purposes of UK GDPR, neat-funds acts as the data controller for personal information we collect and process.

Data Controller: neat-funds
Address: 45 Wellington Street, London WC2E 7BN, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The legal grounds we rely on include:

Consent

In certain situations, we ask for your explicit consent before processing your personal data. When we do, you have the right to withdraw that consent at any time by contacting us.

Contract Performance

When you engage our services, we process personal data necessary to fulfill our contractual obligations to you. This includes providing relocation support, communication, and service delivery.

Legitimate Interests

We may process data based on our legitimate business interests, such as improving our services, maintaining website security, and communicating with prospective clients. We always balance these interests against your rights and freedoms.

Legal Obligation

In some cases, we process personal data to comply with legal requirements, such as tax regulations or responding to lawful requests from authorities.

Your Rights Under UK GDPR

UK GDPR grants you specific rights regarding your personal data. We respect and facilitate the exercise of these rights.

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This policy, along with our Privacy Policy, provides that transparency.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide this information free of charge within one month of your request.

Right to Rectification

If you believe any personal information we hold about you is inaccurate or incomplete, you can request that we correct or complete it. We will respond to such requests within one month.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Note that this right is not absolute, and we may need to retain certain information for legal or legitimate business purposes.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations:

  • You contest the accuracy of the data
  • Processing is unlawful, but you oppose erasure
  • We no longer need the data, but you need it for legal claims
  • You have objected to processing pending verification of legitimate grounds

Right to Data Portability

When processing is based on consent or contract and carried out by automated means, you can request a copy of your data in a structured, commonly used, machine-readable format. You can also request that we transfer this data directly to another organization where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop such processing immediately. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you. We do not currently engage in automated decision-making or profiling that would trigger this right.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected] with your request. Please include sufficient information to help us verify your identity and understand your request.

We will respond to valid requests within one month. In complex cases, we may extend this period by up to two additional months, and we will inform you if this is necessary.

There is no charge for exercising your rights unless your request is clearly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

Data Protection Principles

We adhere to the core data protection principles established by UK GDPR:

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We are open about our data practices and provide clear information about how we use your data.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes.

Data Minimization

We collect only the personal data that is adequate, relevant, and necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure that personal data is accurate and kept up to date. Inaccurate data is corrected or deleted without delay.

Storage Limitation

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law.

Integrity and Confidentiality

We process personal data securely using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Accountability

We are responsible for and can demonstrate compliance with the data protection principles outlined above.

International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. If we transfer data to countries outside the UK, we ensure appropriate safeguards are in place:

  • Transfers to countries with adequacy decisions recognizing their data protection standards
  • Use of standard contractual clauses approved by regulatory authorities
  • Other legally recognized transfer mechanisms

Data Security Measures

We implement robust technical and organizational security measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls limiting data access to authorized personnel
  • Staff training on data protection requirements
  • Incident response procedures for potential data breaches

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. We will also notify the Information Commissioner's Office (ICO) as required by law.

Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information.

Updates to This Policy

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Contact and Complaints

If you have questions about our GDPR compliance or wish to exercise your rights, please contact us:

Email: [email protected]
Address: 45 Wellington Street, London WC2E 7BN, United Kingdom

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not complied with data protection law:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113
Website: neat-funds.com