GDPR Compliance

Last Updated: May 6, 2026

Our Commitment to GDPR

iceberg-portal is committed to full compliance with the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently, respecting the rights of all individuals whose data we handle.

Data Controller Information

iceberg-portal acts as the data controller for personal information collected through our website and services.

Contact Details:
Email: [email protected]
Address: 45 Deansgate, Manchester M3 2AY, United Kingdom

Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent

When you submit information through our contact forms or subscribe to communications, you provide explicit consent for us to process your data for the specified purposes.

Contractual Necessity

Processing is necessary to fulfill our contractual obligations when providing financial management services to you.

Legitimate Interests

We process certain data based on legitimate business interests, such as improving our services, preventing fraud, and maintaining website security. We ensure these interests do not override your fundamental rights and freedoms.

Legal Obligations

We process data when required to comply with legal and regulatory obligations, including financial services regulations, tax laws, and anti-money laundering requirements.

Your Rights Under GDPR

Right to Access

You have the right to request access to your personal data. We will provide a copy of your data in a structured, commonly used format.

Right to Rectification

You can request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.

Right to Erasure

You may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose or when you withdraw consent.

Note that we may be required to retain certain information for legal or regulatory compliance, even after a deletion request.

Right to Restrict Processing

You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a portable format and transmit it to another controller where technically feasible.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing conducted before withdrawal.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not currently employ fully automated decision-making processes.

Exercising Your Rights

To exercise any of your GDPR rights, contact us at [email protected] with:

  • Your full name and contact information
  • Clear description of your request
  • Verification of your identity (for security purposes)

We will respond to valid requests within one month. In complex cases, we may extend this period by two additional months, providing explanation for the delay.

Data Protection Measures

Technical Security

We implement industry-standard technical measures including:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Firewall protection and intrusion detection

Organizational Security

Our organizational measures include:

  • Staff training on data protection principles
  • Confidentiality agreements with employees and contractors
  • Regular policy reviews and updates
  • Data protection impact assessments for high-risk processing

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law.

Retention periods vary depending on:

  • Type of data collected
  • Purpose of collection
  • Legal and regulatory requirements
  • Contractual obligations

Financial services regulations may require retention of certain records for specific periods, typically six years from the end of a client relationship.

International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses
  • Binding corporate rules

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and our response
  • Implement measures to mitigate potential harm

Third-Party Processing

When we engage third-party service providers who process personal data on our behalf, we ensure:

  • Written contracts with data protection provisions
  • Adequate security measures are implemented
  • Processing occurs only according to our instructions
  • Appropriate safeguards for international transfers

Children's Data

Our services are not intended for individuals under 18. We do not knowingly collect or process personal data from children. If we become aware of such processing, we will delete the data promptly.

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or direct notification where appropriate.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

In the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Telephone: 0303 123 1113

Contact for Data Protection Matters

For questions, concerns, or requests related to data protection and GDPR compliance, contact us at:

Email: [email protected]
Address: 45 Deansgate, Manchester M3 2AY, United Kingdom

We take data protection seriously and will address your inquiries promptly and thoroughly.