Last updated: January 2024
fluffy-river is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we handle your personal data in accordance with these regulations.
fluffy-river acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.
Contact details:
fluffy-river
47 Willow Gardens
Harrogate, HG2 8LP
United Kingdom
Email: [email protected]
We process personal data under the following lawful bases:
Under the UK GDPR, you have the following rights:
You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of receiving your request.
You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.
You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently use automated decision-making.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by a further two months, but we will notify you if this is the case.
We may need to verify your identity before processing your request. There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We primarily store and process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.
Given the scale of our data processing activities, we are not required to appoint a Data Protection Officer. However, any data protection queries can be directed to [email protected].
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.