GDPR Compliance

Our Commitment to Data Protection

beige-ocean is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognise that protecting personal data is both a legal obligation and a matter of trust between us and our clients.

Data Controller

beige-ocean acts as the data controller for personal information collected through our website and during the provision of our services. We determine how and why your data is processed.

Data Controller Contact:
beige-ocean
Meadowbank House, 47 Riverside Quarter
Bristol BS1 6ED
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis:

• Consent: When you explicitly agree to processing, such as submitting an enquiry form
• Contract: When processing is necessary to fulfill a service you have requested
• Legal obligation: When we must process data to comply with the law
• Legitimate interests: When processing is necessary for our business operations, provided it does not override your rights and freedoms

Your GDPR Rights

You have the following rights regarding your personal data:

Right to be Informed

You have the right to clear, transparent information about how we use your data. This information is provided in our Privacy Policy.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.

Right to Rectification

If your data is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data when:

• It is no longer necessary for the purpose it was collected
• You withdraw consent
• You object to processing and there is no overriding legitimate interest
• Data has been unlawfully processed
• Erasure is required to comply with a legal obligation

Note: We may retain data when legally required, such as for professional indemnity or tax purposes.

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. Please include:

• Your full name
• Email address associated with your enquiry or project
• Clear description of your request
• Proof of identity (if required for security purposes)

We will respond within one month. In complex cases, we may extend this by two additional months, and we will inform you if this is necessary.

Data Protection Measures

We implement technical and organisational security measures to protect your data:

• Secure data storage with encryption
• Access controls limiting who can view personal data
• Regular security assessments
• Staff training on data protection obligations
• Secure disposal of data when no longer needed

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours
• Inform affected individuals without undue delay
• Document the breach and our response
• Take steps to prevent future breaches

Data Processors

We work with third-party service providers who process data on our behalf (data processors). These include:

• Website hosting providers
• Email service platforms
• IT support services

All processors are carefully selected and contractually bound to GDPR compliance. We ensure they implement appropriate security measures and only process data according to our instructions.

International Data Transfers

Where possible, we store and process data within the United Kingdom. If data is transferred outside the UK, we ensure adequate protections are in place, such as:

• Adequacy decisions recognising equivalent data protection standards
• Standard contractual clauses approved by the ICO
• Other legally recognised safeguards

Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

Complaints

If you believe your data protection rights have been violated, you can lodge a complaint with:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Updates to GDPR Practices

We regularly review our data protection practices to ensure ongoing compliance with GDPR and evolving regulations. Changes will be reflected in our policies and communicated as appropriate.