GDPR Information

Our commitment to data protection and your rights under UK GDPR.

Last updated: January 2024

Our Commitment to Data Protection

radiant-fjord is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about how we meet our obligations and protect your rights as a data subject.

Data Controller

radiant-fjord acts as the data controller for personal information collected through this website and our services. As the data controller, we determine the purposes and means of processing personal data and are responsible for ensuring compliance with data protection legislation.

Contact details:
radiant-fjord
47 Riverside Walk
Guildford, Surrey, GU1 4QP
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a valid legal basis to do so. The lawful bases we rely upon include:

Consent

Where you have given explicit consent for specific processing activities, such as receiving marketing communications or allowing certain cookies. You may withdraw consent at any time by contacting us or using the provided opt-out mechanisms.

Contract Performance

Processing necessary to fulfil our contractual obligations to you, including delivering services you have purchased, managing your account, and providing customer support.

Legitimate Interests

Processing necessary for our legitimate business interests, provided these do not override your fundamental rights. This includes improving our services, ensuring security, and conducting business analytics. We always balance our interests against potential impacts on your privacy.

Legal Obligation

Processing required to comply with legal requirements, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.

Your Data Subject Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to be Informed

You have the right to know how we collect and use your personal data. This page, along with our Privacy Policy, fulfils this obligation.

Right of Access

You may request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request correction. We will address such requests within one month.

Right to Erasure

Also known as the "right to be forgotten", you may request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected or when you withdraw consent.

Right to Restrict Processing

You may request that we limit how we use your data while we investigate a concern you have raised or where you contest the accuracy of your data.

Right to Data Portability

Where processing is based on consent or contract performance, you may request that we provide your data in a structured, commonly used, machine-readable format for transfer to another organisation.

Right to Object

You may object to processing based on legitimate interests at any time. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

Exercising Your Rights

To exercise any of your data subject rights, please contact us at [email protected]. When making a request, please provide:

  • Your full name and contact details
  • A description of the right you wish to exercise
  • Any relevant details that will help us locate your data

We may need to verify your identity before processing your request. In most cases, we will respond within one month. If your request is complex or we receive multiple requests, we may extend this period by up to two additional months, in which case we will notify you.

Data Protection Measures

We implement robust technical and organisational measures to protect personal data:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and updates
  • Staff training on data protection practices
  • Secure disposal procedures for data no longer needed
  • Incident response procedures for potential data breaches

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

International Data Transfers

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place. This may include:

  • Transfers to countries with adequacy decisions
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules

Data Protection Impact Assessments

For processing activities that are likely to result in high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate risks before processing begins.

Third-Party Processors

When we engage third-party service providers to process personal data on our behalf, we:

  • Conduct due diligence to ensure they provide sufficient guarantees
  • Enter into written contracts that meet Article 28 requirements
  • Ensure processors only act on our documented instructions
  • Require them to assist us in meeting our GDPR obligations

Record Keeping

We maintain records of our processing activities as required by Article 30 of the UK GDPR, including:

  • Categories of data processed
  • Purposes of processing
  • Categories of recipients
  • Data retention periods
  • Security measures in place

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: radiant-fjord.com

Updates to This Information

We review our data protection practices regularly and may update this page accordingly. Significant changes will be communicated through our website.

We use cookies to enhance your browsing experience and analyse site traffic. By clicking "Accept All", you consent to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Required for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness.