GDPR Compliance

Your data protection rights under UK GDPR

snappy-movement is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides information about your rights and how we ensure compliance with data protection legislation.

Data Controller

snappy-movement acts as the data controller for personal information collected through our website and in the course of providing our services. This means we determine how and why your personal data is processed.

Contact Details:
snappy-movement
47 Clarence Street
Birmingham B3 2DP
United Kingdom
Email: [email protected]

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. We provide this information through our Privacy Policy and this GDPR page.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month of receipt.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will address rectification requests within one month.

Right to Erasure

Also known as the 'right to be forgotten', you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note that we may need to retain certain information for legal or regulatory compliance purposes.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

Where we process your data based on consent or contract performance, you can request your data in a structured, commonly used, machine-readable format for transfer to another service provider.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision Making

You have rights related to automated decision-making and profiling. We do not currently use automated decision-making processes that produce legal or similarly significant effects on individuals.

Lawful Bases for Processing

We process personal data under the following lawful bases as defined by UK GDPR:

Contractual Necessity (Article 6(1)(b))

We process data necessary to perform contracts with you or to take steps at your request prior to entering a contract. This includes processing required to deliver the financial management services you request.

Legitimate Interests (Article 6(1)(f))

We may process data where necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Examples include:

  • Improving our services and website functionality
  • Preventing fraud and ensuring security
  • Marketing our services to existing clients

Consent (Article 6(1)(a))

Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Legal Obligation (Article 6(1)(c))

We may process data where necessary to comply with legal obligations, such as financial record-keeping requirements or responding to lawful requests from authorities.

Special Category Data

In the course of providing financial management services, we may process special category data (such as information about health if relevant to financial planning). Where this occurs, we ensure we have an additional lawful basis under Article 9 of UK GDPR, typically explicit consent or necessity for reasons of substantial public interest.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data during transmission and storage
  • Regular testing and evaluation of security measures
  • Staff training on data protection responsibilities
  • Access controls limiting data access to authorised personnel
  • Secure disposal of data when no longer required

Data Breach Procedures

We maintain procedures to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

International Transfers

We primarily process and store personal data within the United Kingdom. Where any transfer of personal data outside the UK occurs, we ensure appropriate safeguards are in place in accordance with Chapter V of UK GDPR.

Data Protection Impact Assessments

For processing activities likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise data protection risks.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases or where we receive numerous requests, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

There is no charge for exercising your rights in most circumstances. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.

Complaints

If you are unhappy with how we have handled your personal data or responded to your rights request, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us first so we can try to resolve any issues.

Updates to This Information

We review our data protection practices regularly and may update this page to reflect changes in our processes or legal requirements. Significant changes will be communicated appropriately.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing to use our site, you consent to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Essential for the website to function properly. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website by collecting anonymous information.

Marketing Cookies

Used to deliver relevant advertisements and track their effectiveness.