Our Commitment
sky-cypress is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented comprehensive measures to ensure your information is handled responsibly.
Data Controller
sky-cypress acts as the data controller for personal information collected through this website and our services. As the data controller, we determine the purposes and means of processing personal data and bear responsibility for compliance with data protection law.
Your Rights Under UK GDPR
Right of Access
You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of receiving your request, free of charge in most circumstances.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will address rectification requests within one month.
Right to Erasure
Also known as the right to be forgotten, you may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the data has been unlawfully processed.
Right to Restrict Processing
You may request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so. The bases we rely upon include:
- Your explicit consent for specific processing activities
- Performance of a contract when you engage our services
- Compliance with legal obligations
- Legitimate interests pursued by our business, balanced against your rights
Data Protection Measures
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit and at rest
- Regular testing and evaluation of security measures
- Staff training on data protection responsibilities
- Access controls limiting data access to authorised personnel
- Incident response procedures for potential data breaches
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk to you, we will also inform you directly without undue delay.
Exercising Your Rights
To exercise any of your rights under UK GDPR, please contact us using the details below. We may need to verify your identity before processing your request. We will respond to all legitimate requests within one month, though this period may be extended by two further months for complex requests.
Contact Information
For GDPR-related enquiries:
sky-cypress
47 Pemberton Road
London, SW11 5XR
United Kingdom
[email protected]
Supervisory Authority
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.