Information on this site is advertising in nature

GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Last updated: January 2024

Our Commitment to GDPR Compliance

rustic-osprey is committed to ensuring compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We recognise the importance of protecting personal data and respecting the privacy rights of individuals who interact with our services.

Data Controller Information

For the purposes of the GDPR, rustic-osprey acts as the data controller for personal data collected through our website and in connection with our services.

Contact details:
rustic-osprey
14 Innovation Way
London, EC2A 4BH
United Kingdom
Email: [email protected]

Your Rights Under GDPR

The GDPR provides you with specific rights regarding your personal data. We are committed to honouring these rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month and provide the information free of charge. In certain circumstances, we may charge a reasonable administrative fee for repetitive or manifestly unfounded requests.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data. We will address such requests within one month.

Right to Erasure

Also known as the "right to be forgotten," you may request the deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • The data has been unlawfully processed
  • You object to processing and there are no overriding legitimate grounds

Right to Restriction of Processing

You may request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing pending verification of legitimate grounds.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing for that purpose immediately.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

Exercising Your Rights

To exercise any of your rights under the GDPR, please contact us using the details provided above. We will verify your identity before processing your request. We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by up to two months, informing you of the extension and reasons for it.

Data Processing Activities

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal bases we rely upon include:

  • Consent: Where you have given explicit consent for specific processing activities
  • Contractual necessity: Where processing is necessary for the performance of a contract or to take pre-contractual steps at your request
  • Legitimate interests: Where we have legitimate business interests that do not override your fundamental rights and freedoms
  • Legal compliance: Where processing is necessary to comply with our legal obligations

Data Minimisation

We collect only the personal data that is necessary for the specified purposes. We regularly review the data we hold and delete information that is no longer required.

Data Accuracy

We take reasonable steps to ensure that personal data is accurate and kept up to date. We encourage you to inform us if your personal data changes or if you believe the data we hold is inaccurate.

Storage Limitation

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Specific retention periods are detailed in our Privacy Policy.

International Data Transfers

Where we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place to protect the data, such as standard contractual clauses approved by relevant authorities or adequacy decisions.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Supervisory Authority

If you are dissatisfied with how we handle your personal data or our response to a request, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: ico.org.uk

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing to use this site, you consent to our use of cookies. Read our Cookie Policy for more information.