GDPR Compliance

1. Our Commitment to GDPR

Neon Insight is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting your personal data and respecting your privacy rights.

2. Data Controller Information

For the purposes of UK GDPR, the data controller is:

Neon Insight
45 Kingsway, London, WC2B 6AN, United Kingdom
Email: [email protected]

3. Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications).
• Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Processing is necessary to comply with legal obligations (e.g., financial regulations, tax law).
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests.

4. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

4.1 Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

4.2 Right to Rectification

You have the right to request correction of any information you believe is inaccurate or completion of information you believe is incomplete.

4.3 Right to Erasure

You have the right to request erasure of your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.

4.4 Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain conditions.

4.5 Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes.

4.6 Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you under certain conditions.

4.7 Right to Withdraw Consent

Where we rely on consent as the lawful basis for processing, you have the right to withdraw your consent at any time.

5. How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by up to two months and will inform you of any extension.

6. Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner.
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes only.
• Data Minimization: We collect only the data that is adequate, relevant, and limited to what is necessary.
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
• Storage Limitation: We keep personal data only for as long as necessary for the purposes it was collected.
• Integrity and Confidentiality: We process data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
• Accountability: We are responsible for and can demonstrate compliance with the data protection principles.

7. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Staff training on data protection and security
• Incident response procedures

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk to you, we will also communicate the breach directly to you without undue delay.

9. International Data Transfers

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by the UK authorities
• Binding corporate rules
• Other legally recognized transfer mechanisms

10. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you without human intervention.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods vary by data type:

• Financial consultation records: 7 years (regulatory requirement)
• Marketing consent records: Until consent is withdrawn
• Website analytics data: 26 months
• General correspondence: 3 years

12. Children's Data

Our services are not directed to children under 18. We do not knowingly process personal data of children without appropriate parental or guardian consent.

13. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: www.ico.org.uk

14. Updates to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated statement on our website.

15. Contact Information

For any questions about our GDPR compliance or to exercise your data protection rights, please contact us at:

Email: [email protected]
Address: 45 Kingsway, London, WC2B 6AN, United Kingdom