GDPR Compliance

Last updated: January 2024

Snappy-Lift Financial Education Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains your rights and how we fulfil our obligations under these regulations.

Our Commitment to Data Protection

We recognise that data protection is not merely a legal requirement but a fundamental aspect of building trust with the individuals and organisations we serve. Our approach to data protection is built on transparency, accountability, and respect for your privacy.

The Data Controller

Snappy-Lift Financial Education Ltd acts as the data controller for personal information collected through our website and services. This means we determine how and why your personal data is processed.

Contact details:
Snappy-Lift Financial Education Ltd
Unit 14, Riverside Business Centre
Victoria Embankment
London EC4Y 0HJ
Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right to Be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides detailed information about our data processing activities, including what data we collect, why we collect it, and who we share it with.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide this information within one month of receiving your request, free of charge in most circumstances.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will action rectification requests within one month.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

  • When the data is no longer necessary for the purpose it was collected
  • When you withdraw consent (where consent was the legal basis for processing)
  • When you object to processing and there are no overriding legitimate grounds
  • When the data has been processed unlawfully

Note that this right is not absolute and may be limited by legal retention requirements.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances, such as while we verify the accuracy of data you have contested or while we consider an objection you have raised.

Right to Data Portability

Where technically feasible, you can request to receive your personal data in a structured, commonly used, machine-readable format, or have it transmitted directly to another organisation.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for this purpose immediately.

Rights Related to Automated Decision-Making

You have rights regarding decisions made solely by automated means, including profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.

Lawful Basis for Processing

Under UK GDPR, we must have a valid lawful basis for processing your personal data. Depending on the circumstances, we rely on:

  • Contractual necessity: Processing required to deliver services you have enrolled in
  • Legitimate interests: Processing necessary for our business operations that does not override your fundamental rights
  • Consent: Where you have given clear, informed agreement (such as for marketing communications)
  • Legal obligation: Where we must process data to comply with the law

Data Protection Principles

Our data processing adheres to the principles set out in Article 5 of the UK GDPR:

  • Lawfulness, fairness, and transparency: We process data lawfully and openly
  • Purpose limitation: We collect data for specified, explicit purposes and do not process it in ways incompatible with those purposes
  • Data minimisation: We collect only data that is necessary for stated purposes
  • Accuracy: We take reasonable steps to ensure personal data is accurate and up to date
  • Storage limitation: We retain data only for as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures to protect personal data
  • Accountability: We can demonstrate compliance with these principles

Data Protection Impact Assessments

Where required by UK GDPR, we conduct Data Protection Impact Assessments (DPIAs) before implementing new processing activities that may present high risks to individuals' rights and freedoms.

Data Breach Procedures

We have procedures in place to detect, investigate, and report personal data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and inform the Information Commissioner's Office within 72 hours.

International Data Transfers

If we transfer personal data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR. This may include using standard contractual clauses approved by the UK government or transferring to countries deemed to have adequate data protection standards.

Exercising Your Rights

To exercise any of your rights under UK GDPR, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this by a further two months, but we will inform you of this and explain the reason within the initial one-month period.

We may ask you to verify your identity before processing your request to protect your data from unauthorised access.

Supervisory Authority

The Information Commissioner's Office (ICO) is the UK supervisory authority for data protection. If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the ICO.

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: snappy-lift.com

We encourage you to contact us first so we can address your concerns directly.

Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. The date at the top indicates when this page was last updated.