GDPR Compliance

Our commitment to protecting your personal data under the UK General Data Protection Regulation.

Last updated: January 2024

Our Commitment to Data Protection

Bright Whisk Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented comprehensive measures to protect the personal data we process.

Data Controller Information

For the purposes of UK GDPR, the data controller is:

Bright Whisk Ltd
14 Greenfield Business Centre
Cambridge, CB4 2WZ
United Kingdom
Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides you with the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR compliance statement.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to valid requests within one month.

Right to Rectification

You have the right to request that we correct any personal data that is inaccurate or incomplete. We will respond to rectification requests within one month.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected, or when you withdraw consent. This right is not absolute and may be subject to legal retention requirements.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently use automated decision-making processes.

Exercising Your Rights

To exercise any of these rights, please contact us at:

  • Email: [email protected]
  • Post: Bright Whisk Ltd, 14 Greenfield Business Centre, Cambridge, CB4 2WZ

We may need to verify your identity before processing your request. We will respond to valid requests within one month, though this may be extended by a further two months for complex requests.

Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so. Our lawful bases include:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal Obligation: Processing is necessary for us to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, unless there is a good reason to protect your personal data which overrides those interests

Data Protection Principles

We adhere to the six principles of the UK GDPR:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner
  • Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes
  • Data Minimisation: We only collect personal data that is adequate, relevant, and limited to what is necessary
  • Accuracy: We keep personal data accurate and up to date
  • Storage Limitation: We retain personal data only for as long as necessary
  • Integrity and Confidentiality: We process personal data securely using appropriate technical and organisational measures

Data Security Measures

We have implemented appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication procedures
  • Regular security assessments and updates
  • Staff training on data protection
  • Secure disposal of data when no longer required

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

  • Assess the risk to individuals' rights and freedoms
  • Notify the Information Commissioner's Office within 72 hours where required
  • Notify affected individuals without undue delay where there is a high risk to their rights and freedoms
  • Document all breaches and our response

International Data Transfers

We primarily process and store personal data within the United Kingdom. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing, you consent to our use of cookies. Learn more