Overview
We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines how we comply with these regulations.
Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
- Legitimate Interests: Processing is necessary for our legitimate interests in operating and improving our business
- Consent: You have given clear consent for us to process your personal data for specific purposes
Data Controller
The data controller responsible for your personal information is:
gladiator-shroud
142 Kensington High Street
London, W8 7RL
United Kingdom
Your GDPR Rights
Under GDPR, you have the following rights:
Right to Access
You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies if your request is manifestly unfounded or excessive.
Right to Rectification
You have the right to request correction of any inaccurate personal data we hold about you. You also have the right to request completion of incomplete data.
Right to Erasure
You have the right to request deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.
Right to Restrict Processing
You have the right to request restriction of processing your personal data under certain conditions, such as when you contest the accuracy of the data.
Right to Data Portability
You have the right to request transfer of your personal data to another organisation or directly to you under certain conditions.
Right to Object
You have the right to object to processing of your personal data under certain conditions, particularly when processing is based on legitimate interests.
Data Protection Principles
We ensure that all personal data is:
- Processed lawfully, fairly, and transparently
- Collected for specified, explicit, and legitimate purposes
- Adequate, relevant, and limited to what is necessary
- Accurate and kept up to date
- Kept in a form that permits identification for no longer than necessary
- Processed in a manner that ensures appropriate security
Data Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Regular security assessments
- Access controls and authentication
- Staff training on data protection
- Regular backup procedures
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, where feasible.
International Data Transfers
We do not transfer your personal data outside the United Kingdom or European Economic Area. Should this change, we will ensure appropriate safeguards are in place.
Exercising Your Rights
To exercise any of your GDPR rights, please contact us at:
Email: [email protected]
We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.
Right to Complain
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113