GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR

bold-lane is committed to full compliance with the General Data Protection Regulation (GDPR) and UK data protection law. We recognize the importance of protecting your personal information and upholding your rights as a data subject.

This page provides specific information about how we meet our obligations under GDPR and how you can exercise your rights.

Data Controller Information

Data Controller: bold-lane
Registered Address: 42 George Street, Edinburgh EH2 2LE, United Kingdom
Contact Email: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The specific legal grounds we rely on include:

Contractual Necessity

Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract. This applies when we provide financial advisory services to you.

Legal Obligation

Processing is necessary to comply with legal obligations, including anti-money laundering regulations, financial conduct rules, and tax reporting requirements.

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided these interests do not override your fundamental rights. Examples include fraud prevention, network security, and business development.

Consent

Where required, we obtain your explicit consent before processing personal data, particularly for marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal information:

Right of Access

You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with information about how we use it. We will provide this information within one month of your request.

Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data. We will update our records promptly upon verification.

Right to Erasure

Also known as the right to be forgotten, you may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent. This right is not absolute and may be limited by legal retention obligations.

Right to Restriction of Processing

You can request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. We do not currently employ automated decision-making in our services.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

  • Email: [email protected]
  • Post: bold-lane, 42 George Street, Edinburgh EH2 2LE, United Kingdom

When submitting a request, please provide sufficient information to allow us to verify your identity and locate your data. We will respond to valid requests within one month, though this period may be extended by two additional months for complex requests.

We do not charge a fee for processing most requests, though we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.

Data Protection Officer

While not legally required to appoint a Data Protection Officer, we have designated a privacy contact responsible for overseeing GDPR compliance. You may contact this individual regarding data protection matters at [email protected].

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Pseudonymization and encryption of personal data where appropriate
  • Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems
  • Regular testing and evaluation of security effectiveness
  • Procedures for timely restoration of availability and access in the event of an incident
  • Staff training on data protection responsibilities

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will also report breaches to the Information Commissioner's Office within 72 hours of becoming aware, where required by law.

International Data Transfers

Your personal data is primarily processed within the United Kingdom. If we transfer data to countries outside the UK or European Economic Area, we ensure adequate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding corporate rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our retention periods are based on:

  • The nature of our relationship with you
  • Legal and regulatory retention requirements
  • Limitation periods for legal claims
  • Operational business needs

Financial records are typically retained for a minimum of six years after the end of our client relationship, as required by UK financial regulations.

Third-Party Processors

We engage third-party service providers to assist in delivering our services. All processors are carefully selected and bound by contracts requiring them to:

  • Process personal data only on our documented instructions
  • Maintain appropriate security measures
  • Assist us in fulfilling our GDPR obligations
  • Delete or return personal data at the end of the provision of services

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: www.bold-lane.com

We encourage you to contact us first so we can address your concerns directly.

Updates to This Information

We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website or directly to affected individuals.

Contact Us

For questions about our GDPR compliance or to exercise your data protection rights, please contact:

bold-lane
42 George Street
Edinburgh EH2 2LE
United Kingdom
Email: [email protected]