GDPR Compliance

Your data protection rights under UK GDPR

Vertis Peak Advisory Services Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and how you can exercise your rights.

Our Commitment to Data Protection

As a benefits advisory service, we handle sensitive personal information including health data and financial details. We take this responsibility seriously and have implemented comprehensive measures to ensure compliance with data protection law.

We are registered with the Information Commissioner's Office (ICO) under registration number ZA847291. You can verify our registration at ico.org.uk.

Lawful Basis for Processing

We only process personal data when we have a valid legal basis. The bases we rely on include:

Contractual Necessity

When you engage our advisory services, we need to process your personal information to fulfil our agreement with you. This includes collecting details about your circumstances, preparing applications, and communicating with relevant authorities on your behalf.

Legal Obligation

Certain processing is required by law. For example, we must retain financial records for tax purposes and may be required to disclose information in response to lawful requests from authorities.

Legitimate Interests

We may process data based on legitimate business interests where your rights don't override those interests. This includes improving our services, maintaining security, and internal administration. We always conduct balancing tests to ensure this processing is fair.

Explicit Consent

For special category data such as health information, we obtain your explicit consent before processing. You can withdraw this consent at any time, though this may affect our ability to continue providing services.

Your Rights Under UK GDPR

You have comprehensive rights regarding your personal data:

Right to Be Informed

You have the right to know what personal data we hold about you, why we hold it, and what we do with it. Our Privacy Policy and this page provide that information. We also explain our data practices when you first engage our services.

Right of Access

You can request a copy of all personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month, providing your data in a commonly used electronic format. There is no charge for this unless the request is manifestly unfounded or excessive.

Right to Rectification

If any information we hold about you is inaccurate or incomplete, you have the right to have it corrected. Please contact us if you believe any of your details need updating.

Right to Erasure

In certain circumstances, you can request we delete your personal data. This applies when the data is no longer necessary for the purpose it was collected, you withdraw consent, or the data has been unlawfully processed. Note that we may need to retain some data for legal or regulatory reasons.

Right to Restrict Processing

You can ask us to limit how we use your data. This might apply while we verify the accuracy of information you've disputed, or where you object to processing but we need to verify whether we have overriding legitimate grounds.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, machine-readable format. You can also ask us to transmit this data directly to another organisation where technically feasible.

Right to Object

You can object to processing based on legitimate interests or processing for direct marketing purposes. For legitimate interests, we must stop unless we can demonstrate compelling grounds that override your interests. For direct marketing, we will always stop upon request.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you. All decisions about your case are made by our human advisors.

Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Post: Data Protection Officer, Vertis Peak Advisory Services Ltd, 14 Welfare House, Bridge Street, Manchester, M3 2RJ

We will respond to all requests within one month. If a request is complex or we receive multiple requests, we may extend this by a further two months, but we will inform you within the first month.

We may need to verify your identity before acting on a request. This protects your data from being disclosed to someone falsely claiming to be you.

Data Protection by Design

We embed data protection principles into all our business processes:

  • We collect only the minimum data necessary for each purpose
  • We implement access controls so staff only see data relevant to their role
  • We use encryption for data storage and transmission
  • We regularly review what data we hold and delete what's no longer needed
  • We assess the privacy impact of new projects or changes to processing

International Transfers

We primarily process data within the United Kingdom. Where data is transferred outside the UK (for example, through cloud service providers), we ensure adequate protection through:

  • Transfers to countries with adequacy decisions
  • Standard Contractual Clauses approved by the ICO
  • Other appropriate safeguards as required by law

Data Breach Procedures

We maintain robust procedures for detecting, investigating, and reporting personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you directly without undue delay.

Staff Training and Awareness

All our staff receive data protection training as part of their induction and ongoing professional development. We maintain awareness of current threats and best practices to keep your data secure.

Complaints

If you believe we have not handled your data in accordance with the law, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

Updates to This Information

We review our GDPR compliance regularly and will update this page to reflect any changes in our practices or the law. The date at the top of this page indicates when it was last updated.

Contact Our Data Protection Officer

For any questions about data protection or to exercise your rights:

Email: [email protected]
Subject line: Data Protection Enquiry

We use cookies to improve your experience on our site. Essential cookies are necessary for the website to function. You can choose to accept or reject optional cookies.

Cookie Preferences

Essential Cookies

Required for the website to function properly. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website to improve our services.

Marketing Cookies

Used to deliver relevant content and measure the effectiveness of our outreach.