GDPR Compliance

Last updated: January 2024

1. Our Commitment to GDPR

beige-ocean is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides information about how we handle personal data in accordance with these regulations.

2. Data Controller

beige-ocean is the data controller for personal data collected through our website and in the course of providing ecological consulting services. This means we determine the purposes and means of processing your personal data.

Contact details:
beige-ocean
47 Greenfield Way
Bristol BS8 4TN
Email: [email protected]

3. Lawful Basis for Processing

We process personal data on one or more of the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications.
• Contract: Where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.
• Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided these are not overridden by your interests, rights and freedoms.

4. Your Rights Under GDPR

Under UK GDPR, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service in certain circumstances.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, including processing for direct marketing purposes.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

5. How to Exercise Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

We may need to verify your identity before processing your request. If we cannot verify your identity, we may ask for additional information.

6. Data Protection Principles

We adhere to the following principles when processing personal data:

• Lawfulness, fairness and transparency: We process data lawfully, fairly and in a transparent manner.
• Purpose limitation: We collect data for specified, explicit and legitimate purposes.
• Data minimisation: We ensure data is adequate, relevant and limited to what is necessary.
• Accuracy: We keep personal data accurate and up to date.
• Storage limitation: We retain data only for as long as necessary.
• Integrity and confidentiality: We process data securely using appropriate technical and organisational measures.

7. Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data where appropriate
• Regular testing and evaluation of security measures
• Staff training on data protection
• Access controls limiting who can access personal data
• Secure backup and recovery procedures

8. Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

• Detect and identify breaches promptly
• Contain and recover from breaches
• Assess the risk to individuals
• Notify the Information Commissioner's Office within 72 hours where required
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms

9. International Transfers

We do not routinely transfer personal data outside the United Kingdom. If any transfer becomes necessary, we will ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

10. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

11. Updates to This Notice

We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.