Information on this site is advertising in nature

GDPR Information

Last updated: 15 June 2026

Our Commitment to Data Protection

marsh-jay is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides information about how we handle your personal data and your rights under data protection law.

Data Controller

For the purposes of data protection law, the data controller is:

marsh-jay Financial Services
47 Castle Street
Liverpool, L2 9UB
United Kingdom
Email: [email protected]

Lawful Bases for Processing

We process personal data under the following lawful bases as defined by the UK GDPR:

Consent (Article 6(1)(a))

Where you have given clear consent for us to process your personal data for a specific purpose. You have the right to withdraw consent at any time.

Contract (Article 6(1)(b))

Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation (Article 6(1)(c))

Where processing is necessary for compliance with a legal obligation to which we are subject.

Legitimate Interests (Article 6(1)(f))

Where processing is necessary for our legitimate interests or those of a third party, provided those interests do not override your fundamental rights and freedoms.

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month.

Right to Rectification (Article 16)

You have the right to request correction of any inaccurate personal data we hold about you.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose for which it was collected.

Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing of your personal data in certain circumstances.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests, including profiling.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal effects concerning you.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the details provided above. We may need to verify your identity before processing your request.

We will respond to your request within one month of receipt. If your request is complex, we may extend this period by up to two months, in which case we will inform you of the extension and the reasons for it.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Access controls limiting who can access personal data
  • Staff training on data protection responsibilities
  • Secure disposal of data when no longer needed

Data Breach Procedures

In the event of a personal data breach, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where required
  • Notify affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms
  • Document all breaches, including their effects and remedial action taken

International Data Transfers

We primarily process personal data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with data protection law.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, taking into account legal, regulatory, and operational requirements. When data is no longer required, it is securely deleted or anonymised.

Complaints

If you are not satisfied with how we handle your personal data or have concerns about our data protection practices, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.