GDPR Compliance

Our Commitment to GDPR

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Data Controller

For the purposes of data protection legislation, we are the data controller responsible for the personal information we collect and process.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent

When you voluntarily submit information through our enquiry forms, you provide consent for us to process that data to respond to your enquiry.

Legitimate Interests

We process certain data based on our legitimate business interests, including:

• Operating and improving our website
• Responding to enquiries and providing information about our services
• Maintaining records for business purposes

Legal Obligation

We may process data to comply with legal requirements, including tax and accounting obligations.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format, or have it transferred to another organisation.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided on our contact page. We will respond to your request within one month, though this may be extended in complex cases.

You will not usually need to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply with a request if it is clearly unfounded, repetitive, or excessive.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. We will also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom or European Economic Area. If such transfers become necessary, we will ensure appropriate safeguards are in place.

Data Protection Officer

For questions about how we handle your personal data or to exercise your data protection rights, please contact us at the address provided on our contact page.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

ICO website: www.ico.org.uk

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.