GDPR Compliance

Last updated: 15 April 2026

At metal-folio Financial Services Ltd, we take your data protection rights seriously. This page outlines our commitment to compliance with the UK General Data Protection Regulation (UK GDPR) and explains how we protect your personal data.

Our Commitment to Data Protection

We are committed to ensuring that your personal data is processed lawfully, fairly, and transparently. Our data protection practices are designed to give you control over your personal information while enabling us to provide you with quality financial guidance services.

Data Controller Information

metal-folio Financial Services Ltd acts as the data controller for personal information collected through our website and services. Our contact details are:

metal-folio Financial Services Ltd
47 Victoria Street
Birmingham, B1 3PE
United Kingdom
Email: [email protected]

Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be told how your personal data will be used. We provide this information through our Privacy Policy and at the point of data collection.

Right of Access

You can request a copy of all personal data we hold about you. We will respond to such requests within one month. This is commonly known as a Subject Access Request (SAR).

Right to Rectification

If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will respond within one month of receiving your request.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data where:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Please note that we may need to retain certain data to comply with legal or regulatory obligations.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances, such as while we verify the accuracy of data you have challenged.

Right to Data Portability

Where we process your data based on consent or contract performance, you can request to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision Making

You have rights relating to automated decision-making and profiling. We do not currently make decisions based solely on automated processing that produce legal or similarly significant effects.

Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so. The lawful bases we rely on include:

Contract

Processing personal data is necessary for the performance of a contract with you, such as providing financial guidance services you have requested.

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. Examples include:

  • Improving our services based on client feedback
  • Ensuring the security of our systems
  • Administrative purposes such as record keeping

Legal Obligation

Processing is necessary to comply with a legal obligation, such as tax reporting requirements or anti-money laundering regulations.

Consent

Where none of the above apply, we may seek your explicit consent for specific processing activities. You can withdraw consent at any time.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of personal data both in transit and at rest
  • Regular testing and evaluation of security measures
  • Access controls limiting who can view personal data
  • Staff training on data protection responsibilities
  • Incident response procedures for potential data breaches
  • Regular backups stored securely

Data Breach Procedures

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms
  • Document all breaches and the actions taken in response

International Data Transfers

We primarily process data within the United Kingdom. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK authorities or transfers to countries with an adequacy decision.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are determined by:

  • The nature of the data and the purposes for processing
  • Legal, regulatory, and contractual requirements
  • Legitimate business needs

Specific retention periods are detailed in our data retention policy, available upon request.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at:

Email: [email protected]

We will respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this by a further two months, in which case we will inform you.

We do not charge a fee for processing most requests. However, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive.

Complaints

If you are not satisfied with how we handle your data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.