GDPR Compliance Statement

Last Updated: May 6, 2026

Our Commitment to Data Protection

Vector-tide is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting personal data and upholding the rights of individuals whose information we process.

Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you voluntarily provide information through our enquiry forms or explicitly agree to specific data processing activities
• Contract Performance: When processing is necessary to fulfill our service agreements with clients
• Legal Obligation: When we must process data to comply with UK financial regulations and legal requirements
• Legitimate Interests: When processing serves our legitimate business interests while respecting your rights and freedoms

Data Controller Information

Vector-tide acts as the data controller for personal information collected through this website and our service engagements. We are responsible for determining how and why your personal data is processed.

Categories of Personal Data We Process

Depending on your interaction with our services, we may process the following categories of personal data:

• Identity data (name, title)
• Contact data (email address, postal address)
• Financial data (income, assets, liabilities, investment holdings)
• Transaction data (details of services purchased or enquired about)
• Technical data (IP address, browser type, device information)
• Usage data (how you interact with our website)
• Communication data (correspondence and enquiry history)

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction.

Right to Erasure

You may request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or if you withdraw consent.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as while we verify data accuracy or assess legitimate grounds for processing.

Right to Data Portability

You have the right to receive personal data you provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

We may require proof of identity before processing your request to ensure we are disclosing information only to the rightful individual.

Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations:

• Enquiry data from non-clients: Up to 2 years
• Client financial records: Minimum 6 years from end of engagement (as required by UK financial regulations)
• Marketing communications data: Until consent is withdrawn
• Website analytics data: Up to 26 months

International Data Transfers

We process and store personal data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with UK GDPR requirements.

Data Security Measures

We implement technical and organizational security measures to protect personal data against unauthorized access, loss, or destruction:

• Encrypted data transmission and storage
• Access controls limiting who can view personal data
• Regular security assessments and updates
• Staff training on data protection responsibilities
• Secure backup and disaster recovery procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR.

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our data processing practices or legal requirements. Significant updates will be communicated through our website.

Contact for Data Protection Enquiries

For questions about how we process your personal data or to exercise your GDPR rights, please contact us at [email protected].