Advertising Content

GDPR Compliance

Our commitment to UK GDPR and data protection

Our GDPR Commitment

violet-breeze.site is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting personal data and have implemented comprehensive policies and procedures to ensure compliance with all applicable data protection laws.

Data Controller Information

For the purposes of UK GDPR, violet-breeze.site acts as a data controller when processing personal information in connection with our verification services. Our contact details are:

violet-breeze.site
42 Wellington Square
Cheltenham, Gloucestershire
GL50 1HN
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so under UK GDPR. The legal grounds we rely on include:

  • Consent: We obtain explicit consent from tenant applicants before conducting verification checks. Consent can be withdrawn at any time.
  • Contractual necessity: Processing is necessary to fulfill our contractual obligations to clients who have requested verification services.
  • Legitimate interests: We process certain data based on our legitimate business interests, ensuring these do not override the rights and interests of data subjects.
  • Legal obligation: We process data to comply with legal and regulatory requirements, including record-keeping obligations.

Data Subject Rights

Under UK GDPR, individuals have the following rights regarding their personal data:

Right of Access

You have the right to request a copy of the personal information we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

If you believe that any personal information we hold about you is inaccurate or incomplete, you have the right to request correction or completion of that data.

Right to Erasure

In certain circumstances, you have the right to request deletion of your personal data. This right applies when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when there is no overriding legitimate ground for processing.

Right to Restrict Processing

You can request that we restrict how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop such processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. Our verification services involve human review and do not rely solely on automated decision making.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We will respond to all requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by up to two months, in which case we will notify you and explain the reason for the extension.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Staff training on data protection and security practices
  • Secure data storage and backup procedures
  • Incident response and data breach notification procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to individuals, we will also notify affected data subjects without undue delay.

Data Processing Records

We maintain comprehensive records of our data processing activities, including the purposes of processing, categories of data subjects and personal data, recipients of data, retention periods, and security measures. These records are available for review by the Information Commissioner's Office upon request.

Third Party Processors

When we engage third party service providers to process personal data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance and implement appropriate technical and organizational measures. We enter into written data processing agreements with all processors to ensure they handle data in accordance with UK GDPR requirements.

International Data Transfers

We process personal data within the United Kingdom. If we need to transfer personal data outside the UK, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements, such as adequacy decisions or standard contractual clauses.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can attempt to resolve the issue. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: www.ico.org.uk
Telephone: 0303 123 1113

Updates to This Information

We may update our GDPR compliance information from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised date.