GDPR Compliance

Your data protection rights explained

Our Commitment to Data Protection

spry-velocity Ltd is committed to protecting and respecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR), retained from EU GDPR, and the Data Protection Act 2018. This page provides detailed information about how we process your personal data and your rights under these regulations.

Who We Are

spry-velocity Ltd is the data controller for personal data processed in connection with our services. This means we determine the purposes and means of processing your personal data.

Data Controller: spry-velocity Ltd
Address: 47 Colmore Row, Birmingham, B3 2BS
Data Protection Contact: [email protected]

Lawful Bases for Processing

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following bases depending on the context:

Contractual Necessity

When you engage our services, we process your data to perform our contractual obligations. This includes collecting contact details to communicate with you, recording consultation notes, and maintaining service records.

Legitimate Interests

We process certain data based on our legitimate business interests, where these interests don't override your fundamental rights. This includes improving our services, maintaining security, and administrative purposes. We have conducted legitimate interests assessments for these activities.

Consent

Where required, we obtain your explicit consent before processing. This applies particularly to optional marketing communications. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Legal Obligation

Some processing is necessary to comply with legal requirements, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.

Your Individual Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear, transparent information about how we use your data. This notice, along with our Privacy Policy, fulfils this obligation.

Right of Access

You can request a copy of all personal data we hold about you. This is commonly called a Subject Access Request (SAR). We will respond within one month, providing the data in a commonly used electronic format if requested.

Right to Rectification

If any data we hold is inaccurate or incomplete, you have the right to have it corrected. We will respond to rectification requests within one month.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

Note that we may need to retain certain data for legal or legitimate business reasons.

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances, such as while we verify accuracy following a rectification request or while we consider an objection you have raised.

Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you can request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller.

Right to Object

You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects. Should this change, we will update this notice and ensure appropriate safeguards are in place.

Exercising Your Rights

To exercise any of your rights, contact us at [email protected]. To protect your privacy, we may need to verify your identity before acting on your request. We aim to respond to all legitimate requests within one month. If your request is particularly complex, we may need an additional two months, in which case we will notify you.

There is no fee for exercising your rights in most circumstances. However, we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Ability to ensure ongoing confidentiality, integrity, availability of systems
  • Ability to restore data availability following an incident
  • Regular testing and evaluation of security measures
  • Staff training on data protection obligations

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk, we will also notify affected individuals directly.

International Data Transfers

We primarily process data within the United Kingdom. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequacy decisions
  • Standard Contractual Clauses approved by relevant authorities
  • Binding Corporate Rules where applicable

Data Protection Impact Assessments

For processing activities likely to result in high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise data protection risks.

Record Keeping

We maintain records of our processing activities as required under Article 30 of the UK GDPR. These records include the purposes of processing, categories of data subjects and personal data, recipients, transfers, retention periods, and security measures.

Complaints

If you believe we have not handled your data correctly or you are unhappy with our response to any requests regarding your data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.

Updates to This Notice

We may update this GDPR notice periodically to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last revised. We encourage you to review this notice regularly.

Contact Information

For any questions about this notice or our data protection practices:

Email: [email protected]
Post: Data Protection, spry-velocity Ltd, 47 Colmore Row, Birmingham, B3 2BS