Privacy Policy

1. Introduction

Crisp Flower Financial Services ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website crisp-flower.com and use our services.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Data

We may collect and process the following personal data about you:

• Contact Information: Name, email address, phone number, postal address
• Financial Information: Banking requirements, financial situation (as relevant to our services)
• Communication Data: Records of correspondence and communications with us
• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Information about how you use our website and services

2.2 Cookies

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our cookie usage, please refer to our Cookie Policy.

3. How We Use Your Information

We use your personal data for the following purposes:

• To provide and maintain our banking assistance services
• To communicate with you about our services
• To process your inquiries and applications
• To send you marketing communications (with your consent)
• To improve our website and services
• To comply with legal and regulatory obligations
• To protect against fraud and ensure security

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: For marketing communications and non-essential cookies
• Contract Performance: To provide our services and fulfill our obligations
• Legitimate Interests: For business operations, fraud prevention, and service improvement
• Legal Obligation: To comply with regulatory requirements

5. Data Sharing and Disclosure

We may share your personal data with:

• Banking Partners: To facilitate account opening processes
• Service Providers: Third-party vendors who assist in our operations
• Legal Authorities: When required by law or to protect our rights
• Professional Advisors: Lawyers, accountants, and other professional service providers

We ensure all third parties have appropriate data protection measures in place.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against:

• Unauthorized access or disclosure
• Accidental loss or destruction
• Malicious attacks or breaches
• Unlawful processing or use

Our security measures include encryption, access controls, regular security assessments, and staff training.

7. Data Retention

We retain your personal data only for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements

Retention periods vary depending on the type of data and purpose of processing, typically ranging from 6 months to 7 years for financial services records.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us using the details provided in Section 11.

9. International Transfers

We may transfer your personal data outside the UK to:

• Countries with adequate data protection laws
• Organizations with appropriate safeguards in place

All transfers are conducted in accordance with UK GDPR requirements and include appropriate safeguards.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in:

• Our business practices
• Legal or regulatory requirements
• Technology and security measures

We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date.

11. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):