GDPR Compliance

Information about your data protection rights and our compliance with UK GDPR

Our Commitment to Data Protection

SmartCrack Level is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page explains your rights under these regulations and how we ensure compliance with data protection principles.

Data Controller Information

For the purposes of data protection legislation, SmartCrack Level is the data controller responsible for your personal information.

Business Name: SmartCrack Level
Address: 42 Kew Gardens Road, Richmond, Surrey TW9 3BZ, United Kingdom
Email: [email protected]

Your Rights Under UK GDPR

UK GDPR provides you with specific rights regarding your personal data. We respect these rights and have processes in place to facilitate their exercise.

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This information is provided through our Privacy Policy and this GDPR page.

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. This is commonly known as a Subject Access Request (SAR).

To make an access request, contact us via email. We will respond within one month of receiving your request, though complex requests may take up to three months with prior notification.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make amendments promptly and notify any third parties with whom we've shared the data where appropriate.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note that this right is not absolute. We may need to retain certain information to comply with legal obligations or establish legal claims.

Right to Restrict Processing

You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

Where technically feasible, you can request to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transfer this data to another controller.

This right applies when processing is based on consent or contract and is carried out by automated means.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant impacts. We do not currently use automated decision-making systems that would trigger this right.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us by email at [email protected] with the following information:

  • Your full name and contact details
  • Clear description of which right you wish to exercise
  • Specific details about what you're requesting

We may need to verify your identity before fulfilling requests to ensure we're releasing information only to the rightful individual.

Response Timeframes

We aim to respond to all rights requests within one month of receipt. For complex requests, we may extend this period by up to two additional months, in which case we'll inform you of the extension and reasons within the initial month.

We will not charge fees for most requests. However, we may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive.

Data Protection Principles

We process personal data in accordance with the following principles required by UK GDPR:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. We clearly communicate how and why we collect and use personal information.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimisation

We collect only data that is adequate, relevant, and limited to what is necessary for our stated purposes.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is corrected or deleted promptly.

Storage Limitation

We retain personal data only for as long as necessary for the purposes it was collected, or as required by law.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Accountability

We take responsibility for our data processing activities and can demonstrate compliance with data protection principles.

Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so. The legal bases we rely on include:

Consent

Where you have given clear, informed consent for us to process your data for specific purposes. You may withdraw consent at any time.

Contract

Where processing is necessary to fulfil our contractual obligations when providing services to you.

Legitimate Interests

Where processing is necessary for our legitimate business interests, provided these don't override your fundamental rights and freedoms.

Legal Obligation

Where we must process data to comply with legal or regulatory requirements.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with processing personal data. These measures include:

  • Encryption of data in transit and at rest
  • Access controls limiting who can view or process personal data
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Secure disposal procedures for data no longer required

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach.

If the breach is likely to result in high risk to your rights and freedoms, we will also notify affected individuals without undue delay, providing information about the breach and measures taken to address it.

Third-Party Processing

When we engage third parties to process personal data on our behalf, we ensure they provide sufficient guarantees of compliance with data protection requirements. We use written contracts specifying the subject matter, duration, nature, and purpose of processing, along with obligations and rights of both parties.

International Transfers

We primarily store and process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognising equivalent data protection standards
  • Standard contractual clauses approved by regulatory authorities
  • Binding corporate rules for transfers within corporate groups

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from individuals under this age. If we become aware of such processing, we will take steps to delete the information promptly.

Updates to This Information

We may update this page to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website or directly to clients where appropriate.

Making a Complaint

If you're unhappy with how we've handled your personal data or how we've responded to a request to exercise your rights, you can contact us to discuss your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Contact Us

If you have questions about our GDPR compliance or wish to exercise your data protection rights, please contact us:

Email: [email protected]
Address: 42 Kew Gardens Road, Richmond, Surrey TW9 3BZ, United Kingdom