GDPR Information & Your Rights
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018. It strengthens and standardises data protection across the UK and European Union, giving individuals greater control over their personal data and imposing strict obligations on organisations that process personal information.
What is GDPR?
The GDPR is the UK and EU's most significant data protection legislation in over 20 years. It replaces the previous Data Protection Directive and introduces stronger rules for organisations that handle personal data. The regulation applies to:
- All organisations that process personal data of UK/EU residents, regardless of where the organisation is based
- Data controllers - organisations that determine how and why personal data is processed
- Data processors - organisations that process personal data on behalf of controllers
The GDPR's primary objectives are to:
- Protect the fundamental rights and freedoms of individuals regarding their personal data
- Ensure the free movement of personal data within the UK and EU
- Establish clear rules for the protection of personal data
- Hold organisations accountable for how they handle personal information
What Counts as Personal Data Under GDPR?
GDPR has expanded the definition of personal data to reflect the digital age. Personal data now includes any information that can directly or indirectly identify a living individual:
- Basic Information: Name, identification numbers (passport, national insurance number), date of birth
- Contact Details: Email address, phone number, postal address
- Online Identifiers: IP addresses, cookies, device IDs, mobile device identifiers
- Location Data: GPS coordinates, geolocation information
- Biometric Data: Fingerprints, facial recognition data
- Behavioural Data: Browsing history, purchase patterns, preferences
- Special Category Data: Racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation
Important: Even if data doesn't directly identify someone, if it can be combined with other information to identify them, it's still considered personal data under GDPR.
Your Rights Under GDPR
GDPR grants you eight fundamental rights regarding your personal data. At Amaizonia, we are committed to helping you exercise these rights:
1. Right of Access
You have the right to obtain confirmation that we process your personal data and to access a copy of that data. You can request information about what data we hold, why we hold it, and how long we keep it.
How to exercise: Contact us via our contact form with the subject "GDPR Data Access Request".
2. Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will update your information promptly upon verification.
How to exercise: Contact us with the corrected information and we'll update our records within 30 days.
3. Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose or you withdraw consent.
How to exercise: Submit a deletion request via our contact form. We'll respond within 30 days.
4. Right to Restrict Processing
You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
How to exercise: Contact us explaining why you want to restrict processing of your data.
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
How to exercise: Request your data in a portable format via our contact form.
6. Right to Object
You can object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.
How to exercise: Contact us or use the unsubscribe link in marketing emails.
7. Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless necessary for a contract or with your explicit consent.
Our commitment: We do not use fully automated decision-making that produces legal or similarly significant effects.
8. Right to Withdraw Consent
Where we process your data based on consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
How to exercise: Contact us or adjust your cookie preferences using the cookie settings button.
How Amaizonia Complies with GDPR
At Amaizonia Technology Solutions, we take data protection seriously and have implemented comprehensive measures to ensure GDPR compliance:
Data Governance
- Data Mapping: We maintain detailed records of what personal data we collect, why we collect it, where it's stored, and how long we keep it
- Purpose Limitation: We only collect and process personal data for specified, explicit, and legitimate purposes
- Data Minimisation: We collect only the minimum amount of personal data necessary for our purposes
- Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date
Security Measures
- Encryption: Personal data is encrypted in transit and at rest where appropriate
- Access Controls: We implement strict access controls to ensure only authorised personnel can access personal data
- Regular Security Audits: We conduct regular reviews of our security measures and data processing activities
- Data Breach Procedures: We have procedures in place to detect, report, and investigate data breaches within 72 hours as required by GDPR
Transparency & Communication
- Clear Privacy Notices: We provide clear information about how we use your data in our Privacy Policy
- Cookie Consent: We obtain explicit consent before placing non-essential cookies (see our Cookie Policy)
- Easy Contact: We make it easy for you to exercise your rights through our contact form
- Staff Training: Our team is trained on GDPR requirements and data protection best practices
What Data We Collect and Why
To provide our services and improve your experience, we collect the following types of personal data:
Data You Provide Directly
- Contact Forms: Name, email, phone number, company name, and message content - used to respond to your enquiries
- Chatbot Interactions: Name, email, phone number, company name, conversation history - used to provide customer support and improve our services
- Meeting Bookings: Information provided when scheduling meetings - used to coordinate appointments
Data Collected Automatically
- IP Address: Collected for security, fraud prevention, and analytics purposes
- Geolocation Data: Approximate location (with your permission) - used to provide location-based services
- Browser & Device Information: Browser type, device type, operating system - used to ensure website compatibility and improve user experience
- Usage Data: Pages visited, time spent, click patterns - used to analyse website performance and user behaviour
- Cookies: See our Cookie Policy for detailed information
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Consent: When you explicitly consent to processing (e.g., cookies, marketing communications)
- Legitimate Interests: For website security, fraud prevention, and service improvement
- Contractual Necessity: To fulfil our obligations when you use our services
- Legal Obligation: To comply with applicable laws and regulations
Data Storage and Retention
We store your personal data securely and only retain it for as long as necessary:
- Contact Form Data: Retained for 3 years from last contact
- Chatbot Data: Retained for 2 years from last interaction
- IP Addresses: Retained for 12 months for security and analytics
- Geolocation Data: Retained for 6 months
- Cookie Data: Retention periods vary by cookie type (see Cookie Policy)
After the retention period expires, we securely delete or anonymise your personal data unless we have a legal obligation to retain it longer.
Third-Party Data Sharing
We may share your personal data with trusted third-party service providers who help us operate our website and provide our services:
- Netlify: Hosting and form submission processing (see Netlify Privacy Policy)
- Google Sheets: Data storage and backup (see Google Privacy Policy)
- IPify API: IP address detection service (see IPify Privacy Policy)
All third-party providers are contractually obligated to protect your data and comply with GDPR requirements. We do not sell your personal data to third parties.
How to Exercise Your GDPR Rights
Exercising your GDPR rights is straightforward:
- Contact Us: Use our contact form or email us directly
- Specify Your Request: Clearly state which right you wish to exercise (access, deletion, correction, etc.)
- Verification: We may need to verify your identity to protect your data
- Response Time: We will respond to your request within 30 days (or inform you if we need more time)
No Fee: Exercising your GDPR rights is free of charge, unless your request is manifestly unfounded or excessive.
Data Breach Notification
In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will:
- Notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if the breach poses a high risk
- Provide clear information about the nature of the breach and steps being taken to address it
- Take immediate action to contain and remediate the breach
Complaints
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
- ICO Website: https://ico.org.uk/make-a-complaint/
- ICO Helpline: 0303 123 1113
- ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We encourage you to contact us first so we can address your concerns directly. However, you are always free to contact the ICO.
Official Government Resources
For official information and guidance on GDPR compliance, please refer to:
- UK Information Commissioner's Office (ICO) - The UK's independent authority for data protection
- ICO Guide to GDPR - Comprehensive guide to GDPR requirements
- UK Government Data Protection - Official government information on data protection
- ICO For the Public - Information about your data protection rights
Contact Us About GDPR
If you have any questions about how we handle your personal data or wish to exercise your GDPR rights, please don't hesitate to contact us:
- Via Contact Form: Contact Us
- Data Protection Enquiries: Please use the subject line "GDPR Enquiry" or "Data Protection Request"
- Response Time: We aim to respond to all GDPR-related enquiries within 30 days
Data Controller: Amaizonia Technology Solutions
Registered Address: Kemp House, 160 City Road, London, EC1V 2NX, United Kingdom