vermilion-glade

Last updated: January 2024

Our Commitment to Data Protection

vermilion-glade is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure compliance with data protection legislation.

Data Controller

vermilion-glade acts as the data controller for personal information collected through our website and in the course of providing our consulting services. This means we determine the purposes and means of processing your personal data.

Contact details:
Email: [email protected]
Address: 47 Chancery Lane, London WC2A 1PL, United Kingdom

Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR notice.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is commonly referred to as a Subject Access Request (SAR). We will respond to valid requests within one month.

Right to Rectification

You have the right to request that we correct any personal data that is inaccurate or incomplete. We will make corrections without undue delay.

Right to Erasure

Also known as the "right to be forgotten", you can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we limit the way we use your personal data in certain situations, for example while we verify the accuracy of your data following a rectification request.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another organisation where technically feasible.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The lawful bases we rely on include:

Consent: You have given clear consent for us to process your personal data for a specific purpose
Contract: Processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract
Legal obligation: Processing is necessary to comply with the law
Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights

Data Security Measures

We have implemented appropriate technical and organisational measures to protect personal data against:

Accidental or unlawful destruction
Loss or alteration
Unauthorised disclosure or access

These measures are reviewed and updated regularly to ensure ongoing security.

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

Assess the risk to individuals' rights and freedoms
Report qualifying breaches to the Information Commissioner's Office (ICO) within 72 hours
Notify affected individuals without undue delay where required
Document all breaches for record-keeping purposes

International Data Transfers

If we transfer personal data outside the UK, we ensure appropriate safeguards are in place to protect your data. This may include transferring data to countries with adequacy decisions or implementing Standard Contractual Clauses.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Our retention periods are determined by:

Legal and regulatory requirements
The nature of our relationship with you
Operational needs

Exercising Your Rights

To exercise any of your rights under UK GDPR, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases or where we receive numerous requests, this period may be extended by a further two months, in which case we will inform you.

Complaints

If you are not satisfied with how we handle your personal data or your rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

This GDPR notice provides a summary of your rights and our obligations. For detailed information about how we process your personal data, please refer to our Privacy Policy. We recommend reviewing both documents to fully understand our data practices.

GDPR Compliance