Your rights under data protection regulations
Last updated: January 2024
canopy-kudu is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure compliance with data protection principles.
canopy-kudu acts as the data controller for personal information collected through this website and in connection with our services.
Contact details:
Under the UK GDPR, you have the following rights regarding your personal data:
You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month of receiving it.
If the personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will respond to rectification requests within one month.
Also known as the "right to be forgotten," you may request that we delete your personal data in certain circumstances, including:
You may request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
You have rights in relation to automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.
To exercise any of your data protection rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases or where we receive a high volume of requests, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for it.
We may need to verify your identity before processing your request to ensure the security of your personal data.
We process personal data under the following lawful bases:
Your personal data is primarily processed within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.