GDPR Compliance

Your data protection rights explained clearly.

emerald-flux Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides additional information about how we handle your personal data and your rights under these regulations.

Our Role as Data Controller

emerald-flux Ltd acts as the data controller for personal information collected through our website. This means we determine the purposes and means of processing your personal data and are responsible for ensuring this processing complies with data protection laws.

Data Controller: emerald-flux Ltd
Registration Number: ZA824615
Registered Address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ

Data Protection Principles

We adhere to the following principles when processing your personal data:

  • Lawfulness, Fairness, and Transparency: We process data lawfully and inform you about how we use it
  • Purpose Limitation: We collect data for specified, explicit purposes and do not process it in ways incompatible with those purposes
  • Data Minimisation: We collect only the data necessary for the stated purposes
  • Accuracy: We take reasonable steps to ensure personal data is accurate and up to date
  • Storage Limitation: We retain data only for as long as necessary
  • Integrity and Confidentiality: We implement appropriate security measures to protect your data
  • Accountability: We can demonstrate compliance with these principles

Lawful Bases for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. Depending on the specific processing activity, we rely on one or more of the following:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose. This applies to:

  • Newsletter subscriptions
  • Non-essential cookies (analytics and marketing)
  • Optional feedback submissions

You may withdraw consent at any time by contacting us or using the unsubscribe links in our communications.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This applies to:

  • Website security and fraud prevention
  • Improving our content and user experience
  • Responding to enquiries and correspondence
  • Understanding how our website is used

Legal Obligation

Where processing is necessary to comply with a legal obligation. This may include:

  • Maintaining business records for tax and accounting purposes
  • Responding to lawful requests from authorities
  • Complying with court orders or legal proceedings

Your Individual Rights

The UK GDPR provides you with specific rights regarding your personal data. Below is a detailed explanation of each right:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. We fulfil this right through this page and our Privacy Policy.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request. The information will be provided free of charge in most circumstances.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will respond within one month, or sooner if feasible.

Right to Erasure

Also known as the "right to be forgotten", you may request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and there is no other lawful basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

This right is not absolute, and we may refuse requests where we have a legal obligation to retain data or other legitimate reasons.

Right to Restrict Processing

You may request that we limit how we use your data while we investigate a concern you have raised about its accuracy, our lawful basis, or pending a decision on an objection you have made.

Right to Data Portability

Where processing is based on consent or a contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in automated decision-making of this nature.

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

  • Email: [email protected]
  • Post: Data Protection Officer, emerald-flux Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ

We may ask you to verify your identity before processing your request. We will respond within one month, though this may be extended by two further months for complex requests, in which case we will inform you.

International Data Transfers

If we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

  • Transfers to countries with an adequacy decision from the UK government
  • Standard Contractual Clauses approved by the UK ICO
  • Binding Corporate Rules where applicable

Data Breach Procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware
  • Communicate directly with affected individuals if the breach is likely to result in high risk
  • Document the breach and our response actions

Complaints

If you are dissatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first if possible.

Updates to This Information

We review our data protection practices regularly and may update this page to reflect changes. Significant changes will be communicated through our website.

We use cookies to enhance your browsing experience and analyse site traffic. By clicking "Accept All", you consent to our use of cookies. Learn more