GDPR Compliance

Last updated: January 2024

bluefin-cipher Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about how we fulfil our obligations under data protection legislation.

Data Controller

bluefin-cipher Ltd acts as the data controller for personal information collected through our website and services. This means we determine how and why your personal data is processed.

Data Controller: bluefin-cipher Ltd
Address: 47 Colmore Row, Birmingham, B3 2BS
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a valid lawful basis. The bases we rely on include:

Performance of Contract

When you engage our services, we process your data to deliver those services. This includes scheduling consultations, preparing materials, and following up on agreed actions.

Legitimate Interests

We may process data where it serves our legitimate business interests, provided these do not override your fundamental rights. Examples include improving our services, maintaining security, and communicating about relevant offerings.

Consent

For certain processing activities, we seek your explicit consent. You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Legal Obligation

We may need to process your data to comply with legal requirements, such as tax reporting or responding to lawful requests from authorities.

Your Data Protection Rights

Under UK GDPR, you have several rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of receiving a valid request, free of charge in most circumstances.

Right to Rectification

If you believe any personal data we hold is inaccurate or incomplete, you can ask us to correct it. We will respond to such requests promptly.

Right to Erasure

In certain circumstances, you can ask us to delete your personal data. This applies when the data is no longer necessary for its original purpose, you withdraw consent, or you object to processing and there are no overriding legitimate grounds.

Right to Restrict Processing

You can ask us to limit how we use your data. This might apply while we verify the accuracy of data you've contested, or if processing is unlawful but you prefer restriction over erasure.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, machine-readable format to transfer to another provider.

Right to Object

You can object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

We do not currently make decisions based solely on automated processing that significantly affect you. If this changes, we will inform you and provide information about the logic involved.

Data Protection Measures

We implement various technical and organisational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Access controls ensuring only authorised personnel can view data
  • Regular security assessments and updates
  • Staff training on data protection principles
  • Secure disposal of data when no longer needed

International Transfers

We primarily store and process data within the United Kingdom. If any data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office.

Data Breach Procedures

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach poses a high risk to you, we will also notify you directly and promptly.

Children's Data

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

Record Keeping

We maintain records of our processing activities as required by Article 30 of UK GDPR. These records document the categories of data processed, purposes, retention periods, and security measures in place.

Exercising Your Rights

To exercise any of your data protection rights, please contact us:

Email: [email protected]
Post: bluefin-cipher Ltd, 47 Colmore Row, Birmingham, B3 2BS

We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this by a further two months, but we will inform you if this is the case.

Complaints

If you are dissatisfied with how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue. However, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

We use cookies to enhance your experience. By continuing to visit this site, you agree to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Essential for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements.

Functional Cookies

Enable enhanced functionality and personalisation.