GDPR Compliance

Last Updated: May 14, 2026

Our Commitment to GDPR

Cambridge Youth Finance is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your data protection rights seriously and have implemented measures to ensure compliance.

Data Controller

For the purposes of data protection legislation, Cambridge Youth Finance is the data controller responsible for your personal data.

Cambridge Youth Finance
17 Market Hill
Cambridge CB2 3NJ
United Kingdom
Email: [email protected]

Legal Basis for Processing

We process your personal data under the following legal bases:

Your GDPR Rights

Under the UK GDPR, you have the following rights:

1. Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

2. Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

3. Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

4. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

5. Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

6. Right to Data Portability

You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

7. Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month of receipt. In some cases, we may extend this period by two further months where requests are complex or numerous.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means.

International Transfers

Your personal data is stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Complaints

If you believe we have not handled your personal data in accordance with the UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us at [email protected].