GDPR Compliance Statement

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable UK data protection legislation.

Data Controller

For the purposes of data protection legislation, we act as the data controller for personal information collected through this website and our business operations. We determine how and why your personal data is processed.

Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to fulfil our contractual obligations to you
• Legitimate Interests: When we have a legitimate business interest that does not override your fundamental rights
• Legal Obligation: When we must process data to comply with legal requirements

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data under certain conditions
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Rights Related to Automated Decision Making: Protection from solely automated decisions with legal or significant effects

Data Security Measures

We implement appropriate technical and organisational security measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit and at rest where appropriate
• Regular security assessments and updates
• Access controls limiting data access to authorised personnel only
• Staff training on data protection principles and practices

Data Transfers

We process personal data within the United Kingdom. If we transfer data outside the UK or European Economic Area, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

Data Protection Officer

For questions about how we process your personal data or to exercise your GDPR rights, please contact us at: [email protected]

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Contact details are available at www.ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our data processing practices or legal requirements. Significant changes will be communicated through our website.