GDPR Compliance

Our commitment to protecting your data rights

Last updated: January 2024

Plasma Rise Limited is committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides information about our compliance measures and your rights under data protection law.

Our Commitment to Data Protection

As a pension advisory firm handling sensitive financial information, we recognise the importance of robust data protection practices. We have implemented comprehensive measures to ensure we meet our obligations under UK GDPR, including:

  • Maintaining detailed records of our processing activities
  • Conducting data protection impact assessments for high-risk processing
  • Implementing privacy by design in our systems and processes
  • Providing regular data protection training to all staff
  • Appointing a dedicated Data Protection Officer

The Data We Process

In the course of providing pension advisory services, we process several categories of personal data:

Standard Personal Data

  • Identity information (name, date of birth, National Insurance number)
  • Contact details (address, email, telephone)
  • Financial information (income, assets, pension details)
  • Employment information

Special Category Data

In some circumstances, we may process special category data, including:

  • Health information relevant to pension planning (e.g., for enhanced annuity assessments)

We only process special category data where we have explicit consent or another lawful basis under Article 9 of UK GDPR.

Lawful Bases for Processing

We process personal data under the following lawful bases as defined in Article 6 of UK GDPR:

Contract (Article 6(1)(b))

Processing necessary for the performance of our advisory services agreement with you. This includes analysing your pensions, preparing recommendations, and implementing agreed actions.

Legal Obligation (Article 6(1)(c))

Processing required to comply with our regulatory obligations, including FCA requirements, anti-money laundering regulations, and tax reporting obligations.

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests, including maintaining accurate records, improving our services, and protecting our business. We carefully balance these interests against your rights and freedoms.

Consent (Article 6(1)(a))

Where we rely on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you. We will respond within one month and provide the information free of charge, unless requests are manifestly unfounded or excessive.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data or completion of incomplete data. We will action valid requests within one month.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose. Note that regulatory requirements may require us to retain certain data.

Right to Restriction (Article 18)

You can request that we restrict processing of your data while we verify accuracy, resolve an objection, or where processing is unlawful but you do not want erasure.

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use purely automated decision-making in our advisory services.

Exercising Your Rights

To exercise any of your data protection rights, please contact our Data Protection Officer:

Email: [email protected]
Post: Data Protection Officer, Plasma Rise Limited, 47 Retirement House, Westminster, London SW1A 2BN

We will respond to valid requests within one month. In complex cases, this may be extended by a further two months, and we will inform you if this is necessary.

We may need to verify your identity before processing your request to ensure we do not disclose information to unauthorised persons.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security testing and vulnerability assessments
  • Incident response procedures for potential data breaches
  • Business continuity and disaster recovery planning
  • Staff training and awareness programmes

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

International Data Transfers

We primarily process data within the United Kingdom. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with an adequacy decision
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules where applicable

Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing our data protection strategy and compliance. You can contact our DPO at [email protected] for any data protection queries or concerns.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns directly before you escalate to the ICO.

Updates to This Information

We review our data protection practices regularly and may update this page to reflect changes in our processing activities or legal requirements. Significant changes will be communicated to affected individuals where appropriate.

Cookie Preferences

We use cookies to enhance your browsing experience, analyse site traffic, and personalise content. You can choose your preferences below.

Cookie Settings

Necessary Cookies

These cookies are essential for the website to function properly and cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website by collecting anonymous information.

Marketing Cookies

Used to deliver relevant advertisements and track their effectiveness.