GDPR Compliance

Our commitment to data protection and your rights

Last updated: January 2024

Our Commitment

cyberflux-hub Ltd takes data protection seriously. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that personal data is processed lawfully, fairly, and transparently.

This page outlines how we meet our obligations under data protection law and explains the rights available to you as a data subject.

Data Controller Information

cyberflux-hub Ltd is the data controller responsible for your personal information.

Registered Address:
47 Whitmore Lane
Bristol, BS1 4QR
United Kingdom

Company Number: 08472916

Data Protection Contact: [email protected]

Lawful Bases for Processing

We only process personal data when we have a valid legal basis to do so. The bases we rely upon include:

Contractual Necessity

When you engage our photography services, we process your personal data to fulfil our contractual obligations. This includes contact information for communication, scheduling details, and payment information.

Legitimate Interests

We may process data based on our legitimate business interests, such as maintaining client records, improving our services, and protecting our legal rights. We always balance these interests against your rights and freedoms.

Consent

Where we rely on consent, you have the right to withdraw it at any time. This applies to marketing communications and any processing not covered by other legal bases.

Legal Obligations

Some processing is required by law, such as maintaining financial records for tax purposes or responding to valid legal requests.

Your Rights Under GDPR

Data protection law provides you with specific rights regarding your personal information:

Right to Be Informed

You have the right to know how your data is being used. Our Privacy Policy and this GDPR page provide this information.

Right of Access

You can request a copy of the personal data we hold about you. We will respond within one month of receiving your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. This is also known as the "right to be forgotten".

Right to Restrict Processing

You can request that we limit how we use your data while concerns are being investigated or resolved.

Right to Data Portability

You can request your data in a machine-readable format for transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decisions

You have rights concerning automated decision-making and profiling. We do not currently use automated decision-making that produces legal effects.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected] with your request. To help us process your request efficiently, please include:

  • Your full name and contact information
  • A description of the right you wish to exercise
  • Any relevant details that help identify the data in question

We may need to verify your identity before processing your request. There is generally no fee for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Security Measures

We implement appropriate security measures to protect personal data against:

  • Unauthorised or unlawful processing
  • Accidental loss, destruction, or damage
  • Unauthorised access or disclosure

Our measures include encrypted data transmission, secure storage systems, access controls, and regular security assessments.

Data Processors

We work with certain third-party service providers who process data on our behalf. These processors are bound by data processing agreements that require them to:

  • Process data only on our documented instructions
  • Ensure confidentiality obligations for personnel
  • Implement appropriate security measures
  • Assist with data subject requests
  • Delete or return data at the end of the relationship

International Data Transfers

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place. These may include:

  • Transfers to countries with adequacy decisions
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules where applicable

Photography-Specific Considerations

As a photography business, we process visual data (photographs) that may contain personal information. Specific points to note:

  • Photographs of identifiable individuals constitute personal data
  • We obtain appropriate permissions for commercial use of photographs
  • Portrait subjects receive information about how images will be used
  • We maintain records of consents and releases
  • Event photography follows industry best practices for data protection

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours where feasible
  • Communicate directly with affected individuals when required
  • Document the breach and our response
  • Take steps to mitigate any potential harm

Complaints

If you are unsatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Updates

We review our data protection practices regularly and may update this page to reflect changes in our processes or legal requirements. Material changes will be communicated appropriately.