Connect with us

Have a question or need assistance?

Get in touch using the information below

Free FX Health Check

Are you getting a fair deal?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Privacy Policy

Policy Owner: Data Protection Officer
Effective Date: 17 November 2025

1. Introduction

This Privacy Policy explains how bracket.co.uk (“we”, “us”, “our”, or “the Company”) collects, uses, processes, and protects your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable UK data protection laws.

As a B2B SaaS provider operating in the UK and EU, we are committed to protecting the security, confidentiality, and privacy of your personal data. This policy applies to all personal data we process in connection with our services.

2. Data Controller Information

Data Controller: bracket.co.uk
Registered Address: 86-90 Paul Street, London, EC2A 4NE
Email: info@bracket.co.uk
Phone: 0203 966 8312

3. Data Protection Officer (DPO)

Name: Martin Lee
Title: Data Protection Officer
Email: dpo@bracket.co.uk
Phone: 02039668312

Our DPO is responsible for monitoring compliance and handling data protection inquiries.

4. EU and UK Representatives

Name: Pierre Anderson
Address: 86-90 Paul Street, London, EC2A 4NE
Email: panderson@bracket.co.uk
Phone: 02039668312

5. Categories of Personal Data We Collect

5.1 Account and Contact Information

  • Name and job title
  • Business email address
  • Business phone number
  • Company name and address
  • Billing and payment details

5.2 Technical Information

  • IP address and device identifiers
  • Browser type and operating system
  • Login credentials
  • Usage analytics

5.3 Service Usage Data

  • Application logs
  • Feature usage patterns
  • Support history
  • Preferences and settings

5.4 Communication Data

  • Email and chat correspondence
  • Survey responses
  • Marketing preferences

6. Purposes of Processing and Legal Bases

6.1 Service Provision (Article 6(1)(b))

  • Providing SaaS services
  • Account management
  • Billing and payments
  • Customer support

6.2 Legitimate Interests (Article 6(1)(f))

  • Improving services
  • Analytics and performance monitoring
  • Security and fraud prevention
  • Business development and marketing

6.3 Legal Obligations (Article 6(1)(c))

  • Tax and accounting compliance
  • Legal and regulatory requirements
  • Record keeping

6.4 Consent (Article 6(1)(a))

  • Marketing communications
  • Optional data collection
  • Cookies and tracking technologies

6.5 Open Banking and Account Information Services

Where you connect a payment account, Bracket Group Ltd acts as an agent of Plaid Financial Ltd., an FCA-authorised payment institution (Firm Reference Number: 804718).

We and Plaid may access and process account data such as account identifiers, balances, and transactions to provide services including reporting, reconciliation, fraud prevention, and compliance.

Processing is based on your consent and/or contract performance. You are responsible for ensuring you are authorised to connect the account.

6.6 Right to Withdraw Consent

You may withdraw your consent at any time. This does not affect the lawfulness of processing carried out before withdrawal. Some services may no longer be available.

6.7 Whether You Must Provide Personal Data

Some personal data is required to provide our services and meet legal obligations. Without it, we may not be able to provide certain services.

6.8 Automated Decision-Making and Profiling

We use analytics and automated processing for fraud detection and service improvement. We do not make decisions with legal or significant effects solely based on automated processing.

7. Data Retention

  • Account Data: Duration of relationship + 7 years
  • Service Usage Data: Up to 2 years
  • Support Communications: 3 years
  • Marketing Data: Until consent withdrawn or 3 years inactivity
  • Financial Records: 7 years

We regularly review and delete data when no longer necessary.

8. Data Subject Rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing
  • Rights related to automated decision-making

9. Exercising Your Rights

Email: info@bracket.co.uk
Online Form: bracket.co.uk/privacy-request
Mail: Data Protection Officer, 86-90 Paul Street, London

We respond within one month.

9.1 Identity Verification

We may verify your identity before processing requests.

9.2 Requests by Authorized Agents

We may require proof of authorization and identity.

10. International Data Transfers

We may transfer data outside the UK and EEA with appropriate safeguards:

10.1 Safeguards

  • Adequacy decisions
  • Standard Contractual Clauses
  • Binding Corporate Rules

10.2 Processing Locations

  • United Kingdom (Azure UK South)
  • European Union (backup systems)

11. Security Measures

Technical Measures

  • Encryption at rest and in transit
  • Multi-factor authentication
  • Security monitoring and testing

Organisational Measures

  • Staff training
  • Access controls
  • Incident response procedures

Data Classification

Data is classified and protected based on sensitivity.

12. Third-Party Data Processors

We use trusted providers for:

  • Cloud hosting
  • Analytics
  • Payments
  • Communication services

All processors are bound by data protection agreements.

13. Data Breach Notification

We will:

  • Assess and contain breaches
  • Notify authorities within 72 hours where required
  • Inform affected individuals if necessary

Contact: security@bracket.co.uk

14. Cookies and Tracking Technologies

We use cookies to:

  • Enable functionality
  • Store preferences
  • Analyse usage

See: bracket.co.uk/cookies

15. Marketing Communications

We may send marketing communications based on consent or legitimate interest.

You can opt out at any time via:

16. Data Protection by Design and Default

We implement:

  • Data minimisation
  • Privacy-first defaults
  • Data Protection Impact Assessments

17. Children’s Privacy

Our services are not intended for individuals under 16. We do not knowingly collect such data.

18. Complaints and Supervisory Authority

Contact us at privacy@bracket.co.uk.

You may also contact the UK Information Commissioner’s Office (ICO):
ico.org.uk
0303 123 1113

19. Changes to This Privacy Policy

We may update this policy and will notify users of significant changes.

20. Contact Information

General: info@bracket.co.uk
Privacy: privacy@bracket.co.uk
Address: 86-90 Paul Street, London

Version History

Version: 1.0
Date: 16 March 2026
Author: Pierre Anderson
Approved By: Martin Lee

Get in Touch

Have a question or need assistance?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.