GDPR Compliance
Our commitment to protecting your personal data under UK data protection law
Last updated: January 2024
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 set out requirements for how organisations must handle personal data. This page explains how vivid-daisy Technology Services Ltd complies with these regulations and outlines your rights.
Our Role as Data Controller
For the personal data we collect and process in relation to our services, we act as the data controller. This means we determine the purposes and means of processing your personal information and are responsible for ensuring it is handled lawfully.
Data Controller: vivid-daisy Technology Services Ltd
Company Number: 10284573
Registered Address: Unit 14, Parkside Business Centre, 47 Marchwood Road, London SE15 4QJ
Lawful Basis for Processing
We only process personal data when we have a valid legal basis to do so. The lawful bases we rely upon include:
Contractual Necessity
When you engage our services, we need to process certain information to fulfil our agreement with you. This includes your contact details, device information, and payment details necessary to provide the service you requested.
Legitimate Interests
We may process data based on our legitimate business interests, provided these do not override your fundamental rights. Examples include maintaining records of completed work, improving our services based on feedback, and protecting against fraudulent activity.
Legal Obligations
Certain processing is required to comply with legal requirements, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.
Consent
Where required, we obtain your explicit consent before processing. You may withdraw consent at any time, though this will not affect the lawfulness of processing carried out before withdrawal.
Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge in most circumstances.
Right to Rectification
If the information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make corrections within one month of being notified.
Right to Erasure
You may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent. This right does not apply where we have a legal obligation to retain data.
Right to Restrict Processing
You can ask us to limit how we use your data while you contest its accuracy, object to processing, or where processing is unlawful but you prefer restriction over erasure.
Right to Data Portability
Where processing is based on consent or contract, you can request your data in a structured, commonly used format and have it transferred to another organisation where technically feasible.
Right to Object
You can object to processing based on legitimate interests at any time. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.
Rights Related to Automated Decision-Making
You have rights concerning automated decisions that significantly affect you. We do not currently use automated decision-making in relation to our services.
Data Processing Activities
We process personal data for the following purposes:
- Providing technology repair and support services
- Managing client relationships and communications
- Processing payments and maintaining accounts
- Improving our services and website
- Complying with legal and regulatory requirements
Data Transfers
We primarily process data within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office.
Data Security Measures
We implement technical and organisational measures to protect personal data, including:
- Encryption of data during transmission and storage
- Access controls based on role and necessity
- Regular security reviews and vulnerability assessments
- Staff training on data protection responsibilities
- Secure disposal of data when no longer required
Data Breach Procedures
In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware. Where a breach poses a high risk to affected individuals, we will also notify them directly without undue delay.
Exercising Your Rights
To exercise any of your data protection rights, please contact us:
Email: [email protected]
Post: Data Protection Officer, vivid-daisy Technology Services Ltd, Unit 14, Parkside Business Centre, 47 Marchwood Road, London SE15 4QJ
We will respond to valid requests within one month. In complex cases, we may extend this by a further two months, but will inform you of any extension within the initial month.
Complaints
If you are dissatisfied with how we have handled your personal data or responded to your rights request, please contact us first so we can address your concerns. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Updates to This Notice
We review this compliance notice periodically and will update it when our practices change or when required by law. The date at the top of this page indicates when it was last revised.