GDPR Compliance

Last updated: January 2024

Our Commitment to Data Protection

sapphire-maple is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure compliance.

Data Controller

sapphire-maple acts as the data controller for personal information collected through this website and our services. As the data controller, we determine the purposes and means of processing personal data and are responsible for ensuring compliance with data protection laws.

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. Our processing activities are based on:

• Consent: When you submit enquiry forms or subscribe to communications
• Contract: When necessary to provide services you have requested
• Legitimate Interests: When processing is necessary for our business operations and does not override your rights
• Legal Obligation: When we are required to process data by law

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will respond to valid requests within one month.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption of data in transit
• Secure storage systems
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Our retention periods are determined by:

• The nature of the data and its sensitivity
• Legal and regulatory requirements
• Contractual obligations
• Legitimate business needs

International Transfers

We primarily store and process data within the United Kingdom. If any data transfer outside the UK is necessary, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where required, we will notify the Information Commissioner's Office and affected individuals in accordance with legal requirements.

Exercising Your Rights

To exercise any of your data protection rights, please contact us using the details below. We may need to verify your identity before processing your request. We will respond to valid requests within one month, although this may be extended in complex cases.

Complaints

If you are not satisfied with how we handle your data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Contact for Data Protection Enquiries

For any questions regarding this GDPR statement or your data protection rights:

sapphire-maple
47 Greenfield Business Park
Reading, Berkshire RG2 8NQ
United Kingdom
[email protected]