GDPR - Your Data Protection Rights
Last updated: April 7, 2026
Our Commitment to Data Protection
KentshiremBritAi Limited is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We believe transparency and control over your personal data are fundamental rights, and we've designed our practices to honor these principles.
This page explains your rights under data protection law and how to exercise them when dealing with our organization.
Data Controller Information
For the purposes of data protection legislation, the data controller is:
KentshiremBritAi Limited
Company Registration Number: 11842057
Registered Address: 42 Deansgate Boulevard, Manchester M3 2FE, United Kingdom
Email: [email protected]
Your Individual Rights
1. Right of Access
You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with specific information about how it's being used.
What you can request:
- A copy of your personal data we hold
- Information about the purposes of processing
- Details of who your data has been shared with
- How long we intend to store your data
- Information about the source of the data if not collected directly from you
Response time: We will respond within one month of receiving your request. In complex cases, we may extend this by two additional months and will inform you of any delay.
2. Right to Rectification
If your personal information is inaccurate or incomplete, you have the right to have it corrected or completed.
How it works: Simply inform us of the specific information that needs updating, and we will make the corrections promptly. We will also notify any third parties with whom we've shared the data unless this proves impossible or involves disproportionate effort.
3. Right to Erasure (Right to be Forgotten)
In certain circumstances, you can request that we delete your personal data.
This right applies when:
- The data is no longer necessary for the purposes it was collected
- You withdraw consent and there's no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Deletion is required to comply with a legal obligation
Important limitations: We may be unable to delete your data if we need to retain it for legal or regulatory compliance, such as financial record-keeping requirements that mandate seven-year retention periods.
4. Right to Restrict Processing
You can request that we limit how we use your data in certain situations, rather than deleting it entirely.
Applicable when:
- You contest the accuracy of the data (restriction applies while we verify)
- Processing is unlawful but you prefer restriction over deletion
- We no longer need the data but you need it for legal claims
- You've objected to processing (restriction applies while we verify our legitimate grounds)
When processing is restricted, we can store the data but not use it without your consent except for legal claims or to protect others' rights.
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
This right applies when:
- Processing is based on your consent or performance of a contract
- Processing is carried out by automated means
Format: We will provide your data in CSV or JSON format unless you specify another preference.
6. Right to Object
You have the right to object to processing of your personal data in certain circumstances.
Grounds for objection:
- Direct marketing: You can object at any time, and we will stop processing your data for marketing purposes immediately
- Legitimate interests: You can object to processing based on our legitimate interests if your situation gives you grounds to do so. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests
7. Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significant effects on you.
Our practice: We do not currently use automated decision-making or profiling in our service delivery. All consultations and recommendations involve human judgment and review.
8. Right to Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time.
Effect of withdrawal: Withdrawing consent does not affect the lawfulness of processing conducted before the withdrawal. We will stop processing your data for that purpose going forward unless we have another legal basis for doing so.
How to Exercise Your Rights
To exercise any of the rights described above, please contact us:
Email: [email protected]
Subject line: GDPR Data Subject Request
Include: Your full name, contact details, and a clear description of your request
Verification Process
To protect your privacy and security, we must verify your identity before fulfilling data subject requests. We may ask for additional identification information if your identity is not clear from your initial contact.
No Fee Required
We will not charge a fee for processing your request unless it is manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee or refuse to act on the request.
Data Processing Activities
We process personal data for the following purposes, each with its own legal basis:
Providing financial education consultations and workshops
Responding to inquiries and maintaining ongoing client relationships
Handling service payments and maintaining financial records
Sending information about our services and educational content
Analyzing website usage to improve user experience
Data Transfers
We primarily store and process your data within the United Kingdom. In limited circumstances, some data may be transferred to service providers located in other countries. When this occurs:
- We ensure the country provides an adequate level of data protection as recognized by UK law
- We use appropriate safeguards such as Standard Contractual Clauses
- We conduct due diligence on the recipient's data protection practices
Children's Data
Our services are designed for adults aged 18 and over. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected data from someone under 18, we will delete it promptly.
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office within 72 hours of becoming aware
- Inform affected individuals without undue delay if the breach poses a high risk
- Describe the nature of the breach, its likely consequences, and the measures we're taking to address it
Changes to Our Data Protection Practices
We regularly review our data protection practices to ensure ongoing compliance with current legislation. Any material changes will be communicated through our website and, where appropriate, directly to affected individuals.
Questions and Complaints
If you have questions about how we handle your personal data or wish to make a complaint, please contact us first at [email protected]. We will investigate and respond to your concern promptly.
Supervisory Authority
You also have the right to lodge a complaint directly with the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: kentshirembritai.com
Related Policies
For additional information about how we protect your data, please review:
- Privacy Policy - Comprehensive overview of our data practices
- Cookies Policy - Information about cookies and tracking technologies
- Terms of Use - General terms governing use of our website and services