GDPR Compliance

Information on how we comply with UK GDPR

Our Commitment to GDPR Compliance

blooming-awareness is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure compliance with all applicable data protection laws.

Data Controller Information

For the purposes of UK GDPR, blooming-awareness is the data controller responsible for your personal data.

Data Controller: blooming-awareness
Address: 42 Kingsway, London WC2B 6EX, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so under UK GDPR. The lawful bases we rely on include:

  • Consent: You have given explicit consent for us to process your personal data for one or more specific purposes
  • Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

1. Right to be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.

2. Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.

3. Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

4. Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

5. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.

6. Right to Data Portability

You have the right to request that we transfer your personal data to another organization or directly to you in a structured, commonly used, and machine-readable format.

7. Right to Object

You have the right to object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

8. Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the following details:

Email: [email protected]
Subject Line: GDPR Rights Request

Please include the following information in your request:

  • Your full name and contact details
  • A clear description of which right(s) you wish to exercise
  • Any relevant details that will help us locate your data

We will verify your identity before processing your request and respond within one month. In complex cases, we may extend this period by an additional two months, and we will inform you of any such extension.

Data Security Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Incident response and breach notification procedures

Data Breach Procedures

In the event of a personal data breach, we will:

  • Assess the breach and its impact on individuals
  • Notify the Information Commissioner's Office (ICO) within 72 hours if the breach poses a risk to individuals' rights and freedoms
  • Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
  • Document all breaches and our response to them

International Data Transfers

When we transfer personal data outside the United Kingdom, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK authorities
  • Adequacy decisions confirming that the destination country provides adequate protection
  • Other legally approved transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Our retention periods are based on:

  • The nature of the data and the purposes for which it is processed
  • Legal, regulatory, or contractual obligations
  • Our legitimate business interests

Third-Party Data Processors

When we engage third-party service providers to process personal data on our behalf, we ensure that:

  • They are bound by contractual obligations to protect the data
  • They process data only on our instructions
  • They implement appropriate security measures
  • They assist us in meeting our GDPR obligations

Children's Data

We do not knowingly process personal data of children under the age of 18. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

Updates to Our GDPR Practices

We regularly review and update our data protection practices to ensure ongoing compliance with UK GDPR. Any significant changes will be communicated through our website and, where appropriate, directly to affected individuals.

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.ico.org.uk

Contact Our Data Protection Officer

For any questions or concerns regarding our GDPR compliance or your data protection rights, please contact us at [email protected]