GDPR Compliance

Your data protection rights and our responsibilities

Our Commitment to GDPR

Frosty Accelerate Limited takes data protection seriously. We comply fully with the General Data Protection Regulation (GDPR) and UK data protection legislation, ensuring your personal information is processed lawfully, fairly, and transparently.

This page provides specific information about how we meet GDPR requirements and how you can exercise your rights under this legislation.

Data Controller Details

For GDPR purposes, the data controller is:

Frosty Accelerate Limited
42 Wellington Street
Leeds LS1 4AB
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The specific legal grounds we rely on include:

Contractual Necessity

When you engage our services, we process information necessary to fulfil our contractual obligations. This includes delivering financial management consultancy, communicating about engagements, and maintaining accurate records of our work together.

Legitimate Interests

We process certain information based on legitimate business interests, such as:

  • Improving our service delivery and website functionality
  • Maintaining security and preventing fraud
  • Conducting business administration and record-keeping
  • Understanding how visitors use our website

We carefully balance these interests against your rights and freedoms, ensuring we process only information necessary for these purposes.

Legal Compliance

As a financial consultancy, we must retain certain records and information to comply with regulatory requirements, professional standards, and legal obligations including tax and financial regulations.

Consent

For activities requiring explicit permission, such as certain marketing communications or non-essential cookies, we obtain your clear consent. You can withdraw consent at any time without affecting the lawfulness of processing conducted before withdrawal.

Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. We will provide this information in a commonly used electronic format unless you request otherwise.

We respond to access requests within one month, free of charge. For complex or multiple requests, we may require up to three months and will notify you of any delay.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you can request correction. We will update or complete the information promptly and notify any third parties to whom the data was disclosed, unless this proves impossible or requires disproportionate effort.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in specific circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

This right is not absolute. We may be unable to delete information if retention is necessary for compliance with legal obligations, establishment of legal claims, or other specified reasons under GDPR.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations:

  • You contest the accuracy of the data while we verify it
  • Processing is unlawful but you prefer restriction rather than erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing while we verify whether our legitimate grounds override yours

When processing is restricted, we may store the data but not use it further without your consent, except for legal claims or protecting others' rights.

Right to Data Portability

Where technically feasible, you can request that we transfer your personal data directly to another organisation in a structured, commonly used, machine-readable format. This right applies to data processed based on consent or contract and carried out by automated means.

Right to Object

You can object to processing based on legitimate interests or for research purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.

You have an absolute right to object to processing for direct marketing purposes. We will stop such processing immediately upon request.

Rights Related to Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals. If this changes, we will update this information and provide appropriate safeguards.

Exercising Your Rights

To exercise any GDPR rights, contact us by email at [email protected] or write to us at our registered office address.

Please include sufficient information to allow us to identify you and verify your identity. This protects against fraudulent requests. We may request additional identification if necessary.

We will respond to requests within one month. For complex requests, we may extend this period by two additional months and will notify you of any extension and the reasons for it.

We do not charge fees for most requests. However, if a request is manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or refuse to act on the request.

Data Protection Principles

We adhere to GDPR's core data protection principles, ensuring personal data is:

  • Processed lawfully, fairly, and transparently: We are open about how we use data and process it only on lawful grounds
  • Collected for specified, explicit purposes: We clearly define why we collect information and use it only for those purposes
  • Adequate, relevant, and limited: We collect only information necessary for identified purposes
  • Accurate and up to date: We take reasonable steps to ensure data accuracy and correct errors promptly
  • Retained only as long as necessary: We apply appropriate retention periods and securely delete data when no longer required
  • Processed securely: We implement appropriate technical and organisational measures to protect data

Data Security Measures

We employ appropriate security measures to protect personal data against unauthorised or unlawful processing and accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest
  • Secure password policies and access controls
  • Regular security assessments and vulnerability testing
  • Staff training on data protection obligations
  • Incident response procedures for data breaches
  • Careful selection and monitoring of third-party processors

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will also report qualifying breaches to the Information Commissioner's Office within 72 hours of becoming aware of them.

Our notification will describe the nature of the breach, likely consequences, and measures taken or proposed to address it and mitigate potential adverse effects.

Third-Party Processing

When we engage third parties to process personal data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance. We establish data processing agreements that specify:

  • The subject matter and duration of processing
  • The nature and purpose of processing
  • The type of personal data and categories of data subjects
  • Obligations and rights of the data controller
  • Security measures the processor must implement

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognising equivalent data protection standards
  • Standard contractual clauses approved by authorities
  • Other legally recognised transfer mechanisms

Children's Data

Our services are not directed at children. We do not knowingly process personal data of individuals under 18 without parental consent. If we discover such processing has occurred, we will delete the information promptly.

Updates to This Information

We may update this GDPR information to reflect changes in legislation, regulatory guidance, or our practices. Significant changes will be communicated through our website or by direct notification where appropriate.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. In the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

We encourage you to contact us first so we can attempt to resolve any concerns directly.

Questions and Contact

If you have questions about GDPR compliance, our data protection practices, or wish to exercise your rights, please contact us:

Email: [email protected]
Post: Frosty Accelerate Limited, 42 Wellington Street, Leeds, LS1 4AB, United Kingdom