Our Commitment to GDPR
orchard-forge is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and what rights you have regarding your personal information.
Data Controller
For the purposes of GDPR, orchard-forge is the data controller responsible for your personal information. We determine how and why your data is processed.
Contact: [email protected]
Address: 42 Belgrave Square, London SW1X 8QT, United Kingdom
Lawful Basis for Processing
We process your personal data only when we have a lawful basis to do so:
- Consent: You have given clear consent for us to process your personal data for specific purposes
- Contract: Processing is necessary for the performance of a contract with you
- Legal obligation: Processing is necessary to comply with the law
- Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request copies of your personal data. We may charge a reasonable fee for multiple copies or manifestly unfounded requests.
Right to Rectification
You have the right to request correction of any information you believe is inaccurate or incomplete.
Right to Erasure
You have the right to request deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected.
Right to Restrict Processing
You have the right to request restriction of processing of your personal data under certain conditions.
Right to Object
You have the right to object to our processing of your personal data under certain conditions, particularly for processing based on legitimate interests or for direct marketing purposes.
Right to Data Portability
You have the right to request transfer of your personal data to another organization or directly to you, in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two further months in complex cases. We will inform you of any such extension.
You will not have to pay a fee to exercise your rights, except for manifestly unfounded or excessive requests.
Data Protection Officer
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this policy and our data protection practices. You can contact the DPO at [email protected].
Data Security
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Regular testing and evaluation of security measures
- Access controls and authentication procedures
- Staff training on data protection
Data Breach Notification
In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
International Data Transfers
Your personal data is processed within the United Kingdom. If we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In the UK, the supervisory authority is the Information Commissioner's Office (ICO).
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: www.ico.org.uk
Updates to This Policy
We may update this GDPR compliance statement from time to time. The current version is always available on our website with the date of last update clearly indicated.