GDPR Compliance

Our Commitment to GDPR

MeadowQuest Ride is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about how we meet our obligations under these regulations.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

MeadowQuest Ride
47 Hartington Gardens
London SW7 4JB
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases as defined in Article 6 of the GDPR:

Contractual Necessity (Article 6(1)(b))

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This applies when you engage our pension planning services.

Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations, including financial services regulations, anti-money laundering requirements, and tax laws.

Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests in:

• Operating and managing our business
• Improving our services
• Preventing fraud and ensuring security
• Marketing our services to existing clients

We have assessed that these interests are not overridden by your rights and freedoms.

Consent (Article 6(1)(a))

Where we rely on consent, you have the right to withdraw it at any time by contacting us.

Your GDPR Rights

Under the UK GDPR, you have the following rights:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, though this may be limited by legal retention requirements applicable to financial services.

Right to Restriction of Processing (Article 18)

You can request that we restrict processing of your personal data in specific situations.

Right to Data Portability (Article 20)

You can request that we transfer your personal data to another organization or provide it to you in a structured, commonly used format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this by an additional two months and will inform you of any such extension.

Data Protection Principles

We process personal data in accordance with the following GDPR principles:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. We clearly communicate how we use your data through this website and our Privacy Policy.

Purpose Limitation

We collect personal data for specific, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date. Inaccurate data is erased or rectified without delay.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal and regulatory requirements.

Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure security of personal data, protecting against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Accountability

We are responsible for demonstrating compliance with GDPR principles and maintain records of our processing activities.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard contractual clauses
• Binding corporate rules

Data Security Measures

We implement appropriate technical and organizational measures including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments and penetration testing
• Staff training on data protection and security
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach where required by law.

Third-Party Processors

Where we engage third-party processors, we ensure they:

• Provide sufficient guarantees of GDPR compliance
• Process data only on our documented instructions
• Maintain appropriate security measures
• Assist us in responding to data subject requests

We maintain contracts with all processors that meet GDPR requirements under Article 28.

Contact and Complaints

If you have concerns about how we process your personal data, please contact us first at [email protected].

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: meadowquest-ride.com
Helpline: 0303 123 1113

Updates to This Information

We may update this GDPR information to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.