GDPR Compliance

Last updated: January 2024

Our Commitment to Data Protection

brisk-tax is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we ensure your data protection rights are respected.

Data Controller

brisk-tax is the data controller for personal information collected through our website and services. This means we determine how and why your personal data is processed.

Contact Details:
Email: [email protected]
Address: 47 Redchurch Street, Shoreditch, London E2 7DJ

Your Rights Under GDPR

The UK GDPR provides you with the following rights:

Right to be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides this information in detail.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. Contact us to update your information.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

• When the data is no longer necessary for its original purpose
• When you withdraw consent (where consent was the legal basis)
• When you object to processing and there are no overriding legitimate grounds

Right to Restrict Processing

You can request that we limit how we use your data while a complaint or query is being resolved.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing of your personal data for:

• Direct marketing (we will stop immediately)
• Processing based on legitimate interests (we will stop unless we can demonstrate compelling legitimate grounds)

Rights Related to Automated Decision Making

You have rights related to automated decision making and profiling. Currently, brisk-tax does not use automated decision-making that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• Post: 47 Redchurch Street, Shoreditch, London E2 7DJ

We will respond to your request within one month. In complex cases, this may be extended by up to two additional months, in which case we will inform you of the delay and the reasons.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Contractual necessity: To fulfil bookings and provide our services
• Legitimate interests: For business operations, service improvement, and customer relationship management
• Consent: For marketing communications and optional services
• Legal obligation: To comply with tax, health and safety, and other legal requirements

Data Protection Measures

We implement appropriate technical and organisational measures including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Data minimisation practices
• Secure disposal of data when no longer needed

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office within 72 hours
• Notify affected individuals without undue delay if there is a high risk
• Document all breaches and our response

International Transfers

Where we transfer personal data outside the UK, we ensure adequate protection through:

• Transfers to countries with adequacy decisions
• Standard contractual clauses
• Other appropriate safeguards

Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Website: ico.org.uk
Telephone: 0303 123 1113

Updates to This Notice

We may update this GDPR compliance notice from time to time. Significant changes will be communicated through our website.