GDPR Compliance
Our commitment to protecting your personal data under the General Data Protection Regulation.
Last updated: January 2024
Our Commitment to GDPR
frosty-vine is committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We take the protection of your personal data seriously and have implemented appropriate measures to ensure your rights are respected.
Data Controller
frosty-vine acts as the data controller for personal data collected through this website and in connection with our training services. This means we determine the purposes and means of processing your personal data.
Contact details:
frosty-vine
27 Berkeley Square
Mayfair, London W1J 6EN
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so. The lawful bases we rely upon include:
Consent
Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications or newsletters.
Contract
Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes processing data to deliver our training programmes.
Legitimate Interests
Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights. Our legitimate interests include:
- Improving our services and website functionality
- Understanding how our services are used
- Administering and protecting our business
- Fraud prevention and security
Legal Obligation
Where processing is necessary for compliance with a legal obligation to which we are subject.
Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right to Be Informed
You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR notice.
Right of Access
You have the right to request access to your personal data that we hold. We will provide a copy of your data free of charge within one month of your request.
Right to Rectification
You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.
Right to Erasure
You have the right to request the deletion of your personal data in certain circumstances, including:
- When the data is no longer necessary for the purpose it was collected
- When you withdraw consent (where consent was the basis for processing)
- When you object to processing and there are no overriding legitimate grounds
- When data has been unlawfully processed
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where processing is based on consent or contract and is carried out by automated means.
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. We do not currently engage in such automated decision-making.
Data Protection Measures
We have implemented appropriate technical and organisational measures to ensure the security of your personal data, including:
- Encryption of data in transit and at rest where appropriate
- Access controls to limit who can access personal data
- Regular security assessments and updates
- Staff training on data protection responsibilities
- Data processing agreements with third-party service providers
International Data Transfers
We primarily process and store personal data within the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with data protection legislation.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods vary depending on the nature of the data and the purposes of processing. When data is no longer required, it is securely deleted or anonymised.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
Exercising Your Rights
To exercise any of your rights under the GDPR, please contact us at:
Email: [email protected]
We will respond to your request within one month. In complex cases or where we receive numerous requests, we may extend this period by up to two months, in which case we will inform you.
Complaints
If you are not satisfied with how we handle your personal data or your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Changes to This Notice
We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.