GDPR Statement

Data Controller Information

Sprint Voyage Financial Advisors Ltd is the data controller for personal information we process. We determine how and why your personal data is used.

Data Controller: Sprint Voyage Financial Advisors Ltd
Registration Number: 09847562
ICO Registration: ZA847293
Address: 42 Threadneedle Street, London, EC2R 8AY
Email: [email protected]

Our GDPR Commitment

Sprint Voyage is committed to full compliance with the UK General Data Protection Regulation and the Data Protection Act 2018. We recognize the importance of protecting personal information and respecting individual privacy rights.

Our data protection practices are built on principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability.

Lawful Basis for Processing

We only process personal information when we have a lawful basis to do so. Depending on the purpose, we rely on different legal grounds.

Contractual Necessity

When you engage our services, processing your personal information is necessary to fulfill our contractual obligations. This includes analyzing your financial situation, developing recommendations, implementing strategies, and providing ongoing advice.

Legal Obligations

As a regulated financial services firm, we must process certain information to comply with legal requirements. This includes anti-money laundering checks, identity verification, regulatory reporting, and tax obligations.

Legitimate Interests

We may process information based on legitimate business interests, provided these do not override your fundamental rights. Examples include preventing fraud, improving our services, managing our business operations, and defending legal claims. We always assess whether processing is necessary and proportionate.

Consent

For certain processing activities, we rely on your explicit consent. This includes marketing communications, processing sensitive personal data not required by law, and non-essential cookies. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Your Data Protection Rights

Under GDPR, you have comprehensive rights regarding your personal information.

Right of Access

You have the right to obtain confirmation that we process your personal data and to receive a copy of that data along with supplementary information about the processing. We provide this information free of charge within one month of your request, subject to verification of your identity.

Right to Rectification

If personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will notify any third parties with whom we've shared the information unless this proves impossible or involves disproportionate effort.

Right to Erasure

In certain circumstances, you can request deletion of your personal information. This applies when data is no longer necessary for its original purpose, you withdraw consent, you object to processing based on legitimate interests, or the processing is unlawful. This right is not absolute; we may be required to retain information for legal or regulatory reasons.

Right to Restriction

You can request that we restrict processing of your personal information in specific situations: when you contest its accuracy, when processing is unlawful but you prefer restriction to erasure, when we no longer need the data but you need it for legal claims, or when you've objected to processing pending verification of our legitimate grounds.

Right to Data Portability

Where we process information based on consent or contract performance using automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. For marketing, we will stop processing immediately. For other legitimate interest processing, we will cease unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing relates to legal claims.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

Exercising Your Rights

To exercise any of your data protection rights, please contact us in writing via email to [email protected] or by post to the address provided above.

We will verify your identity before responding to requests to protect your personal information from unauthorized access. We typically respond within one month, though this may be extended by two months for complex or numerous requests.

You will not normally be charged for exercising your rights. However, we may charge a reasonable fee or refuse to act if requests are clearly unfounded, excessive, or repetitive.

Special Category Data

Certain personal information is classified as special category data requiring enhanced protection. This includes data revealing racial or ethnic origin, political opinions, religious beliefs, health information, or data concerning sexual orientation.

We only process special category data when necessary and with an appropriate lawful basis. For financial advice, this may include health information relevant to insurance recommendations or retirement planning. We process such data with your explicit consent or when necessary for insurance purposes as permitted by law.

Special category data is subject to additional security measures and restricted access within our organization.

Data Sharing and Transfers

We share personal information only when necessary for our services or legal obligations. Recipients include service providers, financial product providers, regulatory authorities, and professional advisors where appropriate.

When sharing data with third parties, we ensure appropriate safeguards are in place through contracts requiring them to protect your information and process it only for specified purposes.

We do not transfer personal data outside the United Kingdom. Should this become necessary in the future, we will ensure appropriate safeguards are in place as required by GDPR, such as adequacy decisions or standard contractual clauses, and will inform affected individuals.

Data Security Measures

We implement appropriate technical and organizational measures to protect personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Security measures include encryption of data in transit and at rest, access controls limiting who can view personal information, regular security assessments, staff training on data protection, secure document disposal procedures, and incident response plans.

While we take all reasonable precautions, no data transmission or storage system is completely secure. We continually review and enhance our security measures to protect your information.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay as required by GDPR. We will also report breaches to the Information Commissioner's Office within 72 hours of becoming aware when legally required.

Our breach notification will include the nature of the breach, likely consequences, and measures taken to address it and mitigate potential adverse effects.

Data Retention

We retain personal information only as long as necessary for the purposes it was collected or as required by law. Retention periods vary depending on the type of information and legal requirements.

For client relationships, we typically retain information for at least six years after services end, as required by financial services regulations. Some records may be kept longer for potential legal claims or regulatory investigations.

When information is no longer needed, we securely delete or destroy it according to established procedures.

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If we become aware we have inadvertently collected such information, we will delete it promptly.

When providing advice relevant to children, such as junior ISAs or educational planning, we collect information from and interact with parents or legal guardians.

Accountability and Governance

We maintain comprehensive documentation of our data processing activities, policies, and procedures to demonstrate GDPR compliance. This includes records of processing activities, data protection impact assessments where required, and evidence of consent.

Senior management has responsibility for data protection compliance. All staff receive regular data protection training and are bound by confidentiality obligations.

We regularly review our data protection practices to ensure ongoing compliance and continuous improvement.

Complaints and Supervisory Authority

If you have concerns about how we handle your personal information, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office, the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.sprint-voyage.com

Updates to This Statement

We may update this GDPR statement to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated to affected individuals via email or prominent notice on our website.

The current version is always available on our website with the date of last update.

Contact Information

For questions about this GDPR statement, to exercise your data protection rights, or to raise concerns about our data handling practices, please contact:

Sprint Voyage Financial Advisors Ltd
Data Protection Enquiries
42 Threadneedle Street
London EC2R 8AY
Email: [email protected]