GDPR Compliance

Last updated: 15 April 2024

This page provides detailed information about how verdrym-escape Ltd complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take data protection seriously and are committed to transparent, lawful processing of personal information.

Our Commitment

verdrym-escape Ltd processes personal data in accordance with the principles set out in data protection legislation. We are committed to:

• Processing data lawfully, fairly, and transparently
• Collecting data only for specified, explicit purposes
• Keeping data accurate and up to date
• Storing data securely and no longer than necessary
• Respecting and upholding your rights as a data subject

Data Controller Information

verdrym-escape Ltd is the data controller for personal information processed through our website and services.

Registered address: 47 Clerkenwell Road, London EC1M 5RS
Company number: 09847362
ICO registration: ZA748291
Data protection contact: [email protected]

Your Data Subject Rights

Under UK GDPR, you have the following rights concerning your personal data:

Right to Be Informed

You have the right to know how your data is being collected and used. This information is provided through our Privacy Policy and this GDPR page. When we collect data directly from you, we explain our purposes at the time of collection.

Right of Access

You can request a copy of all personal data we hold about you. This is commonly called a Subject Access Request (SAR). We will provide this information free of charge within one month of your request. If requests are complex or numerous, we may extend this by two months with explanation.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request correction. We will update records within one month of receiving your request with sufficient information to locate and verify the data.

Right to Erasure

Also known as the "right to be forgotten", you may request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for its original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data was processed unlawfully

Note that we may need to retain certain data for legal or contractual obligations.

Right to Restrict Processing

You can ask us to limit how we use your data while we address concerns about accuracy, lawfulness, or your objection to processing. During restriction, we will store but not actively process your data.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request your data in a commonly used, machine-readable format. You may also request direct transfer to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. For marketing, we will stop processing immediately. For legitimate interests, we will stop unless we can demonstrate compelling grounds that override your interests.

Rights Related to Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. If this changes, you would have the right to human intervention, to express your point of view, and to contest decisions.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected] with:

• Your name and contact details
• A clear description of which right you wish to exercise
• Any information that helps us locate your data
• Proof of identity (we may request this to protect your data from unauthorised access)

We will acknowledge your request within 5 working days and provide a full response within one month.

Lawful Bases for Processing

We process personal data under the following lawful bases:

Contract Performance

Processing necessary to fulfil our service agreements with clients, including contractor searches, quote comparisons, and project monitoring.

Legitimate Interests

Processing that supports our business operations while respecting your rights, such as:

• Improving our services based on usage patterns
• Maintaining security of our systems
• Marketing our services to existing clients
• Managing our contractor network

Legal Obligation

Processing required by law, including financial record-keeping, responding to legal requests, and regulatory compliance.

Consent

For certain activities such as marketing communications to non-clients or optional cookies, we rely on your explicit consent, which you may withdraw at any time.

Data Protection Measures

We implement appropriate technical and organisational measures including:

• Encryption of personal data in transit and at rest
• Role-based access controls limiting data access to authorised personnel
• Regular security audits and vulnerability assessments
• Staff training on data protection responsibilities
• Data processing agreements with third-party processors
• Privacy impact assessments for new processing activities

Data Breach Procedures

We maintain procedures to detect, investigate, and report personal data breaches. Where a breach is likely to result in a risk to your rights, we will notify the ICO within 72 hours. If the breach poses high risk to you, we will inform you directly without undue delay.

International Data Transfers

We primarily store and process data within the UK and EEA. Where data transfers to other jurisdictions occur (for example, through cloud service providers), we ensure adequate safeguards through:

• Standard Contractual Clauses approved by the ICO
• Transfers to countries with adequacy decisions
• Binding corporate rules where applicable

Children's Data

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will delete it promptly.

Complaints

If you believe we have not handled your data correctly, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
ico.org.uk

Updates

This GDPR compliance page may be updated to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.