Home About Services Contact

GDPR Compliance

Your data protection rights explained

Last updated: January 2024

The General Data Protection Regulation (GDPR) provides individuals with important rights regarding their personal data. At brisk-fund, we are committed to upholding these rights and ensuring transparent data practices.

Our Commitment to Data Protection

We have implemented measures to ensure compliance with data protection requirements, including:

  • Appointing a Data Protection Officer to oversee compliance
  • Maintaining records of all processing activities
  • Conducting data protection impact assessments where required
  • Implementing technical and organisational security measures
  • Training our staff on data protection responsibilities
  • Establishing procedures for handling data subject requests

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides this information in a clear and accessible format. When we collect data from you directly, we explain why we need it and how it will be used.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide this information free of charge within one month of receiving your request, along with details of how the data is being processed.

Right to Rectification

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to correct it. We will respond to rectification requests within one month and notify any third parties with whom we have shared the data.

Right to Erasure

In certain circumstances, you can ask us to delete your personal data. This applies when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been processed unlawfully
  • Erasure is required to comply with a legal obligation

Note that we may need to retain certain data for legal or regulatory reasons even after an erasure request.

Right to Restrict Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of data or have objected to processing. During the restriction period, we will store the data but not use it without your consent, except for legal claims or protecting the rights of others.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request a copy of your data in a commonly used, machine-readable format. You can also ask us to transmit this data directly to another organisation where technically feasible.

Right to Object

You can object to processing based on legitimate interests. We must stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You also have an absolute right to object to processing for direct marketing purposes.

Rights Related to Automated Decision Making

You have rights regarding decisions made solely by automated means that significantly affect you. We do not currently use automated decision-making in our services. If this changes, we will update this policy and ensure appropriate safeguards are in place.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact our Data Protection Officer:

  • Email: [email protected]
  • Post: Data Protection Officer, brisk-fund Ltd, 47 Clerkenwell Road, London, EC1M 5RS

To help us process your request efficiently, please provide:

  • Your full name and contact details
  • A description of the information or action you are requesting
  • Any relevant dates or details that will help us locate your data

We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two further months for complex requests.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Contract

Processing necessary for the performance of our services or to take steps at your request before entering into a contract. This includes processing client information to deliver consultations and maintain service records.

Legitimate Interests

Processing necessary for our legitimate business interests where this does not override your fundamental rights. Examples include improving our services, maintaining security, and communicating with former clients about relevant services.

Legal Obligation

Processing necessary to comply with legal requirements, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.

Consent

Where you have freely given specific consent for particular processing activities, such as receiving marketing communications or enabling non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular testing and evaluation of security measures
  • Access controls limiting who can view personal data
  • Secure backup and disaster recovery procedures
  • Confidentiality obligations for staff

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

  • Detect, investigate, and contain the breach promptly
  • Assess the risk to individuals affected
  • Notify the Information Commissioner's Office within 72 hours where required
  • Communicate with affected individuals when there is a high risk to their rights and freedoms
  • Document the breach and our response

International Transfers

When we transfer personal data outside the United Kingdom, we ensure adequate protection through approved mechanisms such as:

  • Adequacy decisions recognising equivalent protection in the destination country
  • Standard contractual clauses approved by the relevant authority
  • Binding corporate rules for transfers within corporate groups

Complaints

If you are unhappy with how we have handled your data or responded to a request, please contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Contact Information

For any questions about GDPR or our data protection practices:

Data Protection Officer
brisk-fund Ltd
47 Clerkenwell Road
London EC1M 5RS
Email: [email protected]

Cookie Preferences

We use cookies to enhance your browsing experience and analyse site traffic. You can choose which cookies to accept.

Cookie Settings

Necessary Cookies

Required for the website to function. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaigns.