Data Protection

At Fides Bridge, we are committed to protecting your personal data and respecting your privacy rights. This Data Protection Policy outlines how we collect, use, store, and protect your personal information, as well as the rights you have in relation to your data.

Our Data Protection Principles

We adhere to the following principles in our data processing activities:

• Lawfulness, fairness, and transparency in how we process personal data
• Collection of data for specified, explicit, and legitimate purposes only
• Data minimization – collecting only what's necessary for the purposes stated
• Accuracy – keeping personal data up to date and correcting inaccuracies
• Storage limitation – keeping data only as long as necessary
• Integrity and confidentiality – ensuring appropriate security of personal data
• Accountability – taking responsibility for our data processing activities

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Data Protection Policy and our privacy practices. If you have any questions about how we handle your data, including any requests to exercise your legal rights, please contact our DPO using the details below:

Your Data Protection Rights

Under data protection laws, you have rights in relation to your personal data that include the right to:

How to Exercise Your Rights

If you wish to exercise any of the rights set out above, please contact our Data Protection Officer using the contact details provided. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Our security measures include:

• Encryption of personal data in transit and at rest
• Regular testing and evaluation of the effectiveness of technical and organizational measures
• Regular security assessments and penetration testing of our systems
• Restricted access controls and authentication procedures
• Regular staff training on data protection and security
• Detailed incident response procedures

Data Breach Procedures

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Our breach response procedure includes:

• Immediate assessment of the breach and containment measures
• Evaluation of risk to individuals' rights and freedoms
• Notification to supervisory authorities within 72 hours, where applicable
• Communication to affected individuals without undue delay, when required
• Documentation of all breaches and remedial actions taken

International Transfers

We may transfer your personal data to countries outside the UK or European Economic Area (EEA). Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

• Transferring to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or UK authorities
• Using specific contracts approved by the European Commission or UK authorities that give personal data the same protection it has in Europe and the UK
• Implementing appropriate supplementary measures where necessary

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and the applicable legal requirements.

Complaints

You have the right to make a complaint at any time to your data protection authority. In the UK, this is the Information Commissioner's Office (ICO): https://ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.