GDPR Compliance

1. Introduction

At Bizcardy Ltd, we are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

2. Your Rights Under GDPR

Under GDPR, you have the following rights:

• The right to be informed about our collection and use of your personal data
• The right to access your personal data
• The right to rectification if any personal data is inaccurate or incomplete
• The right to erasure (also known as 'the right to be forgotten')
• The right to restrict processing of your personal data
• The right to data portability
• The right to object to us processing your personal data
• Rights relating to automated decision-making and profiling

3. Data Protection Principles

We adhere to the following data protection principles:

• Processing personal data lawfully, fairly, and transparently
• Collecting personal data only for specified, explicit, and legitimate purposes
• Ensuring personal data is adequate, relevant, and limited to what is necessary
• Keeping personal data accurate and up to date
• Storing personal data only as long as necessary
• Processing personal data securely and protecting against unauthorized processing

4. Lawful Bases for Processing

We process personal data under the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data
• Contract: Where processing is necessary for a contract we have with you
• Legal obligation: Where processing is necessary to comply with the law
• Legitimate interests: Where processing is necessary for our legitimate interests

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

6. International Transfers

When we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place through:

• Standard contractual clauses approved by the European Commission
• Binding corporate rules for transfers within a corporate group
• Compliance with approved codes of conduct

7. Data Security

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular security assessments
• Staff training on data protection
• Access controls and authentication
• Incident response procedures

8. Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing questions regarding this policy. You can contact our DPO at:

9. Making a Complaint

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.