GDPR Compliance

Our Commitment to GDPR Compliance

brightlark-trail is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations as a data controller and, in some cases, as a data processor.

Data Controller Information

For the purposes of UK data protection law, brightlark-trail is the data controller for personal data collected through our website and in the course of providing our services.

Data Controller: brightlark-trail
Address: 47 Clerkenwell Road, London EC1M 5RS, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so under Article 6 of UK GDPR:

1. Consent

When you provide explicit consent for us to process your personal data for specific purposes, such as marketing communications or cookie usage beyond essential cookies.

2. Contract Performance

When processing is necessary to fulfill our contractual obligations to you as a client, including delivering consulting services and maintaining client relationships.

3. Legitimate Interests

When we have a legitimate business interest that does not override your fundamental rights and freedoms. This includes:

• Responding to inquiries and providing information about our services
• Improving our website and service offerings
• Preventing fraud and ensuring security
• Analyzing website usage for business optimization

4. Legal Obligation

When we must process data to comply with legal or regulatory requirements, such as tax obligations and business record retention.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This is provided through our Privacy Policy and this GDPR page.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge in most cases.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure

In certain circumstances, you can request deletion of your personal data, including when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your rights under UK GDPR, please contact us:

• Email: [email protected]
• Mail: 47 Clerkenwell Road, London EC1M 5RS, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of any delay.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical Measures

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security testing and vulnerability assessments
• Secure backup and disaster recovery procedures

Organizational Measures

• Data protection policies and procedures
• Staff training on data protection and confidentiality
• Confidentiality agreements with staff and third parties
• Regular review and update of security measures

Data Retention

We retain personal data only for as long as necessary:

• Inquiry data: Up to 2 years if no engagement results
• Client data: 7 years after engagement completion (legal and tax requirements)
• Marketing data: Until consent is withdrawn or 3 years of inactivity
• Website analytics: 26 months

Third-Party Data Processing

When we engage third-party service providers who process personal data on our behalf, we ensure:

• Written contracts are in place (Data Processing Agreements)
• Processors provide sufficient guarantees of compliance
• Appropriate security measures are implemented
• Processing is limited to our documented instructions

International Data Transfers

We are based in the United Kingdom and primarily process data within the UK. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by the ICO
• Binding corporate rules where applicable

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if there is a high risk to their rights
• Document all breaches, including facts, effects, and remedial actions

Children's Data

We do not knowingly collect or process personal data from individuals under 18 years of age. Our services are directed at business professionals and organizations.

Updates to This Page

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. The last update date is shown at the top of this page.

Contact and Complaints

If you have questions or concerns about how we handle your personal data, please contact us at [email protected].

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: brightlark-trail.com