spindle-byte

Our Commitment to GDPR Compliance

spindle-byte is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union and the United Kingdom. This page explains how we uphold your data protection rights and our responsibilities under GDPR.

Data Controller Information

For the purposes of GDPR, the data controller is:

spindle-byte
47 Bishops Gate
London EC2N 3AQ
United Kingdom
Email: [email protected]

Your Rights Under GDPR

1. Right to Be Informed

You have the right to clear, transparent information about how we collect and use your personal data. We provide this information through our Privacy Policy and this GDPR page.

2. Right of Access

You have the right to request access to the personal data we hold about you. This includes:

Confirmation of whether we are processing your personal data
Access to your personal data
Information about how we use your data
Information about who we share your data with
How long we retain your data
Information about your other rights

We will respond to access requests within one month of receipt. There is no fee for this service unless the request is manifestly unfounded, excessive, or repetitive.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it. We will respond to rectification requests within one month.

4. Right to Erasure (Right to Be Forgotten)

You have the right to request deletion of your personal data in certain circumstances:

The data is no longer necessary for the purposes we collected it
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
The data must be erased to comply with a legal obligation

This right is not absolute and may not apply if we need to retain the data for legal obligations or legitimate purposes.

5. Right to Restriction of Processing

You have the right to request restriction of processing in certain situations:

You contest the accuracy of the data (restriction applies while we verify accuracy)
Processing is unlawful but you prefer restriction over erasure
We no longer need the data but you need it to establish, exercise, or defend legal claims
You have objected to processing (restriction applies while we verify our legitimate grounds)

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where:

Processing is based on consent or contract
Processing is carried out by automated means

7. Right to Object

You have the right to object to processing of your personal data where:

Processing is based on legitimate interests or performance of a public interest task
Processing is for direct marketing purposes
Processing is for scientific, historical research, or statistical purposes

We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

8. Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects. We do not currently engage in automated decision making or profiling that would trigger this right.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

When submitting a request, please include:

Your full name
Your email address
A clear description of which right you wish to exercise
Any relevant details to help us locate your data

We may ask you to verify your identity before processing your request to ensure we are disclosing data only to the person entitled to it.

Response Timeframes

We will respond to your requests without undue delay and within one month of receipt. In complex cases or if we receive multiple requests, we may extend this period by two additional months. We will inform you of any extension within one month of receiving the request, along with the reasons for the delay.

Data Processing Principles

We process personal data in accordance with GDPR principles:

Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and transparently
Purpose Limitation: We collect data for specified, explicit, and legitimate purposes only
Data Minimization: We collect only data that is adequate, relevant, and necessary
Accuracy: We keep data accurate and up to date
Storage Limitation: We retain data only as long as necessary
Integrity and Confidentiality: We process data securely with appropriate safeguards
Accountability: We demonstrate compliance with these principles

Legal Bases for Processing

We process personal data only when we have a valid legal basis:

Consent: You have given clear consent for specific processing
Contract: Processing is necessary to fulfill our contract with you
Legal Obligation: Processing is necessary to comply with the law
Legitimate Interests: Processing is necessary for our legitimate interests, provided your rights do not override those interests

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Pseudonymization and encryption of personal data
Ongoing confidentiality, integrity, availability, and resilience of processing systems
Ability to restore availability and access to data in a timely manner after incidents
Regular testing and evaluation of security measure effectiveness

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.

International Data Transfers

When we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions confirming the destination country provides adequate protection
Other legally approved mechanisms

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:

UK: Information Commissioner's Office (ICO)
Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Updates to This Information

We may update this GDPR information to reflect changes in our practices or legal requirements. Material changes will be communicated through our website with an updated revision date.