GDPR Compliance

Your data protection rights explained

Last updated: January 2026

Our Commitment to Data Protection

Rapid Savings Ltd takes data protection seriously. As a pension advisory firm, we handle sensitive personal and financial information, and we recognise the trust our clients place in us to manage this data responsibly.

This page outlines how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and explains your rights as a data subject.

Data Controller Information

Rapid Savings Ltd is the data controller for personal information collected through our website and advisory services.

Registered Address:
47 Bartholomew Lane
London EC2N 2AB

Company Registration: 08547291
ICO Registration: ZA847291

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to upholding these rights.

Right to Be Informed

You have the right to know how your personal data is being collected and used. Our Privacy Policy provides this information in a clear and accessible format. We will always tell you what data we collect, why we need it, and how long we keep it.

Right of Access

You can request a copy of all personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond within one month and provide the information free of charge in most cases.

Right to Rectification

If any personal information we hold is inaccurate or incomplete, you have the right to have it corrected. We will make amendments within one month of your request and notify any third parties who have received the data.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances. However, we may need to retain some information to comply with FCA regulatory requirements.

Right to Restrict Processing

You can ask us to limit how we use your data while concerns are being resolved. During restriction, we will store your data but not process it further without your consent.

Right to Data Portability

Where technically feasible, you can request that we transfer your data to another organisation in a commonly used, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects concerning you. All advice is provided by qualified human advisers.

Exercising Your Rights

To exercise any of your data protection rights, you can contact us by:

  • Email: [email protected]
  • Post: Data Protection Officer, Rapid Savings Ltd, 47 Bartholomew Lane, London EC2N 2AB

We may need to verify your identity before processing your request. This helps protect your data from being disclosed to unauthorised individuals.

We aim to respond to all data protection requests within one month. If your request is complex, we may extend this period by up to two additional months, but we will inform you if this is necessary.

Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis for processing personal data. We rely on the following bases depending on the context:

Contractual Necessity

Processing required to provide our pension advisory services. When you engage us for advice, we need to collect and analyse your financial information to fulfil our contractual obligations.

Legal Obligation

Processing necessary to comply with laws and regulations. As an FCA-regulated firm, we are required to maintain records of advice, verify client identity, and report certain information to regulatory bodies.

Legitimate Interests

Processing necessary for our legitimate business interests where these do not override your fundamental rights. This includes maintaining our website, improving our services, and protecting against fraud.

Consent

Where you have given explicit consent for specific processing activities, such as receiving marketing communications. You can withdraw consent at any time.

Special Category Data

In some cases, we may process special category data, such as health information relevant to retirement planning. We only do so when:

  • You have given explicit consent
  • It is necessary for the provision of financial advice
  • It is required for legal claims or regulatory purposes

We apply additional safeguards to protect special category data, including limiting access to authorised personnel only.

Data Protection Impact Assessments

Where we introduce new processing activities that may pose high risks to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs). These help us identify and minimise data protection risks.

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Communicate directly with affected individuals without undue delay
  • Document the breach and our response
  • Take steps to mitigate any adverse effects

International Data Transfers

Personal data is primarily stored and processed within the United Kingdom. Where we need to transfer data internationally, we ensure one of the following safeguards is in place:

  • The receiving country has been assessed as providing adequate protection
  • Standard contractual clauses approved by the ICO are used
  • Your explicit consent has been obtained for the specific transfer

Complaints

If you are dissatisfied with how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: ico.org.uk

However, we would appreciate the opportunity to address your concerns before you contact the ICO. Please contact our Data Protection Officer first so we can try to resolve the matter directly.

Updates to This Information

We review our data protection practices regularly and may update this page to reflect changes in legislation or our procedures. Significant changes will be communicated to clients directly.