Home / GDPR

GDPR Compliance

Your data protection rights under UK GDPR

crisp-wash is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we protect your rights and freedoms in relation to personal data processing.

Data Controller

crisp-wash is the data controller responsible for your personal data. Our contact details are:

crisp-wash
47 Meadow Lane
Guildford, Surrey GU2 4RT
Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides you with the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This is achieved through our Privacy Policy and this GDPR compliance page.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If the personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. Please contact us to update your information.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

Where processing is based on consent or contract, and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We aim to respond to all requests within one month.

Data Processing Principles

We adhere to the following principles when processing personal data:

  • Lawfulness, fairness and transparency: We process data lawfully and transparently
  • Purpose limitation: We collect data for specified, explicit purposes
  • Data minimisation: We only collect data that is necessary
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We process data securely
  • Accountability: We take responsibility for compliance

Legal Basis for Processing

We only process personal data when we have a valid legal basis:

  • Consent: You have given clear consent for specific purposes
  • Contract: Processing is necessary to perform our contract with you
  • Legal obligation: Processing is necessary to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Secure storage of physical and electronic records
  • Access controls limiting who can view personal data
  • Staff training on data protection
  • Regular review of security practices

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk, we will also notify affected individuals directly.

International Transfers

We primarily store and process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place as required by UK GDPR.

Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: crisp-wash.com

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: January 2024

We use cookies to enhance your browsing experience and analyse site traffic. By continuing, you agree to our use of cookies. Learn more