GDPR Compliance

Last updated: May 7, 2026

Zesty Vault is committed to complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines how we fulfill our obligations under these regulations.

1. Data Controller

Zesty Vault acts as the data controller for personal information collected through our website and services. Our contact details are:

Zesty Vault Financial Services
42 Park Street
Bristol BS1 5JG
United Kingdom
Email: [email protected]

2. Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you explicitly agree to our processing of your data for specific purposes
• Contract: When processing is necessary to fulfill our service agreement with you
• Legal obligation: When we must process data to comply with UK financial regulations
• Legitimate interests: When processing is necessary for our legitimate business interests, provided this does not override your rights

3. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to be informed: You have the right to know how we use your data
• Right of access: You can request a copy of the personal data we hold about you
• Right to rectification: You can ask us to correct inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data (subject to legal retention requirements)
• Right to restrict processing: You can ask us to limit how we use your data
• Right to data portability: You can request your data in a structured, commonly used format
• Right to object: You can object to certain types of processing
• Rights related to automated decision-making: We do not use automated decision-making or profiling

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

5. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Staff training on data protection practices
• Incident response and breach notification procedures

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach.

7. International Data Transfers

We do not transfer personal data outside the United Kingdom or European Economic Area. If this changes, we will ensure appropriate safeguards are in place.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Financial services records are typically retained for seven years in accordance with UK regulatory requirements.

9. Third-Party Processors

Where we engage third-party service providers to process personal data on our behalf, we ensure they:

• Process data only on our documented instructions
• Maintain appropriate security measures
• Comply with GDPR requirements
• Enter into data processing agreements with us

10. Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

11. Updates to This Policy

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.