GDPR Compliance

Our Commitment to GDPR

We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation. This page explains how we comply with GDPR requirements and what rights you have as a data subject.

Data Controller

For the purposes of GDPR, the data controller is:

ocean-puffin
45 Bedford Square
London WC1B 3DN
United Kingdom
Email: contact@ocean-puffin.com

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The lawful bases we rely on include:

• Contract: Processing is necessary to perform our services under a contract with you
• Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our services
• Consent: You have given explicit consent for specific processing activities
• Legal obligation: Processing is required to comply with legal or regulatory requirements

Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a subject access request.

Right to Rectification

You can ask us to correct any personal data that is inaccurate or incomplete.

Right to Erasure

Also known as the right to be forgotten, you can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can ask us to limit how we use your personal data in specific situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

How to Exercise Your Rights

To exercise any of your data subject rights, please contact us at contact@ocean-puffin.com

Please include the following information in your request:

• Your full name and contact details
• A description of the specific right you wish to exercise
• Any relevant details to help us locate your data
• Proof of identity if required

We will respond to your request within one month, though this may be extended by two additional months for complex requests.

Data Protection Principles

We process personal data in accordance with GDPR principles:

• Lawfulness, fairness, and transparency: We process data legally, fairly, and transparently
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes
• Data minimization: We only collect data that is necessary for our purposes
• Accuracy: We keep personal data accurate and up to date
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We protect data with appropriate security measures
• Accountability: We demonstrate compliance with these principles

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls limiting who can view personal data
• Staff training on data protection requirements
• Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by law.

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Please check this page periodically for updates.