Information on this site is advertising in nature.

GDPR Policy

Our commitment to data protection compliance

Our Commitment to GDPR Compliance

breeze-reach is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we meet our obligations as a data controller and processor.

Data Controller Information

For the purposes of data protection legislation, breeze-reach acts as a data controller for the personal information we collect through our website and service enquiries. When providing accounting services, we may also act as a data processor on behalf of our clients.

Contact details:
Email: [email protected]
Address: 47 Commerce Street, Manchester, M4 1PW, United Kingdom

Principles of Data Processing

We adhere to the following principles when processing personal data:

  • Lawfulness, fairness, and transparency: We process data lawfully and transparently, ensuring individuals understand how their data is used.
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.
  • Data minimisation: We only collect data that is adequate, relevant, and limited to what is necessary.
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
  • Storage limitation: We retain personal data only for as long as necessary for the purposes it was collected.
  • Integrity and confidentiality: We process data securely, protecting against unauthorised or unlawful processing and accidental loss.

Lawful Bases for Processing

We rely on the following lawful bases for processing personal data:

Contract Performance

Processing necessary to perform our accounting services or take steps before entering into a service agreement with you.

Legal Obligation

Processing required to comply with legal obligations, including anti-money laundering regulations, tax legislation, and professional regulatory requirements.

Legitimate Interests

Processing necessary for our legitimate business interests, provided these do not override your fundamental rights. This includes improving our services, maintaining business records, and marketing to existing clients.

Consent

Where we rely on consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you. We will respond within one month of receiving your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. This right does not apply where we are required to retain data for legal or regulatory purposes.

Right to Restriction of Processing

You can request that we restrict processing of your personal data in certain circumstances, such as while we verify accuracy of disputed data.

Right to Data Portability

Where processing is based on consent or contract and is automated, you can request your data in a structured, commonly used format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that has legal or similarly significant effects on individuals.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication procedures
  • Regular security assessments and updates
  • Staff training on data protection
  • Secure disposal of data when no longer needed
  • Incident response procedures for potential data breaches

Data Breach Procedures

In the event of a personal data breach, we will:

  • Assess the risk to individuals' rights and freedoms
  • Notify the Information Commissioner's Office within 72 hours where required
  • Notify affected individuals without undue delay where there is a high risk to their rights
  • Document all breaches and remedial actions taken

International Data Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequate data protection laws
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules where applicable

Third-Party Processors

We only use third-party processors who provide sufficient guarantees of GDPR compliance. We maintain written contracts with all processors that include required data protection provisions.

Complaints

If you are not satisfied with how we handle your personal data, you can contact us to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Policy Updates

This policy is reviewed regularly and updated as necessary to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

We use cookies to improve your experience on our site. By continuing to browse, you agree to our use of cookies.

Learn more about our Cookie Policy