GDPR Compliance

Our commitment to data protection

Our GDPR Commitment

beige-ferret is committed to complying with the General Data Protection Regulation (GDPR) and UK data protection laws. We take your privacy seriously and have implemented measures to ensure your personal data is processed lawfully, fairly, and transparently.

Data Controller Information

beige-ferret is the data controller responsible for your personal data. Our contact details:

beige-ferret
27 Princess Victoria Street
Clifton, Bristol BS8 4BX
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data based on one or more of the following lawful bases:

  • Consent: You have given clear consent for us to process your data for specific purposes
  • Contract: Processing is necessary to fulfill a contract with you or to take steps before entering into a contract
  • Legal obligation: Processing is necessary to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests, provided your rights do not override those interests

Your GDPR Rights

Under the GDPR, you have comprehensive rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your data in certain circumstances, such as when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restriction

You can request that we restrict processing of your data in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal or similarly significant effects. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. Please include:

  • Your full name and contact information
  • Details of the specific right you wish to exercise
  • Any relevant information to help us locate your data

We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of any delay.

Data Protection Principles

We adhere to the six key principles of GDPR:

  • Lawfulness, fairness, and transparency: We process data lawfully and are transparent about how we use it
  • Purpose limitation: We collect data for specific, explicit, and legitimate purposes
  • Data minimisation: We only collect data that is necessary for our purposes
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures to protect your data

Data Security Measures

We implement appropriate technical and organisational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls limiting who can view personal data
  • Staff training on data protection practices
  • Secure backup procedures

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Document the breach and our response in accordance with GDPR requirements

Third-Party Processors

When we use third-party service providers to process data on our behalf, we ensure:

  • They provide sufficient guarantees of GDPR compliance
  • Data processing agreements are in place
  • They process data only on our instructions
  • Appropriate security measures are implemented

International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure adequate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions recognising equivalent data protection
  • Binding corporate rules for intra-group transfers

Consent Management

When we rely on consent as our lawful basis for processing, we ensure:

  • Consent is freely given, specific, informed, and unambiguous
  • You can withdraw consent at any time
  • Withdrawal is as easy as giving consent
  • We keep records of consent

Children's Data

Our services are not directed at children under 16. If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

Complaints

If you have concerns about how we handle your personal data, please contact us first at [email protected]. We will investigate and respond to your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Information

We review our GDPR compliance regularly and update this information as necessary. The last update was on 29 May 2026.