GDPR Compliance

Our commitment to protecting your data rights

Last Updated: January 2024

Our Commitment to GDPR

Frostbite Move Limited is committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We recognise the importance of data protection and privacy, and we take our responsibilities as a data controller seriously.

Data Controller Information

Frostbite Move Limited acts as the data controller for personal data collected through our website and business operations:

Company: Frostbite Move Limited
Address: 47 King William Street, London EC4R 9AF, United Kingdom
Email: [email protected]

Your Rights Under GDPR

The GDPR provides you with specific rights regarding your personal data. We are committed to honouring these rights:

Right to Access (Article 15)

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about how it is processed. We will provide this information free of charge within one month of your request.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected without undue delay. Considering the purposes of the processing, you also have the right to have incomplete personal data completed.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including:

  • When the data is no longer necessary for its original purpose
  • When you withdraw consent (where consent was the legal basis)
  • When you object to processing and there are no overriding legitimate grounds
  • When the data has been unlawfully processed

Right to Restriction of Processing (Article 18)

You may request restriction of processing in specific circumstances, such as when you contest the accuracy of data or when processing is unlawful but you oppose erasure.

Right to Data Portability (Article 20)

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Legal Bases for Processing

We only process personal data when we have a valid legal basis under GDPR:

  • Consent (Article 6(1)(a)): You have given clear consent for processing for specific purposes
  • Contract (Article 6(1)(b)): Processing is necessary to perform a contract with you or take pre-contractual steps
  • Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with a legal obligation
  • Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate interests, provided these do not override your fundamental rights

Data Protection Principles

We adhere to the data protection principles set out in Article 5 of the GDPR:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and transparently
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimisation: We collect only data that is adequate, relevant, and limited to what is necessary
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We process data securely
  • Accountability: We demonstrate compliance with these principles

International Data Transfers

When we transfer personal data outside the UK and EEA, we ensure appropriate safeguards are in place as required by GDPR, including:

  • Transfers to countries with adequacy decisions
  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules for intra-group transfers

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to individuals, we will also notify the affected individuals without undue delay.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us:

Email: [email protected]
Post: Data Protection, Frostbite Move Limited, 47 King William Street, London EC4R 9AF

We will respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by a further two months, but we will inform you of any extension and the reasons for it.

Complaints

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: www.ico.org.uk

Updates to This Notice

We may update this GDPR compliance notice periodically. We encourage you to review this page regularly. The date of the last update is shown at the top of this page.

We use cookies to enhance your experience on our website. By continuing to browse, you agree to our use of cookies. Learn more in our Cookies Policy.