GDPR Compliance

Last updated: 14 April 2026

Our Commitment to Data Protection

Electron Spark is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize that protecting your personal data is not just a legal requirement but a fundamental aspect of maintaining your trust.

This page provides detailed information about your rights under UK data protection law and how we ensure compliance.

Data Controller Information

Electron Spark is the data controller for the personal information we collect and process. This means we determine how and why your personal data is processed.

Company Name: Electron Spark
Registered Address: 45 Queen Square, Bristol BS1 4LH, United Kingdom
Contact Email: [email protected]

Your Rights Under UK GDPR

You have several important rights regarding your personal data. We respect these rights and have processes in place to enable you to exercise them.

1. Right to Be Informed

You have the right to be informed about how we collect and use your personal data. We provide this information through our Privacy Policy and in communications when we collect your data. We are transparent about what data we collect, why we collect it, how long we keep it, and who we share it with.

2. Right of Access

You can request a copy of the personal information we hold about you. This is commonly known as a Subject Access Request (SAR). When you make such a request, we will provide you with a copy of your data in a commonly used format, along with information about how we process it.

To make a Subject Access Request, email us at [email protected] with "Subject Access Request" in the subject line. We will respond within one month, though this may be extended in complex cases.

3. Right to Rectification

If you believe that any personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We encourage you to notify us promptly of any changes to your personal details so we can keep our records current and accurate.

In our role as financial advisors, maintaining accurate information is crucial, so we take this right seriously and will act promptly on rectification requests.

4. Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances. However, as a regulated financial services firm, we may be required to retain certain records for compliance purposes even if you request deletion.

We can erase your data if:

  • It is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Erasure is required to comply with a legal obligation

We cannot erase data if we need to retain it for regulatory compliance, legal claims, or other lawful purposes.

5. Right to Restrict Processing

You can ask us to restrict how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to our processing. When processing is restricted, we can still store the data but not actively use it.

6. Right to Data Portability

You have the right to obtain your personal data in a structured, commonly used, and machine-readable format. You can also ask us to transfer this data directly to another organization where technically feasible.

This right applies when processing is based on consent or contract and is carried out by automated means.

7. Right to Object

You can object to processing of your personal data when it is based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose immediately.

For objections based on legitimate interests, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

8. Rights Related to Automated Decision Making and Profiling

You have rights regarding automated decision-making and profiling. We do not currently use automated decision-making processes that produce legal or similarly significant effects. If this changes, we will inform you and ensure appropriate safeguards are in place.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. When making a request, please provide:

  • Your full name and contact details
  • A clear description of which right you wish to exercise
  • Any specific information or context that will help us locate your data
  • Proof of identity (we may request this to protect your data from unauthorized access)

We will respond to your request within one month. In complex cases, we may extend this by a further two months, but we will inform you if this is necessary.

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The main lawful bases we rely on are:

Contractual Necessity

We process your data to fulfill our contractual obligations to you when providing financial advice and management services. This includes analyzing your financial situation, preparing recommendations, and implementing strategies.

Legal Obligation

As a firm regulated by the Financial Conduct Authority, we are required by law to collect, process, and retain certain information. This includes identity verification, record-keeping, and regulatory reporting requirements.

Legitimate Interests

We may process data based on our legitimate business interests, such as improving our services, managing our business operations, and preventing fraud. We balance these interests against your rights and only process data in this way when the impact on you is minimal.

Consent

In some cases, we ask for your explicit consent before processing certain types of data, particularly for marketing communications. You can withdraw consent at any time by contacting us.

Data Protection Principles

We adhere to the core principles of data protection in all our processing activities:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimization: We only collect data that is adequate, relevant, and necessary
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We keep data no longer than necessary
  • Integrity and confidentiality: We process data securely with appropriate safeguards
  • Accountability: We can demonstrate compliance with these principles

Data Security Measures

We implement robust technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication measures
  • Regular security assessments and penetration testing
  • Staff training on data protection and security
  • Incident response procedures
  • Secure data disposal processes
  • Regular backups and disaster recovery plans

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will also report the breach to the Information Commissioner's Office within 72 hours of becoming aware of it, as required by law.

Our data breach response plan includes procedures for containment, assessment, notification, and remediation to minimize any potential impact.

International Data Transfers

We primarily store and process your data within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by the ICO
  • Other legally recognized transfer mechanisms

Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.

Data Protection Officer

While we are not currently required to appoint a Data Protection Officer, we have designated team members responsible for overseeing data protection compliance. You can contact them through our general email: [email protected].

Complaints and Concerns

If you have concerns about how we handle your personal data, please contact us first so we can address the issue. We take all complaints seriously and will investigate thoroughly.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page shows when the latest version was published.

Contact Us

For any questions about GDPR compliance, your rights, or our data protection practices, please contact us at:

Email: [email protected]
Address: Electron Spark, 45 Queen Square, Bristol BS1 4LH, United Kingdom