Last updated: January 2024
vibrant sparrow is committed to complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page provides information about how we handle your personal data in accordance with these regulations.
vibrant sparrow acts as the data controller for personal information collected through our website and services. Our contact details are:
vibrant sparrow
47 Oakwood Business Centre
Guildford, Surrey
GU2 7XH
Email: [email protected]
The GDPR provides you with the following rights regarding your personal data:
You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.
You have the right to request a copy of the personal data we hold about you. This is commonly referred to as a Subject Access Request (SAR). We will respond to such requests within one month.
You have the right to request correction of any inaccurate personal data we hold about you, or to complete any incomplete data.
Also known as the "right to be forgotten", you can request deletion of your personal data where there is no compelling reason for its continued processing.
You have the right to request that we limit the processing of your personal data in certain circumstances.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have rights related to automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.
To exercise any of the rights described above, please contact us at [email protected]. We may ask you to verify your identity before processing your request.
We will respond to your request within one month. In complex cases, or where we receive a large number of requests, we may extend this period by up to two additional months. If this is necessary, we will inform you of the extension and the reasons for it.
We only process personal data when we have a lawful basis to do so. The lawful bases we rely on include:
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with GDPR requirements.
If you have concerns about how we handle your personal data, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance information periodically. Any changes will be posted on this page with an updated revision date.