Last Updated: January 2024
ruby-petal is committed to ensuring the protection of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we uphold GDPR principles in our business operations.
For the purposes of data protection legislation, ruby-petal is the data controller responsible for the personal data collected through this website and our services.
Contact details:
ruby-petal
47 Commerce Street
London, EC2A 4PQ
United Kingdom
Email: [email protected]
We adhere to the following data protection principles:
We process personal data lawfully and transparently. This policy and our Privacy Policy clearly explain what data we collect and how we use it.
We collect personal data only for specified, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes.
We collect only the personal data necessary for the purposes we have identified. We do not collect excessive or irrelevant information.
We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is corrected or deleted without delay.
We retain personal data only for as long as necessary for the purposes of processing. When data is no longer needed, it is securely deleted.
We implement appropriate technical and organisational measures to protect personal data against unauthorised processing, accidental loss, destruction, or damage.
As a data subject, you have the following rights:
You can request confirmation of whether we process your personal data and obtain a copy of that data.
You can request correction of inaccurate personal data or completion of incomplete data.
In certain circumstances, you can request deletion of your personal data. This right is not absolute and depends on the legal basis for processing.
You can request that we restrict the processing of your personal data in certain circumstances.
Where processing is based on consent or contract and is carried out by automated means, you can request your data in a structured, commonly used format.
You can object to processing based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.
To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month. In complex cases, we may extend this period by two months, but we will inform you of any extension within the initial one-month period.
There is no fee for exercising your rights. However, we may charge a reasonable fee if a request is manifestly unfounded or excessive, or we may refuse to act on the request.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.
The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO). You have the right to lodge a complaint with the ICO if you believe your data protection rights have been violated.
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Any updates will be posted on this page.