GDPR Compliance

Last Updated: 15 April 2026

Our Commitment to Data Protection

fusion-byte Financial Management Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about your data protection rights and our compliance measures.

For comprehensive information about how we handle your data, please also see our Privacy Policy.

Data Controller Information

For the purposes of UK data protection legislation, the data controller is:

fusion-byte Financial Management Ltd
Company Registration Number: 11234567
Registered Address: 42 Park Street, Clifton, Bristol BS1 5JG, United Kingdom
Email: [email protected]

Your Data Protection Rights

Under UK GDPR, you have the following rights concerning your personal data:

1. Right of Access

You have the right to obtain confirmation that we are processing your personal data and to receive a copy of that data. You can request details about:

  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom your data has been or will be disclosed
  • How long we will store your data
  • Your other data protection rights

2. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed. We will notify any third parties to whom we have disclosed the data about the rectification where possible.

3. Right to Erasure ("Right to be Forgotten")

In certain circumstances, you can request deletion of your personal data, including when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Note that this right is not absolute and may be limited by legal obligations to retain certain information.

4. Right to Restriction of Processing

You can request that we restrict processing of your personal data in certain situations, such as when:

  • You contest the accuracy of the data (restriction applies during verification)
  • Processing is unlawful but you oppose erasure and request restriction instead
  • We no longer need the data but you require it for legal claims
  • You have objected to processing pending verification of our legitimate grounds

5. Right to Data Portability

Where processing is based on consent or contract performance and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit this data directly to another controller where technically feasible.

6. Right to Object

You have the right to object to processing of your personal data where:

  • Processing is based on legitimate interests or performance of a public interest task
  • Data is used for direct marketing purposes (we will cease such processing upon objection)
  • Data is used for scientific, historical research, or statistical purposes (unless necessary for public interest tasks)

7. Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not use automated decision-making or profiling in our financial management services.

8. Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

  • Email: [email protected]
  • Post: Data Protection Officer, fusion-byte Financial Management Ltd, 42 Park Street, Clifton, Bristol BS1 5JG, United Kingdom

When making a request, please provide sufficient information to allow us to identify you and verify your identity. We may request additional identification documentation if necessary to prevent unauthorized disclosure of personal data.

Response Timeframes

We will respond to requests without undue delay and within one month of receipt. In complex cases or when we receive multiple requests from you, we may extend this period by two additional months. We will inform you of any such extension within the first month, explaining the reasons for the delay.

Fees

We do not charge a fee for processing most requests. However, we may charge a reasonable fee based on administrative costs if:

  • Your request is clearly unfounded or excessive
  • You request additional copies of data beyond the first copy

We will inform you of any fees before processing your request.

Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so. The lawful bases we rely on include:

Consent

For certain processing activities, we obtain your explicit consent. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Contract Performance

We process personal data when necessary to perform our contractual obligations to you, such as delivering the financial management services you have engaged us to provide.

Legal Obligation

We process data when necessary to comply with legal obligations, such as record-keeping requirements under financial regulations.

Legitimate Interests

We may process data based on our legitimate business interests, such as improving our services, preventing fraud, or maintaining security. We ensure that our legitimate interests do not override your fundamental rights and freedoms.

Data Protection Principles

We adhere to the UK GDPR's core principles, ensuring that personal data is:

  • Processed lawfully, fairly, and transparently: We are open about our data practices and process data only on lawful grounds
  • Collected for specified, explicit, and legitimate purposes: We clearly define why we collect data
  • Adequate, relevant, and limited to what is necessary: We collect only the data we actually need
  • Accurate and kept up to date: We take reasonable steps to ensure data accuracy
  • Kept no longer than necessary: We delete or anonymize data when it's no longer needed
  • Processed securely: We implement appropriate technical and organizational security measures

International Data Transfers

We process and store your personal data within the United Kingdom. If we ever need to transfer data outside the UK, we will ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognizing equivalent data protection standards
  • Standard contractual clauses approved by UK authorities
  • Other legally recognized transfer mechanisms

We will inform you if international transfers occur and provide details of the safeguards applied.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach is likely to result in high risk to their rights
  • Provide clear information about the nature of the breach, potential consequences, and measures taken or proposed to address it

Children's Data

Our services are not directed at children under 18, and we do not knowingly process data of individuals under this age. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can attempt to resolve the issue. If you remain dissatisfied, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.fusion-byte.com

Updates to This Information

We may update this GDPR information periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via our website and, where appropriate, through direct communication with active clients.