GDPR Compliance
How we protect your data under UK GDPR
Our Commitment to Data Protection
canyon-heron is committed to ensuring that your privacy is protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and your rights under these regulations.
Data Controller
canyon-heron acts as the Data Controller for personal information collected through this website. We are responsible for deciding how we hold and use personal information about you.
Contact details:
canyon-heron
47 Clerkenwell Road
London EC1M 5RS
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process personal data on the following legal bases:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
- Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
Types of Personal Data We Collect
We may collect the following categories of personal data:
- Identity data: name
- Contact data: email address, postal address
- Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- Usage data: information about how you use our website and services
- Marketing and communications data: your preferences in receiving marketing from us
Your Rights Under UK GDPR
Under UK GDPR, you have the following rights:
Right to Access
You have the right to request a copy of the personal information we hold about you. This is commonly known as a "subject access request".
Right to Rectification
You have the right to request that we correct any personal information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions. This is also known as the "right to be forgotten".
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Object to Processing
You have the right to object to our processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
Exercising Your Rights
If you wish to exercise any of your rights, please contact us at [email protected]. We will respond to your request within one month.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Complaints
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to This Notice
We may update this GDPR notice from time to time. We will notify you of any changes by posting the new notice on this page and updating the "last updated" date.
Last updated: January 2024