GDPR Compliance

Your data protection rights under UK GDPR

freshnut-construct Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and outlines your rights as a data subject.

Our Commitment to Data Protection

We take the protection of your personal data seriously. As a data controller, we are responsible for determining how and why your personal data is processed. We have implemented comprehensive measures to ensure your data is handled lawfully, fairly, and transparently.

Data Controller Information

The data controller responsible for your personal information is:

freshnut-construct Ltd
47 Riverside Walk
Manchester, M3 4LQ
United Kingdom
Company Registration: 07284591

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. You can contact our DPO at:

Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right to Be Informed

You have the right to know how we collect and use your personal data. We provide this information through our Privacy Policy and at the point of data collection. We explain what data we collect, why we collect it, how long we keep it, and who we share it with.

Right of Access

You can request a copy of all personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month, providing:

  • Confirmation that we are processing your data
  • A copy of your personal data
  • Information about how and why we process your data
  • Details of any third parties we share your data with

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make corrections within one month of receiving your request, and we will inform any third parties who have received the incorrect data.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

We may retain certain data where we have a legal obligation or legitimate interest to do so.

Right to Restrict Processing

You can request that we limit how we use your data in certain situations:

  • You contest the accuracy of the data while we verify it
  • The processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing while we verify whether our interests override yours

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format. You can also request that we transmit this data directly to another organisation where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for this purpose immediately. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently use automated decision-making in our services.

Lawful Bases for Processing

We process personal data under the following lawful bases as appropriate:

Contractual Necessity

We process data necessary to perform our services under the contracts we have with clients. This includes managing bookings, delivering training programmes, and processing payments.

Legitimate Interests

We may process data where we have a legitimate business interest, provided this does not override your fundamental rights. Examples include improving our services, preventing fraud, and ensuring network security.

Consent

Where we rely on consent for processing, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Legal Obligation

We process certain data to comply with legal obligations, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.

Data Protection Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and penetration testing
  • Staff training on data protection and security
  • Incident response procedures for data breaches
  • Regular backups and disaster recovery planning

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

  • Detect and contain the breach promptly
  • Assess the risk to individuals affected
  • Notify the Information Commissioner's Office within 72 hours where required
  • Notify affected individuals without undue delay where there is a high risk to their rights
  • Document the breach and our response

International Data Transfers

Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place. These may include:

  • Transfers to countries with adequacy decisions from the UK government
  • Standard Contractual Clauses approved by the ICO
  • Binding Corporate Rules for transfers within corporate groups

Exercising Your Rights

To exercise any of your rights under UK GDPR, please contact us at:

Email: [email protected]
Post: Data Protection Officer, freshnut-construct Ltd, 47 Riverside Walk, Manchester, M3 4LQ

We will respond to your request within one month. In complex cases, we may extend this period by up to two months, in which case we will notify you of the extension and explain the reasons.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Updates to This Information

We may update this GDPR compliance information from time to time. The latest version will always be available on our website. Significant changes will be communicated to affected individuals where appropriate.