GDPR Compliance

Your data protection rights under UK GDPR

cherry-motor Financial Services Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our compliance measures and your rights under these regulations.

Our Role as Data Controller

For the personal data we collect about our clients and website visitors, cherry-motor Financial Services Ltd acts as the data controller. This means we determine the purposes and means of processing your personal data and are responsible for ensuring that processing complies with data protection law.

Data Controller: cherry-motor Financial Services Ltd
Company Number: 07284519
Registered Address: 45 Colmore Row, Birmingham, B3 2AA
ICO Registration: ZA428175

Data Protection Principles

We adhere to the core principles of data protection, ensuring that personal data is:

  • Processed lawfully, fairly, and transparently: We only collect data for legitimate purposes and are clear about how it will be used
  • Collected for specified, explicit purposes: We only use data for the purposes we have communicated to you
  • Adequate, relevant, and limited: We collect only the minimum data necessary for our purposes
  • Accurate and kept up to date: We take steps to ensure data accuracy and correct errors promptly
  • Retained only as long as necessary: We delete data when it is no longer required
  • Processed securely: We implement appropriate technical and organisational measures to protect data

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request, providing the data in a commonly used electronic format.

Right to Rectification

If you believe any data we hold about you is inaccurate or incomplete, you can request that we correct it. We will investigate and respond within one month.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This right applies when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note that we may need to retain certain data for legal or regulatory compliance.

Right to Restrict Processing

You can ask us to suspend processing of your data in certain circumstances, such as while we verify its accuracy or consider your objection to processing.

Right to Data Portability

Where processing is based on consent or contractual necessity and carried out by automated means, you can request your data in a structured, machine-readable format that can be transferred to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently make any such decisions without human involvement.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

Email: [email protected]
Post: Data Protection Officer, cherry-motor Financial Services Ltd, 45 Colmore Row, Birmingham, B3 2AA

We will respond to your request within one month. In complex cases, we may extend this by up to two additional months, but will inform you of any extension and the reasons for it.

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Contract: Processing necessary to perform our contractual obligations to you
  • Legal obligation: Processing required to comply with financial services regulations, anti-money laundering laws, and other legal requirements
  • Legitimate interests: Processing for our legitimate business purposes, such as improving services, fraud prevention, and internal administration
  • Consent: Where you have provided explicit consent for specific processing activities

Special Category Data

In the course of providing financial management services, we may process special category data (such as health information relevant to insurance or financial planning). Such processing is only undertaken where:

  • You have given explicit consent
  • Processing is necessary for the establishment, exercise, or defence of legal claims
  • Processing is necessary for reasons of substantial public interest

International Data Transfers

We primarily process data within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Security

We maintain robust security measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Secure access controls and multi-factor authentication
  • Regular security audits and penetration testing
  • Staff training on data protection and security
  • Incident response procedures for data breaches

Data Breach Procedures

In the event of a personal data breach, we will:

  • Assess the risk to individuals affected
  • Notify the Information Commissioner's Office within 72 hours where required
  • Notify affected individuals without undue delay where there is a high risk to their rights and freedoms
  • Document the breach and our response

Complaints

If you are not satisfied with how we handle your data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: cherry-motor.com

We encourage you to contact us first so we have the opportunity to address your concerns.

Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. The current version will always be available on this page.