ZenithWave Capital Logo

GDPR Compliance Policy

Effective Date: 14/02/2025

ZenithWave Capital Limited ("Company," "we," "our," or "us") is committed to protecting the privacy and security of personal data. This GDPR Compliance Policy explains how we collect, process, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By engaging with our services, employees, contractors, clients, and any individuals whose data we process ("data subjects") acknowledge and agree to this policy.

1. Scope

This policy applies to employees, contractors, consultants, clients, students, investors, and any third parties whose data we process. It covers all personal data in any form processed by ZenithWave Capital Limited.

2. Data Protection Principles

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation
  • Data Minimization
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality
  • Accountability

3. Lawful Bases for Data Processing

  • Consent
  • Contractual Necessity
  • Legal Obligation
  • Legitimate Interests
  • Vital Interests
  • Public Task

4. Types of Data We Collect

A. Clients, Students & Investors

  • Full Name, Email, Phone
  • Payment Details
  • Identity Documents
  • IP Address and Device Info
  • Training Progress

B. Employees & Contractors

  • Date of Birth, Address
  • NI Number, Employment Data
  • Background Checks

5. Data Subject Rights

  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Right to Lodge a Complaint

Send requests to: support@zenithwavecapital.com

6. Data Retention

  • Client Data: 7 years
  • Employee Data: 6 years post-employment
  • Training Data: 3 years post-completion

7. Data Security

  • Encryption & Secure Storage
  • Access Controls
  • Regular Audits
  • Breach Response Plan

8. Third-Party Data Sharing

  • Regulators (FCA, HMRC)
  • Payment Processors & Banks
  • Certification Bodies
  • Security & Cloud Providers

9. International Transfers

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements
  • ICO Compliance

10. Data Breach Response

  • Report to DPO within 24 hours
  • Notify ICO within 72 hours if high risk
  • Inform affected users if needed

11. Compliance & Training

All employees must complete GDPR training. Audits and policies ensure adherence. Non-compliance may lead to disciplinary/legal actions.

12. Governing Law

This policy is governed by the UK GDPR and Data Protection Act 2018. Disputes can be filed with the ICO (www.ico.org.uk).

13. Contact

Data Protection Officer (DPO): support@zenithwavecapital.com
Address: Southbridge House, Southbridge Place, Croydon, CR0 4HA

14. Policy Review

This policy is reviewed annually or upon significant legal changes. By using our services, you agree to the terms of this GDPR Compliance Policy.