GDPR Compliance

Last updated: January 2024

Our Commitment to GDPR

Scarlet Ride Limited is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and what rights you have regarding your personal data.

Who We Are

Scarlet Ride Limited is the data controller responsible for your personal data. Our contact details are:

Scarlet Ride Limited
47 Clerkenwell Road
London EC1M 5RS
United Kingdom

Data Protection Contact: [email protected]

Data Protection Principles

We adhere to the principles set out in the UK GDPR. Personal data must be:

• Processed lawfully, fairly, and transparently: We are clear about what data we collect and why
• Collected for specified, explicit, and legitimate purposes: We only use data for the reasons we have stated
• Adequate, relevant, and limited: We only collect what we need for our stated purposes
• Accurate and kept up to date: We take steps to ensure data accuracy and correct errors promptly
• Kept no longer than necessary: We delete data when it is no longer needed
• Processed securely: We implement appropriate measures to protect your data

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The bases we rely on include:

Consent

Where you have given us clear consent to process your personal data for a specific purpose. You can withdraw consent at any time by contacting us.

Contract

Where processing is necessary for the performance of a contract we have with you, or to take steps at your request before entering into a contract.

Legitimate Interests

Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests. Our legitimate interests include:

• Providing and improving our services
• Marketing our services to existing and potential clients
• Managing our business operations
• Maintaining security of our systems and data

Legal Obligation

Where processing is necessary for us to comply with the law.

Your Data Protection Rights

Under the UK GDPR, you have the following rights:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. We provide this information through our Privacy Policy and this GDPR compliance page.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.

Right to Rectification

You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, including when:

• The data is no longer necessary for its original purpose
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.

Right to Object

You have the right to object to the processing of your personal data where we are relying on legitimate interests as the legal basis. You also have the absolute right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have rights related to automated decision-making and profiling. We do not currently use automated decision-making that has legal or similarly significant effects on individuals.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this period by up to two additional months, but we will inform you if this is necessary.

We do not charge a fee for most requests. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Data Processors

We use certain third-party service providers to process data on our behalf. These processors are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them. Our processors include:

• Email service providers for communication delivery
• Analytics providers for website performance monitoring
• Cloud hosting providers for data storage

International Data Transfers

When we transfer personal data outside the UK, we ensure that appropriate safeguards are in place. These safeguards may include:

• Transferring to countries with an adequacy decision
• Standard contractual clauses approved by the UK Government
• Binding corporate rules

Data Breach Notification

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or processes that are likely to result in high risks to individuals' rights and freedoms.

Record Keeping

We maintain records of our processing activities as required by Article 30 of the UK GDPR. These records include information about the purposes of processing, categories of data subjects, and retention periods.

Staff Training

All staff who handle personal data receive training on data protection principles and our internal policies. This training is updated regularly to reflect changes in legislation and best practices.

Complaints

If you are not satisfied with how we have handled your personal data or responded to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom

Telephone: 0303 123 1113
Website: ico.org.uk

We would appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Further Information

For more detailed information about how we process your personal data, please see our Privacy Policy.