Our commitment to data protection
We are committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals whose personal data we process. This page outlines how we fulfill our obligations under the GDPR.
For the purposes of GDPR, we are the data controller of the personal information you provide to us. Our contact details are:
thicket-ibex
45 Clerkenwell Road
London, EC1M 5RS
United Kingdom
Email: [email protected]
The GDPR grants you specific rights regarding your personal data. These include:
You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.
You have the right to request correction of any information you believe is inaccurate or to complete information you believe is incomplete.
You have the right to request deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.
You have the right to request that we restrict processing of your personal data under specific circumstances, such as when you contest the accuracy of the data.
You have the right to object to our processing of your personal data under certain conditions, particularly where we rely on legitimate interests as our legal basis.
You have the right to request transfer of the data we have collected to another organization, or directly to you, under certain conditions.
We process personal data only when we have a lawful basis to do so. The lawful bases we rely on include:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, whether we can achieve those purposes through other means, and applicable legal requirements.
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
We primarily process and store data within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.
We do not use automated decision-making or profiling in ways that produce legal effects concerning you or similarly significantly affect you.
To exercise any of your rights under GDPR, please contact us using the details provided above. We will respond to your request within one month, though we may extend this period by two further months where necessary, taking into account the complexity and number of requests.
We will not charge a fee for processing your request unless it is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
If you believe we have not complied with your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Please check this page regularly to stay informed about how we protect your data.