Our Commitment to Compliance Obligations for Storing Personal Data and Company Information in the UK

An overview of how we ensure compliance with the obligations for businesses handling personal data in the UK.

We fully adhere to UK regulations that govern the storage and management of personal data. These compliance obligations ensure that data is handled ethically and securely, with a strong focus on transparency, user consent, and accountability.
Go to GDPR Section Go to DPA Section Go to PECR Section Go to Cloud Hosting Section Go to ICO Section Go to How Companies Are Meeting Compliance

1. General Data Protection Regulation (GDPR)

We strictly adhere to the General Data Protection Regulation (GDPR), which governs the processing and storage of personal data. As part of the UK’s retained version of GDPR, we ensure compliance with the following requirements:

  • Consent: We obtain explicit consent before collecting any personal data and inform users about how their data will be used.
  • Data Minimization: We collect and store only the necessary data, ensuring that excess data is not retained.
  • Transparency: We provide clear privacy notices to explain data collection and usage practices.
  • Right to Access and Deletion: We respect individuals' rights to access and delete their personal data.
  • Data Security: We implement appropriate technical and organizational measures to protect personal data from unauthorized access.
  • Data Breaches: In the unlikely event of any data breaches we will report them within 72 hours, in compliance with the GDPR.

2. Data Protection Act 2018 (DPA 2018)

We comply with the Data Protection Act 2018, which tailors the GDPR to the UK context. Our commitment includes:

  • Special Category Data: We ensure additional protections for sensitive data such as health or religious beliefs.
  • Automated Decision Making: We provide users the right to opt-out of decisions made solely by automated processes, where applicable.

3. Privacy and Electronic Communications Regulations (PECR)

We ensure compliance with the Privacy and Electronic Communications Regulations (PECR) for electronic communications, such as emails, cookies, and online tracking technologies. Our practices include:

  • Cookies: We obtain consent before storing cookies on user devices, except for strictly necessary cookies.
  • Marketing Communications: We provide users the option to opt-in for marketing communications and make it easy for them to opt-out at any time.

4. Cloud Hosting, Encryption, and Security

For our cloud-based data storage, we take extensive measures to ensure compliance with UK data protection laws. These measures include:

  • Data Location: We ensure that data is stored in compliant jurisdictions that adhere to UK and EU regulations.
  • Data Processing Agreement (DPA): We sign a DPA with cloud providers to ensure they meet data protection standards.
  • Encryption at Rest: All data stored in the cloud is encrypted using robust encryption methods.
  • End-to-End Encryption: We use end-to-end encryption to ensure secure data transmission over the internet.

5. The Information Commissioner’s Office (ICO)

We are registered with the ICO, the UK's independent authority for data protection. As part of our commitment, we ensure compliance with their guidance and actively engage in the enforcement of data protection laws.

6. How We Are Meeting Compliance Rules

To ensure full compliance, we take several proactive measures:

  • Data Inventory and Mapping: We track and identify the data we collect and store.
  • Training: Our staff undergo regular training on data protection and cybersecurity.
  • Data Protection Impact Assessments (DPIAs): We evaluate high-risk data processing activities to ensure compliance.
  • Incident Response Plans: We have plans in place for quick response to any data breaches.