Country Annex - United Kingdom
This annex applies where Jamborow processes personal data in the UK or offers services to UK individuals.
Key framework: UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications Regulations, eIDAS-related trust rules where relevant, financial promotion rules where applicable, FCA expectations where regulated activity is involved, consumer protection and contract law.
UK privacy notice content should clearly state controller identity, purposes, lawful bases, legitimate interests, categories of data, recipients, international transfers, retention, rights, right to complain to the Information Commissioner's Office, whether data is required, and automated decision-making information.
Marketing emails, SMS and non-essential cookies should be handled under PECR and UK GDPR. Non-essential cookies require consent unless an exemption applies.
Where Jamborow introduces customers to regulated financial services, wording must be checked against FCA financial promotion and perimeter rules. Jamborow should avoid implying authorisation, deposit protection, advice, credit broking or investment activity unless authorised or exempt.