GDPR Compliance Statement

Our Commitment to GDPR Compliance

flutter-dale is committed to ensuring compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union and European Economic Area.

Data Controller Information

Data Controller: flutter-dale
Address: 42 Kingsway Boulevard, London WC2B 6TE, United Kingdom
Email: [email protected]

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

1. Right to Access (Article 15)

You have the right to obtain confirmation as to whether your personal data is being processed and, where that is the case, access to the personal data and specific information about the processing.

2. Right to Rectification (Article 16)

You have the right to obtain the rectification of inaccurate personal data and to have incomplete personal data completed.

3. Right to Erasure / Right to be Forgotten (Article 17)

You have the right to obtain the erasure of your personal data under certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

4. Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing under certain circumstances, such as when you contest the accuracy of the data.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6. Right to Object (Article 21)

You have the right to object to processing of your personal data on grounds relating to your particular situation, particularly for direct marketing purposes.

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at:

• Email: [email protected]
• Written request to: 42 Kingsway Boulevard, London WC2B 6TE, United Kingdom

We will respond to your request within one month of receipt. In complex cases, this period may be extended by two additional months, and we will inform you of such extension.

Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for a specific purpose
• Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• Legal Obligation: Processing is necessary for us to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests

Data Protection Principles

We adhere to the following data protection principles as required by GDPR:

• Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
• Data Minimization: We ensure data is adequate, relevant, and limited to what is necessary
• Accuracy: We keep personal data accurate and up to date
• Storage Limitation: We retain data only as long as necessary
• Integrity and Confidentiality: We process data securely with appropriate technical and organizational measures
• Accountability: We are responsible for and can demonstrate compliance with these principles

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Staff training on data protection and security
• Incident response and breach notification procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR.

International Data Transfers

When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding corporate rules

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.

Third-Party Processing

When we engage third-party processors, we ensure they provide sufficient guarantees to implement appropriate technical and organizational measures in compliance with GDPR. We enter into data processing agreements with all processors.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes GDPR.

For the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO):
Website: https://flutter-dale.com

Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically.

Contact Us

If you have questions about our GDPR compliance or wish to exercise your rights, please contact us:

Email: [email protected]
Address: 42 Kingsway Boulevard, London WC2B 6TE, United Kingdom