GDPR Compliance
Your data protection rights and our commitment to GDPR compliance.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and those that offer goods or services to individuals in the EU, regardless of where the organization is based.
GDPR gives you greater control over your personal data and ensures that organizations handle your information responsibly and transparently.
Our GDPR Commitment
At C&L Web Design, we are fully committed to GDPR compliance and protecting your personal data. We have implemented comprehensive data protection measures and processes to ensure your rights are respected and your information is secure.
Data Minimization
We only collect data that is necessary for our services
Transparency
Clear information about how we use your data
Security
Robust security measures to protect your information
Your Rights
Easy access to exercise your GDPR rights
Your GDPR Rights
Under GDPR, you have several important rights regarding your personal data:
1. Right to Access
You have the right to request a copy of all personal data we hold about you, along with information about how we process it.
How to exercise: Contact us with your request, and we'll provide your data within one month.
2. Right to Rectification
You can request that we correct any inaccurate or incomplete personal data we hold about you.
How to exercise: Simply contact us with the corrections you'd like us to make.
3. Right to Erasure (Right to be Forgotten)
You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
How to exercise: Contact us with your deletion request, and we'll assess if the conditions are met.
4. Right to Restrict Processing
You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data.
How to exercise: Contact us to request processing restrictions.
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
How to exercise: Contact us to request your data in a portable format.
6. Right to Object
You can object to the processing of your personal data in certain circumstances, particularly for direct marketing purposes.
How to exercise: Contact us to object to specific processing activities.
7. Right to Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time.
How to exercise: Contact us or use the unsubscribe links in our communications.
How We Process Your Data
Legal Basis for Processing
We only process your personal data when we have a legal basis to do so under GDPR:
- • Consent: When you have given us explicit consent
- • Contract: When processing is necessary to fulfill our contractual obligations
- • Legitimate Interest: When processing is necessary for our legitimate business interests
- • Legal Obligation: When we are required to process data by law
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When we no longer need your data, we securely delete or anonymize it.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and regular security assessments.
Data Breach Procedures
Our Commitment to Transparency
In the unlikely event of a data breach that affects your personal data, we have procedures in place to:
- • Detect and assess the breach within 72 hours
- • Notify the relevant supervisory authority if required
- • Inform affected individuals when there is a high risk to their rights and freedoms
- • Take immediate steps to contain and remediate the breach
- • Document all incidents and lessons learned
International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure that appropriate safeguards are in place to protect your data, such as:
- • Adequacy decisions by the European Commission
- • Standard contractual clauses approved by the European Commission
- • Binding corporate rules
- • Other appropriate safeguards as required by GDPR
Exercising Your Rights
To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month, though this may be extended by two months for complex requests.
Please include "GDPR Request" in the subject line and provide details about which right you wish to exercise and any relevant information to help us process your request efficiently.
Supervisory Authority
If you are not satisfied with our response to your GDPR request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: https://ico.org.uk
Email: casework@ico.org.uk
Continuous Improvement
We are committed to continuously improving our GDPR compliance and data protection practices. We regularly review and update our policies and procedures to ensure they remain current with legal requirements and best practices.
Last updated: January 2025