GDPR Compliance

Last updated: January 2024

1. Our Commitment to GDPR

rain-martin is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page explains how we ensure compliance and outlines your rights under these regulations.

2. Data Controller Information

rain-martin acts as the data controller for personal data collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact details:
rain-martin
47 Queen Square
Bristol, BS1 4LH
United Kingdom
Email: [email protected]

3. Lawful Basis for Processing

We process personal data only when we have a valid lawful basis. The bases we rely on include:

• Consent: Where you have explicitly agreed to the processing of your personal data for specific purposes
• Contractual necessity: Where processing is necessary to perform a contract with you or take steps at your request before entering into a contract
• Legal obligation: Where processing is necessary to comply with our legal obligations
• Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided these interests do not override your fundamental rights and freedoms

4. Your Rights Under GDPR

The GDPR provides you with specific rights regarding your personal data:

4.1 Right to be Informed

You have the right to know how your data is being collected and used. Our Privacy Policy and this GDPR page provide this information.

4.2 Right of Access

You can request a copy of the personal data we hold about you. We will respond to valid requests within one month.

4.3 Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected.

4.4 Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for its original purpose
• You withdraw consent (where consent was the basis for processing)
• You object to the processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

4.5 Right to Restrict Processing

You can request that we limit how we use your data while concerns about accuracy or legitimacy are being resolved.

4.6 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.

4.7 Right to Object

You have the right to object to processing based on legitimate interests, direct marketing, or processing for research purposes.

4.8 Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling. We do not currently engage in automated decision-making that has legal or similarly significant effects.

5. Exercising Your Rights

To exercise any of your rights, please contact us using the details provided above. We may need to verify your identity before processing your request. We will respond to all valid requests within one month, though this may be extended by two months for complex requests.

6. Data Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• Secure data storage with access controls
• Encryption of data in transit
• Regular security assessments
• Staff training on data protection
• Confidentiality agreements with employees and contractors

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly.

8. International Data Transfers

We primarily process data within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with data protection legislation.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Our standard retention periods are:

• Client records: 7 years from end of engagement
• Marketing preferences: Until you withdraw consent
• Website analytics: 26 months
• Enquiry correspondence: 3 years

10. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Website: ico.org.uk

11. Updates to This Information

We may update this GDPR compliance information from time to time. Any significant changes will be communicated through our website.