GDPR Compliance

Our Commitment to Data Protection

Solar Claim Ltd operates in full compliance with UK GDPR and the Data Protection Act 2018. We recognise that the personal information entrusted to us when pursuing pension claims is sensitive and deserves the highest standard of protection.

This page provides specific information about how we meet our obligations under data protection law and how you can exercise your rights.

Who We Are

Solar Claim Ltd is the data controller for personal information collected and processed in connection with our pension claims services.

Company Details:

• Registered company name: Solar Claim Ltd
• Company number: 12847563
• Registered address: 47 Colmore Row, Birmingham, B3 2BS
• ICO registration number: ZB394827
• FCA registration number: 894762

Our Data Protection Officer can be contacted at [email protected].

Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so. The specific basis depends on the purpose of processing.

Contractual Necessity

When you engage us to handle your pension claim, processing your information is necessary to perform our contract with you. This includes assessing your case, gathering evidence, submitting complaints, and pursuing compensation.

Legal Obligation

As a regulated financial services firm, we must comply with various legal requirements. This includes maintaining records for specified periods, conducting anti-money laundering checks, and cooperating with regulatory investigations.

Legitimate Interests

We process some information based on legitimate interests, such as improving our services, managing business operations, and protecting against fraud. We balance these interests against your rights and will only process data where our interests are not overridden by your interests or fundamental rights.

Consent

For certain activities, such as marketing communications or non-essential cookies, we rely on your consent. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Data Protection Principles

We adhere to the core data protection principles established by UK GDPR.

Lawfulness, Fairness, and Transparency

We process information lawfully, fairly, and in a transparent manner. This document, together with our privacy policy, explains our processing activities clearly.

Purpose Limitation

We collect personal information for specified, explicit purposes and do not process it in ways incompatible with those purposes.

Data Minimisation

We collect only the information necessary for the purposes we have identified. If we don't need certain data, we don't ask for it.

Accuracy

We take reasonable steps to ensure personal information is accurate and kept up to date. If you identify inaccuracies, please inform us so we can correct them.

Storage Limitation

We retain personal information only for as long as necessary. Our retention periods are detailed in our privacy policy and comply with regulatory requirements.

Integrity and Confidentiality

We implement appropriate security measures to protect against unauthorised processing, accidental loss, destruction, or damage.

Accountability

We maintain documentation of our processing activities and can demonstrate compliance with data protection principles.

Your Data Protection Rights

UK GDPR grants you specific rights regarding your personal information. Below we explain each right and how to exercise it.

Right to Be Informed

You have the right to clear information about how we use your data. This is provided through our privacy policy and this GDPR page.

Right of Access

You can request a copy of the personal information we hold about you. This is commonly known as a Subject Access Request. We will provide the information in a commonly used electronic format unless you request otherwise.

To make an access request, email [email protected] with sufficient detail to identify you and the information you seek. We will respond within one month.

Right to Rectification

If information we hold is inaccurate or incomplete, you can ask us to correct it. We will do so promptly and notify any third parties with whom we have shared the information.

Right to Erasure

Sometimes known as the right to be forgotten, this allows you to request deletion of your personal information in certain circumstances, such as when it is no longer necessary for the purpose collected or if you withdraw consent.

However, this right is not absolute. We may need to retain information to comply with legal obligations, defend legal claims, or for other legitimate reasons permitted by law.

Right to Restrict Processing

You can ask us to restrict how we use your information in specific situations, such as when you contest the accuracy of the data or have objected to processing based on legitimate interests while we verify whether our grounds override yours.

Right to Data Portability

Where we process your information by automated means based on your consent or to perform a contract, you can request that we provide it in a structured, machine-readable format. You can also ask us to transmit this data directly to another organisation where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. If you object to marketing, we will stop such processing immediately. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have rights regarding decisions made solely by automated means that significantly affect you. However, we do not engage in such automated decision-making.

Exercising Your Rights

To exercise any of the rights described above, please contact us using the details below. We will respond within one month, though this may be extended by two months for complex requests.

Email: [email protected]

Post: Data Protection Officer, Solar Claim Ltd, 47 Colmore Row, Birmingham, B3 2BS

To process your request efficiently, please provide sufficient information to verify your identity and specify which right you wish to exercise. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.

Special Category Data

Pension claims sometimes involve special category data as defined by UK GDPR, such as health information relevant to ill-health early retirement or information about trade union membership from occupational pension schemes.

We process special category data only where necessary for our services and where we have an appropriate lawful basis, such as explicit consent, legal claims, or substantial public interest grounds under the Data Protection Act 2018.

We apply enhanced security measures to special category data and limit access to staff who need it for their role.

Data Transfers Outside the UK

We primarily use UK-based systems and service providers. Where we transfer personal information outside the United Kingdom, we ensure appropriate safeguards are in place.

This might include using service providers in countries with an adequacy decision from the UK government or implementing standard contractual clauses approved for use in the UK.

You can request information about the safeguards applied to any specific transfer by contacting our Data Protection Officer.

Security Measures

We implement technical and organisational measures designed to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments and penetration testing
• Staff training on data protection and information security
• Incident response procedures
• Secure disposal of information when no longer required
• Contractual requirements for third-party processors

Data Breach Procedures

Despite our security measures, breaches can occasionally occur. We have procedures in place to detect, report, and investigate data breaches.

If a breach is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. If the breach poses a high risk, we will inform you directly about the breach, its likely consequences, and measures we have taken or propose to take.

We will also notify the Information Commissioner's Office within 72 hours of becoming aware of a breach that meets the reporting threshold.

Data Protection Impact Assessments

For processing activities that are likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments. These systematic assessments help us identify and minimise data protection risks.

Complaints

If you believe we have not handled your personal information properly, please contact our Data Protection Officer at [email protected]. We will investigate your concerns and respond within a reasonable timeframe.

You also have the right to lodge a complaint directly with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk

Updates to This Information

We may update this page to reflect changes in our practices or legal requirements. Material changes will be notified to affected individuals. The date at the top of this page shows when it was last revised.