GDPR Compliance Statement

Last updated: May 7, 2026

Our Commitment to GDPR

brisk-memo is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure compliance.

Data Controller

For the purposes of UK GDPR, brisk-memo is the data controller for personal data we collect and process. Our contact details are:

brisk-memo Financial Services
42 Grey Street
Newcastle upon Tyne
NE1 6AE
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The lawful bases we rely on include:

  • Consent: Where you have given us clear, informed consent to process your personal data for specific purposes
  • Contract: Where processing is necessary to perform our contract with you or to take steps at your request before entering into a contract
  • Legal Obligation: Where we need to process your data to comply with legal or regulatory obligations
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided this does not override your rights and freedoms

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

1. Right to be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.

2. Right of Access

You have the right to request access to your personal data. This is commonly known as a "subject access request" and allows you to receive a copy of the personal data we hold about you.

3. Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

4. Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

5. Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7. Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the lawful basis. You also have an absolute right to object to processing for direct marketing purposes.

8. Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling. We do not currently use automated decision-making or profiling for our services.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

  • Email: [email protected]
  • Post: brisk-memo Financial Services, 42 Grey Street, Newcastle upon Tyne, NE1 6AE, United Kingdom

We will respond to your request within one month of receipt. In complex cases, we may extend this period by a further two months, and we will inform you if this is necessary.

Data Security Measures

We have implemented appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication measures
  • Staff training on data protection and security
  • Secure backup and disaster recovery procedures
  • Regular software updates and patches

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Client relationship data: Duration of relationship plus up to 7 years
  • Financial records: Up to 7 years (as required by UK tax law)
  • Marketing consent: Until consent is withdrawn or after 3 years of inactivity
  • Website analytics data: Up to 26 months

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
  • Document all data breaches and the actions taken in response

International Data Transfers

We primarily process data within the United Kingdom. If we transfer your personal data outside the UK, we will ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the ICO
  • Transfers to countries with adequacy decisions
  • Other legally recognized transfer mechanisms

Children's Data

Our services are not directed at children under 18 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Updates to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes.

Complaints

If you are not satisfied with how we handle your personal data or how we respond to your requests, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at [email protected].