cypress-pulse

Last updated: January 2024

Our Commitment to Data Protection

cypress-pulse is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the privacy and security of your personal data seriously and have implemented appropriate measures to protect it.

This page provides detailed information about how we handle your personal data in accordance with UK GDPR requirements.

Data Controller Information

For the purposes of UK GDPR, the data controller is:

cypress-pulse
47 Whitmore Road
London, E8 2HQ
United Kingdom
Email: [email protected]

What Personal Data We Process

We may process the following categories of personal data:

Identity Data: Name
Contact Data: Email address, location/postcode
Project Data: Information about your space and requirements that you provide in enquiry forms
Technical Data: IP address, browser type, operating system, and other technical information collected automatically when you visit our website
Usage Data: Information about how you use our website

Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications.

Contract

Where processing is necessary for the performance of a contract to which you are party, or to take steps at your request before entering into a contract.

Legitimate Interests

Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include:

Responding to enquiries and providing customer service
Improving our website and services
Keeping our records up to date
Marketing our services to existing customers

Legal Obligation

Where processing is necessary for compliance with a legal obligation to which we are subject.

Your Rights Under UK GDPR

As a data subject, you have the following rights under UK GDPR:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This page and our Privacy Policy provide this information.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, including:

The data is no longer necessary for the purpose for which it was collected
You withdraw consent and there is no other lawful basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling. We do not currently engage in automated decision-making that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your rights, please contact us using the details below. We will respond to your request within one month of receipt. In some cases, we may need to verify your identity before processing your request.

There is no fee for exercising your rights, although we may charge a reasonable fee for clearly unfounded, repetitive, or excessive requests.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are based on:

The length of time we have an ongoing relationship with you
Legal or regulatory obligations that require us to retain data
The statute of limitations relevant to any potential claims

Contact enquiry data is typically retained for up to three years unless you request earlier deletion or we need to retain it for legal purposes.

Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against:

Unauthorised or unlawful processing
Accidental loss, destruction, or damage

These measures include secure data storage, access controls, and regular security assessments.

International Transfers

We primarily store and process your data within the United Kingdom. If we transfer your data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Contact Us

For any questions about this GDPR information or to exercise your data protection rights, please contact us: