GDPR Compliance

Our commitment to protecting your personal data under UK GDPR and Data Protection Act 2018

Data Controller Information

For the purposes of data protection legislation, quiet-credence acts as the data controller for personal information collected through our services.

Contact: [email protected]
Address: 127 Kensington High Street, London, W8 5SF, United Kingdom

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual necessity: Processing required to deliver the services you've engaged us to provide
  • Legitimate interests: Maintaining records of our service delivery and client communications
  • Legal obligation: Retention of records required by law
  • Consent: Where you've provided explicit consent for specific processing activities

Categories of Personal Data Processed

Depending on the service you use, we may process:

  • Identity data: Name, contact details
  • Health data: Information about medical conditions and functional limitations relevant to benefits applications
  • Financial data: Information about income, savings, and housing costs as relevant to benefits eligibility
  • Communication data: Correspondence between you and our service

Health information is processed as special category data under Article 9 of UK GDPR. We only process this data where you've provided explicit consent or where processing is necessary for reasons of substantial public interest.

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you. We'll provide this information within one month of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data where there's no compelling reason for us to continue processing it, subject to legal retention requirements.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request that we transfer your personal data to another service provider in a structured, commonly used format.

Right to Object

You can object to processing based on legitimate interests. We'll stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

We do not use automated decision making or profiling in our services.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal data. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Secure backup and disaster recovery procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to meet legal obligations.

Client records related to benefits application guidance are typically retained for six years after service completion. This retention period allows us to respond to any queries about our services and meet professional record-keeping requirements.

You may request earlier deletion of your data, subject to our legal obligations to retain certain records.

International Data Transfers

We do not transfer personal data outside the United Kingdom. All data processing occurs within UK-based systems.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. Where required by law, we will also notify the Information Commissioner's Office within 72 hours of becoming aware of the breach.

Third-Party Data Processors

We use carefully selected third-party service providers to support our operations. These processors handle personal data only on our instructions and under appropriate contractual safeguards.

Current processors include:

  • Email service providers for client communication
  • Secure document storage services

All processors are required to implement appropriate data protection measures and are regularly assessed for compliance.

Exercising Your Rights

To exercise any of your data protection rights, contact us at [email protected]. Please include sufficient information to identify yourself and specify which right you wish to exercise.

We'll respond to valid requests within one month. In complex cases, this period may be extended by two months, and we'll inform you of any extension and the reasons for it.

Complaints

If you believe we've processed your personal data in violation of data protection law, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Information

We may update our GDPR compliance information periodically to reflect changes in our practices or legal requirements. Material changes will be communicated to active clients via email.