GDPR Compliance

Our commitment to data protection under UK GDPR

GDPR Compliance Statement

wolf-bridge is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations as a data controller.

Data Controller Information

Organization: wolf-bridge
Address: Woodland House, 42 Riverside Park, Exeter, Devon, EX4 7NQ, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis under Article 6 of the UK GDPR:

  • Consent: You have given clear consent for us to process your data for specific purposes
  • Contract: Processing is necessary for a contract with you
  • Legal obligation: Processing is necessary to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or those of a third party

Your Rights Under GDPR

1. Right to Be Informed

You have the right to know how we collect, use, and share your personal data. This information is provided in our Privacy Policy.

2. Right of Access

You can request access to the personal data we hold about you. We will provide this information free of charge within one month of your request.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request correction.

4. Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

5. Right to Restrict Processing

You can request that we limit how we use your personal data in specific circumstances, such as when you contest the accuracy of the data.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

7. Right to Object

You can object to processing of your personal data where we rely on legitimate interests as the legal basis. You also have the absolute right to object to processing for direct marketing purposes.

8. Rights Related to Automated Decision Making

We do not use automated decision-making or profiling in our services.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Post: wolf-bridge, Woodland House, 42 Riverside Park, Exeter, Devon, EX4 7NQ, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this period by two months and will inform you if this is necessary.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Staff training on data protection principles
  • Secure backup and disaster recovery procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document the breach, including facts, effects, and remedial action taken

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms.

Third-Party Processors

When we engage third-party processors, we ensure:

  • Written contracts are in place defining processing activities and responsibilities
  • Processors provide sufficient guarantees of GDPR compliance
  • Appropriate security measures are implemented
  • Processors only act on our documented instructions

International Data Transfers

If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the ICO
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding corporate rules for intra-organizational transfers

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to meet legal obligations. Our retention periods are documented and regularly reviewed.

Children's Data

We do not knowingly collect or process personal data from individuals under 18 years of age. Our services are directed at adults only.

Updates to Our GDPR Practices

We regularly review and update our data protection practices to ensure ongoing compliance with UK GDPR. This page will be updated to reflect any significant changes.

Complaints

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: ico.org.uk