GDPR Compliance Statement

Last updated: May 10, 2026

Our Commitment to Data Protection

magneto-wave is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure compliance with all applicable data protection legislation.

Data Controller Information

For the purposes of data protection legislation, magneto-wave is the data controller responsible for your personal information.

Data Controller: magneto-wave
Address: 42 Kingsway Avenue, Manchester, M20 4BY, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so under Article 6 of the UK GDPR:

1. Contract (Article 6(1)(b))

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes:

• Providing financial consultation services you've booked
• Managing your service appointments and communications
• Delivering personalized financial reports and recommendations

2. Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate business interests, provided these do not override your rights. This includes:

• Operating and improving our website and services
• Preventing fraud and ensuring security
• Internal business administration and record-keeping
• Analyzing service usage to enhance user experience

3. Consent (Article 6(1)(a))

Where we have obtained your explicit consent for specific processing activities, such as:

• Sending marketing communications and newsletters
• Using non-essential cookies for analytics

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations, including:

• Maintaining financial records as required by law
• Responding to lawful requests from regulatory authorities
• Complying with tax and accounting obligations

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data, along with supplementary information about the processing.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your rights, please contact us at [email protected] with the subject line "Data Rights Request." We will respond to your request within one month, though this may be extended by two further months in complex cases.

We may need to verify your identity before fulfilling your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

Data Security Measures

We have implemented appropriate technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication protocols
• Regular security assessments and updates
• Staff training on data protection principles
• Secure data storage and backup procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, in accordance with Article 34 of the UK GDPR.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law:

• Client consultation records: 7 years (professional regulatory requirements)
• Financial planning documents: 7 years (tax and regulatory compliance)
• Marketing consent records: Until consent is withdrawn or 3 years of inactivity
• Website analytics data: 26 months

Third-Party Data Processors

When we engage third-party service providers to process data on our behalf, we ensure:

• Appropriate written contracts are in place (Data Processing Agreements)
• Processors provide sufficient guarantees of compliance with UK GDPR
• Processors only process data on our documented instructions
• Appropriate security measures are implemented

International Data Transfers

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard Contractual Clauses approved by the ICO
• Binding Corporate Rules where applicable

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms, particularly when introducing new technologies or processing sensitive data.

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data of children. If we become aware that we have collected data from a child, we will delete it promptly.

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Tel: 0303 123 1113
Website: magneto-wave.com

Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the most recent changes were made.

Contact Our Data Protection Officer

For questions about our GDPR compliance or data protection practices, please contact us:

Email: [email protected]
Address: 42 Kingsway Avenue, Manchester, M20 4BY, United Kingdom