GDPR Compliance Information

Last Updated: 1 January 2026

Our Commitment to Data Protection

flame-tide is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation and the Data Protection Act 2018.

This page provides specific information about your rights under GDPR and how we fulfill our obligations as a data controller.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

flame-tide
42 Castle Street
Liverpool
L2 7LQ
United Kingdom
Email: [email protected]

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to be Informed

You have the right to clear, transparent information about how we collect and use your personal data. This information is provided in our Privacy Policy and through communications when we collect your data.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request. We will provide this information free of charge within one month of receiving your request.

To make a Subject Access Request, please contact us in writing with:

  • Your full name and contact details
  • Proof of identity (copy of passport or driving licence)
  • Details of the information you are requesting, if specific

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will update your records promptly and inform any third parties with whom we have shared the data.

Right to Erasure

Also known as the 'right to be forgotten', you can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Please note this right is not absolute. We may need to retain certain data to comply with regulatory requirements in the financial services sector, even if you request erasure.

Right to Restrict Processing

You can ask us to restrict how we use your personal data in specific situations:

  • When you contest the accuracy of the data
  • When processing is unlawful but you don't want the data erased
  • When we no longer need the data but you need it for legal claims
  • When you have objected to processing while we verify our legitimate grounds

Right to Data Portability

You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another organization where technically feasible.

This right applies when:

  • Processing is based on your consent or a contract
  • Processing is carried out by automated means

Right to Object

You have the right to object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests
  • Processing for direct marketing purposes
  • Processing for research or statistical purposes

If you object to direct marketing, we will stop processing your data for that purpose immediately.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. flame-tide does not use fully automated decision making for client matters. All financial advice involves human review and professional judgment.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

By email: [email protected]
By post: Data Protection, flame-tide, 42 Castle Street, Liverpool, L2 7LQ

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this by two additional months. We will inform you if this is necessary.

We do not charge a fee for most requests. However, we may charge a reasonable fee for clearly unfounded, repetitive, or excessive requests.

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Consent

Where you have given explicit permission for us to process your data for specific purposes, such as marketing communications. You can withdraw consent at any time.

Contract

Processing is necessary to fulfill our contract with you to provide financial management services.

Legal Obligation

We must process certain data to comply with legal requirements including:

  • Financial Conduct Authority regulations
  • Anti-money laundering legislation
  • Tax reporting requirements
  • Record-keeping obligations

Legitimate Interests

We process data where necessary for legitimate business interests, provided this does not override your fundamental rights and freedoms. This includes:

  • Preventing fraud and criminal activity
  • Network and information security
  • Internal administration and reporting
  • Service improvement and development

International Data Transfers

We primarily store and process your data within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place:

  • Transfers to countries with adequacy decisions from the UK government
  • Standard contractual clauses approved by the Information Commissioner's Office
  • Other lawful transfer mechanisms as appropriate

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication measures
  • Staff training on data protection and security
  • Incident response procedures
  • Regular backup and disaster recovery protocols

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also report qualifying breaches to the Information Commissioner's Office within 72 hours of becoming aware of the breach.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments for processing activities that are likely to result in high risk to individuals' rights and freedoms. This helps us identify and minimize risks before processing begins.

Record Keeping

We maintain comprehensive records of our processing activities as required under GDPR, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients of data
  • International transfers and safeguards
  • Retention periods
  • Security measures

Privacy by Design and Default

We implement data protection principles into our business processes and systems from the outset. This includes:

  • Minimizing data collection to what is necessary
  • Limiting access to personal data
  • Ensuring data accuracy and integrity
  • Implementing appropriate security measures
  • Maintaining transparency about data use

Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

In limited circumstances, we may process data relating to children as part of family financial planning services, always with appropriate parental consent.

Complaints and Supervisory Authority

If you believe we have not handled your personal data properly or have concerns about our data protection practices, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: flame-tide.com

Updates to GDPR Information

We may update this GDPR information from time to time to reflect changes in legislation, guidance from regulators, or our processing activities. Significant changes will be communicated to you directly.

Further Information

For more detailed information about how we process your personal data, please see our Privacy Policy.

If you have questions about GDPR compliance or your data protection rights, please contact our privacy team at [email protected].