Terms & Policies

 

Privacy Policy

1. Introduction

This Privacy Policy explains how HSC Futures Ltd (“we”, “us”, “our”) collects, uses, stores, and protects personal data. Personal data means any information that identifies, or can identify, an individual.

We are committed to handling personal data lawfully, fairly, and transparently in accordance with:

  • the UK General Data Protection Regulation (UK GDPR),

  • the Data Protection Act 2018, and

  • the Data (Use and Access) Act 2025.

This policy applies to customers, website users, suppliers, and anyone whose personal data we process.

2. Who We Are

HSC Futures Ltd
Registered Office: 75 London Road, Kilmarnock, Scotland, KA3 7BP

Email: dataprotection@hscfutures.co.uk
Telephone: 0345 0177 480

Our data protection contact for all queries is Diane Tinline.

Website: https://www.hscfutures.co.uk

For the purposes of data protection law, we act as a Data Controller.

3. Personal Data We Collect

We may collect and process the following types of personal data:

Identity and Contact Data

  • Name, title, date of birth

  • Postal address, email address, telephone numbers

Financial and Transaction Data

  • Bank account and payment card details

  • Records of payments and services purchased

Technical Data

  • IP address

  • Browser type and version

  • Time zone and location

  • Device and operating system information

Profile and Usage Data

  • Account details and login information

  • Preferences, feedback, survey responses

  • Information about how you use our website and services

Marketing and Communications Data

  • Your preferences for receiving marketing communications

We do not routinely process special category personal data (such as health information) or data relating to criminal convictions.

4. How We Collect Personal Data

We collect personal data:

  • Directly from you when you contact us, register for services, or communicate with us

  • When you use our website or web chat

  • From payment providers or other service partners where necessary to deliver services

5. How We Use Personal Data and Our Lawful Bases

We only process personal data where permitted by law. Lawful bases include:

Purpose

Lawful Basis

Providing services

Performance of a contract

Managing payments and accounts

Contract / Legal obligation

Responding to enquiries

Legitimate interests

Improving services

Legitimate interests

Marketing communications

Consent or legitimate interests

The Data (Use and Access) Act 2025 clarifies certain legitimate interests and reduces unnecessary administrative barriers, which we rely on where appropriate.

6. Sharing Personal Data

We may share personal data with:

  • Payment service providers

  • IT and system providers

  • Professional advisers

  • Regulators or authorities where legally required

All third parties are required to:

  • Keep data secure

  • Use it only for agreed purposes

  • Act in accordance with data protection law

We do not allow service providers to use personal data for their own purposes.

7. International Transfers

We primarily process personal data within the UK.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place. Under the Data (Use and Access) Act 2025, transfers may take place where data protection standards are not materially lower than those in the UK.

8. Data Security

We use appropriate technical and organisational measures to protect personal data from:

  • Loss

  • Unauthorised access

  • Misuse or disclosure

Access to personal data is restricted to those who need it for legitimate business purposes. All staff and contractors are subject to confidentiality obligations.

We have procedures in place to detect, manage, and report personal data breaches in line with legal requirements.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Provide services

  • Meet legal and regulatory requirements

  • Handle complaints or disputes

Retention periods are reviewed regularly and based on applicable legal obligations.

10. Marketing

We may contact you with information about our services where permitted by law.

You can opt out of marketing communications at any time by contacting us or using unsubscribe links.

We will obtain explicit consent before sharing personal data with third parties for marketing purposes.

11. Your Rights

You have rights under data protection law, including the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion of data

  • Restrict or object to processing

  • Withdraw consent at any time

  • Request data portability where applicable

Subject Access Requests

Requests should be made to dataprotection@hscfutures.co.uk.

We normally respond within one month. For complex requests, the Data (Use and Access) Act 2025 allows reasonable extensions, which we will explain where applicable.

12. Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can address your concerns.

You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk