GDPR Compliance

Information about your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR Compliance

Crimson-frontier is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page explains how we comply with these regulations and what rights you have regarding your personal information.

Data Controller Information

Data Controller: crimson-frontier

Contact Address: 47 Bramble Lane, Glastonbury, Somerset BA6 8DN, United Kingdom

Email: [email protected]

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with data protection laws.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Consent

When you submit forms on our website, you provide explicit consent for us to process your data for the purposes stated. You may withdraw consent at any time by contacting us.

Legitimate Interests

We process certain data based on legitimate business interests, including:

Responding to inquiries and providing requested services
Maintaining and improving our website
Preventing fraud and ensuring security
Understanding how visitors use our website

Contract Performance

When you engage our services, processing your data becomes necessary to fulfill contractual obligations.

Legal Obligation

We may process data when required to comply with legal or regulatory requirements.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to request correction.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data under certain circumstances, including when data is no longer necessary for the purposes collected or when you withdraw consent.

Right to Restrict Processing

You can request that we limit how we use your data under certain conditions, such as when you contest data accuracy or object to processing.

Right to Data Portability

You have the right to receive your personal data in a portable format and request its transfer to another data controller.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant impact. We do not engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us via email at [email protected]. Please include the following in your request:

Your full name and contact information
Specific right you wish to exercise
Clear description of the data or processing in question
Any relevant dates or details that help identify your data

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of such extension.

Data We Collect

We collect and process the following categories of personal data:

Identity Data

Name and contact details you provide through forms or correspondence.

Contact Data

Email address and correspondence records.

Technical Data

IP address (anonymized), browser type, device information, and website usage patterns.

Service Data

Information about services you're interested in or have engaged us to provide, including site details and project specifications.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Retention periods vary based on data type:

Inquiry data: Retained for 12 months after last contact if no service engagement occurs
Client project data: Retained for 7 years after project completion for legal and professional liability purposes
Website analytics data: Anonymized and retained for 24 months
Financial records: Retained for 7 years as required by UK law

Data Security

We implement appropriate technical and organizational measures to ensure data security, including:

Encryption of data in transit and at rest
Access controls limiting who can view personal data
Regular security assessments and updates
Staff training on data protection principles
Secure backup procedures

In the unlikely event of a data breach that poses risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

Data Sharing and Transfers

We do not sell or rent your personal data to third parties. We may share data with:

Service providers: Trusted third parties who assist with website hosting, email services, or other operational functions, bound by data protection agreements
Legal authorities: When required by law or to protect our rights
Professional advisors: Lawyers, accountants, or consultants under professional confidentiality obligations

Data is primarily stored and processed within the UK. Any international transfers comply with GDPR requirements, including use of standard contractual clauses or ensuring the recipient country has adequate data protection provisions.

Children's Data

Our services are not directed to individuals under 16 years of age. We do not knowingly collect data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

Supervisory Authority

You have the right to lodge a complaint with the UK supervisory authority for data protection:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, but you have the right to do so at any time.

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website. Continued use of our services after updates indicates acceptance of the revised terms.

Questions or concerns: If you have questions about GDPR compliance, your data rights, or our processing practices, please contact us at [email protected]. We are committed to addressing your concerns and ensuring your data is handled appropriately.