Your data protection rights under UK GDPR
Last updated: January 2024
icy-passage is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and how you can exercise your rights.
icy-passage is the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.
Contact details:
icy-passage
47 Colmore Row
Birmingham B3 2BS
Email: [email protected]
We process personal data under one or more of the following lawful bases:
You have the following rights regarding your personal data:
You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.
You have the right to request a copy of the personal data we hold about you. This is commonly known as a "Subject Access Request". We will respond within one month of receiving your request.
You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.
You have the right to request deletion of your personal data in certain circumstances, including:
You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
You have the right to object to processing based on legitimate interests or direct marketing at any time.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making.
To exercise any of your rights, please contact us at [email protected]. We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.
There is no fee for exercising your rights, although we may charge a reasonable fee for manifestly unfounded or excessive requests.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We primarily store and process data within the UK. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.