GDPR Compliance Statement

Last updated: January 2024

blueverge-haven is committed to protecting the privacy and security of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection compliance.

Our Role as Data Controller

For personal data collected through our website and direct business interactions, blueverge-haven acts as the data controller. This means we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with data protection requirements.

When providing consultancy services, we may also act as a data processor on behalf of our clients, processing personal data according to their instructions and contractual agreements.

Data Protection Principles

We adhere to the core principles set out in UK GDPR:

  • Lawfulness, fairness, and transparency: We process data only when we have a valid legal basis and communicate clearly about our practices
  • Purpose limitation: Data is collected for specified, explicit purposes and not processed in ways incompatible with those purposes
  • Data minimisation: We collect only the information necessary for our stated purposes
  • Accuracy: We take reasonable steps to ensure data remains accurate and up to date
  • Storage limitation: Personal data is retained only as long as necessary
  • Integrity and confidentiality: Appropriate security measures protect against unauthorised processing, loss, or damage
  • Accountability: We maintain records and can demonstrate compliance with these principles

Lawful Bases for Processing

We rely on the following legal bases when processing personal data:

Contract Performance

Processing necessary to fulfil our contractual obligations when you engage our services, including project delivery, invoicing, and ongoing support.

Legitimate Interests

Processing that supports our business operations where this does not override your fundamental rights. Examples include maintaining client relationships, improving our services, and basic website analytics.

Consent

Where you have given clear consent for specific processing activities, such as receiving marketing communications. Consent can be withdrawn at any time.

Legal Obligation

Processing required to comply with applicable laws, such as financial record-keeping requirements or responding to valid legal requests.

Your Rights Under UK GDPR

The regulation provides you with specific rights regarding your personal data:

Right to Be Informed

You have the right to clear information about how we process your data. Our Privacy Policy and this page aim to provide that transparency.

Right of Access

You may request a copy of the personal data we hold about you. We will respond to such requests within one month.

Right to Rectification

If any information we hold is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure

In certain circumstances, you may request that we delete your personal data. This right is not absolute and may be subject to legal retention requirements.

Right to Restrict Processing

You may request that we limit how we use your data while concerns about accuracy or processing legitimacy are resolved.

Right to Data Portability

Where processing is based on consent or contract and carried out automatically, you may request your data in a commonly used, machine-readable format.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling grounds.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such processing.

Exercising Your Rights

To make a request regarding your personal data, please contact us using the details below. We may need to verify your identity before processing your request.

Requests will typically be handled free of charge. However, we may charge a reasonable fee for manifestly unfounded or excessive requests, or where multiple copies are requested.

We aim to respond to all valid requests within one calendar month. This period may be extended by up to two additional months for complex requests, in which case we will inform you of the delay and the reasons.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Secure disposal of data when no longer required
  • Incident response procedures for potential data breaches

International Data Transfers

Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place. This may include:

  • Transfers to countries with adequacy decisions from the UK government
  • Standard contractual clauses approved by the Information Commissioner's Office
  • Other mechanisms permitted under UK GDPR

Data Breach Notification

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware. Where the breach is likely to result in high risk to affected individuals, we will also notify those individuals directly.

Third-Party Processors

When we engage third parties to process personal data on our behalf, we ensure contractual arrangements require them to:

  • Process data only on our documented instructions
  • Ensure confidentiality of personnel with access to data
  • Implement appropriate security measures
  • Obtain our approval before engaging sub-processors
  • Assist us in responding to data subject requests
  • Delete or return data at the end of the service relationship

Contact Information

For any questions about our GDPR compliance or to exercise your data protection rights:

Data Protection Contact
blueverge-haven
47 Technology House
Riverside Business Park
Manchester M15 4FH
Email: [email protected]

Supervisory Authority

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We use cookies to enhance your browsing experience and analyse site traffic. By continuing to use this site, you consent to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Required for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness.