GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR

skyline-branch is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines how we comply with GDPR requirements and explains your rights as a data subject.

Data Controller Information

For the purposes of GDPR, the data controller is:

skyline-branch
42 Victoria Street
London SW1H 0NP
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data under one or more of the following lawful bases as defined in Article 6 of the GDPR:

Consent

You have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications or participating in surveys.

Contract Performance

Processing is necessary for the performance of a contract with you, such as delivering the financial education services you have requested.

Legal Obligation

Processing is necessary to comply with legal requirements, including record-keeping obligations for professional services.

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided these do not override your fundamental rights. This includes improving our services, preventing fraud, and ensuring network security.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This information is provided in our Privacy Policy and on this page.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information free of charge within one month of your request.

Right to Rectification

If you believe any information we hold about you is inaccurate or incomplete, you have the right to request correction. We will update your information within one month.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Note: This right is not absolute. We may need to retain certain information for legal or regulatory compliance.

Right to Restrict Processing

You can request that we limit how we use your data in certain situations:

  • You contest the accuracy of the data while we verify it
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing while we verify legitimate grounds

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another organization where technically feasible.

Right to Object

You can object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests or public interest
  • Direct marketing (including profiling for marketing purposes)
  • Processing for scientific, historical research, or statistical purposes

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significant effects. We do not currently engage in automated decision-making.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Please include the following information in your request:

  • Your full name and contact details
  • Details of your specific request
  • Proof of identity (to protect your data from unauthorized access)

We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you if this is necessary.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Incident response and breach notification procedures
  • Regular backups with secure storage

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all breaches, including facts, effects, and remedial actions taken

Data Retention Periods

We retain personal data only for as long as necessary:

  • Client service records: Seven years after the end of our relationship
  • Website analytics data: Up to two years
  • Marketing communications: Until you unsubscribe or request deletion
  • Correspondence: Three years for general inquiries

After retention periods expire, we securely delete or anonymize personal data.

Third-Party Data Processing

We may engage third-party service providers to process personal data on our behalf. All such processors are carefully selected and bound by data processing agreements that ensure GDPR compliance, including:

  • Processing only on our documented instructions
  • Implementing appropriate security measures
  • Assisting with data subject rights requests
  • Notifying us of any data breaches
  • Deleting or returning data at the end of services

International Data Transfers

If we transfer your personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Transfers to countries with adequacy decisions from the UK government or EU Commission
  • Use of Standard Contractual Clauses approved by the EU Commission
  • Implementation of additional security measures where necessary

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it immediately.

Updates to GDPR Compliance

We regularly review our data protection practices to ensure ongoing GDPR compliance. This page will be updated to reflect any changes in our processes or your rights. The last update was made on April 17, 2026.

Supervisory Authority

You have the right to lodge a complaint with the supervisory authority if you believe we have not complied with GDPR requirements:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Contact Our Data Protection Team

If you have questions about our GDPR compliance or wish to exercise your rights, please contact us:

Email: [email protected]
Subject line: GDPR Inquiry
Address: 42 Victoria Street, London SW1H 0NP, United Kingdom