GDPR Compliance
Our commitment to protecting your personal data under UK GDPR and Data Protection Act 2018
Data Controller Information
For the purposes of data protection legislation, quiet-credence acts as the data controller for personal information collected through our services.
Contact: [email protected]
Address: 127 Kensington High Street, London, W8 5SF, United Kingdom
Legal Basis for Processing
We process your personal data under the following legal bases:
- Contractual necessity: Processing required to deliver the services you've engaged us to provide
- Legitimate interests: Maintaining records of our service delivery and client communications
- Legal obligation: Retention of records required by law
- Consent: Where you've provided explicit consent for specific processing activities
Categories of Personal Data Processed
Depending on the service you use, we may process:
- Identity data: Name, contact details
- Health data: Information about medical conditions and functional limitations relevant to benefits applications
- Financial data: Information about income, savings, and housing costs as relevant to benefits eligibility
- Communication data: Correspondence between you and our service
Health information is processed as special category data under Article 9 of UK GDPR. We only process this data where you've provided explicit consent or where processing is necessary for reasons of substantial public interest.
Your Data Protection Rights
Under UK GDPR, you have the following rights:
Right to Access
You can request a copy of the personal data we hold about you. We'll provide this information within one month of your request.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data where there's no compelling reason for us to continue processing it, subject to legal retention requirements.
Right to Restrict Processing
You can request that we limit how we use your personal data in certain circumstances.
Right to Data Portability
You can request that we transfer your personal data to another service provider in a structured, commonly used format.
Right to Object
You can object to processing based on legitimate interests. We'll stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Rights Related to Automated Decision Making
We do not use automated decision making or profiling in our services.
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal data. These measures include:
- Encryption of data in transit and at rest
- Access controls and authentication requirements
- Regular security assessments and updates
- Staff training on data protection responsibilities
- Secure backup and disaster recovery procedures
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to meet legal obligations.
Client records related to benefits application guidance are typically retained for six years after service completion. This retention period allows us to respond to any queries about our services and meet professional record-keeping requirements.
You may request earlier deletion of your data, subject to our legal obligations to retain certain records.
International Data Transfers
We do not transfer personal data outside the United Kingdom. All data processing occurs within UK-based systems.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. Where required by law, we will also notify the Information Commissioner's Office within 72 hours of becoming aware of the breach.
Third-Party Data Processors
We use carefully selected third-party service providers to support our operations. These processors handle personal data only on our instructions and under appropriate contractual safeguards.
Current processors include:
- Email service providers for client communication
- Secure document storage services
All processors are required to implement appropriate data protection measures and are regularly assessed for compliance.
Exercising Your Rights
To exercise any of your data protection rights, contact us at [email protected]. Please include sufficient information to identify yourself and specify which right you wish to exercise.
We'll respond to valid requests within one month. In complex cases, this period may be extended by two months, and we'll inform you of any extension and the reasons for it.
Complaints
If you believe we've processed your personal data in violation of data protection law, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
Updates to This Information
We may update our GDPR compliance information periodically to reflect changes in our practices or legal requirements. Material changes will be communicated to active clients via email.