GDPR Compliance Statement

Last updated: 14 April 2026

void-shield Financial Consultancy Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This statement outlines how we uphold our data protection obligations and respect your rights as a data subject.

Our Role as Data Controller

For the personal data we collect through our website and business operations, void-shield Financial Consultancy Ltd acts as the data controller. We determine the purposes and means of processing personal data and are responsible for ensuring this processing complies with data protection law.

In certain circumstances, when providing consultancy services, we may also act as a data processor on behalf of our clients. In such cases, we process data only in accordance with our clients' documented instructions.

Data Protection Principles

We adhere to the core principles of data protection in all our processing activities:

Lawfulness, Fairness and Transparency

We process personal data only where we have a valid legal basis, treat individuals fairly, and are open about how we use their information. Our Privacy Policy and this statement aim to provide clear information about our data practices.

Purpose Limitation

We collect personal data for specified, explicit purposes and do not process it in ways incompatible with those purposes. If we need to use data for a new purpose, we will inform you and, where necessary, seek your consent.

Data Minimisation

We collect only the personal data that is necessary for the purposes we have identified. We regularly review the data we hold to ensure it remains relevant and necessary.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. We encourage individuals to inform us if their information changes and provide straightforward ways to update records.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected. Our retention schedules specify how long different categories of data are kept, taking into account legal requirements and business needs.

Integrity and Confidentiality

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

Your Rights Under UK GDPR

As a data subject, you have specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right of Access

You may request confirmation of whether we process your personal data and, if so, obtain a copy of that data along with information about how we process it. We aim to respond to access requests within one month.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will act on rectification requests promptly and inform any third parties to whom we have disclosed the data.

Right to Erasure

In certain circumstances, you may request the deletion of your personal data. This right applies, for example, when the data is no longer necessary for its original purpose, when you withdraw consent (where consent was the legal basis), or when processing was unlawful.

Right to Restrict Processing

You may request that we limit our processing of your personal data in specific situations, such as when you contest the accuracy of the data or when you have objected to processing and we are considering whether our legitimate grounds override yours.

Right to Data Portability

Where processing is based on consent or contractual necessity and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You may object to processing based on our legitimate interests or for direct marketing purposes. Where you object, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not currently make decisions based solely on automated processing that produce legal or similarly significant effects. Should this change, we will ensure appropriate safeguards are in place.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond to valid requests within one month, though this period may be extended by two further months for complex requests.

If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Data Protection Officer

Given the nature and scale of our data processing activities, we have not appointed a formal Data Protection Officer. However, our Managing Director maintains oversight of data protection compliance, and enquiries may be directed to:

void-shield Financial Consultancy Ltd
Suite 412, Hardman House
Spinningfields
Manchester M3 3EB
Email: [email protected]

Data Processing Records

We maintain records of our processing activities as required by Article 30 of the UK GDPR. These records document the categories of data we process, the purposes of processing, data recipients, and retention periods.

Data Breach Procedures

We have implemented procedures to detect, investigate, and report personal data breaches. Where a breach is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours. Where the risk is high, we will also inform affected individuals without undue delay.

Updates to This Statement

We review and update this GDPR compliance statement periodically to reflect changes in our practices, technology, legal requirements, and other factors. The date at the top indicates when this statement was last revised.