GDPR Compliance

General Data Protection Regulation

reef-sage is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations under these regulations.

Data Controller

reef-sage acts as the data controller for personal information collected through this website. We determine the purposes and means of processing personal data and are responsible for ensuring compliance with data protection laws.

Lawful Basis for Processing

We only process personal data when we have a valid lawful basis to do so. The lawful bases we rely on include:

• Consent: You have given clear consent for us to process your personal data for a specific purpose
• Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, unless there is a good reason to protect your personal data which overrides those interests

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to be Informed
You have the right to know how your data is being collected and used. Our Privacy Policy provides this information.

Right of Access
You can request a copy of the personal data we hold about you. We will respond to your request within one month.

Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure
You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restrict Processing
You can request that we limit how we use your data while a complaint is being investigated or if you have objected to processing.

Right to Data Portability
You can request to receive your personal data in a structured, commonly used format, or have it transferred to another organisation.

Right to Object
You can object to certain types of processing, including processing for direct marketing purposes.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit using SSL/TLS protocols
• Access controls limiting who can view personal data
• Regular security assessments and updates
• Staff training on data protection principles

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

International Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Contact for Data Protection Queries

For any questions regarding this GDPR policy or to exercise your data protection rights, please contact:

reef-sage
47 Commerce Street
London, EC2A 3PQ
United Kingdom
[email protected]