This page (together with the documents referred to in it) tells you the terms on which you make use of GDPREP.ORG’s (we, us our) website, www.gdprep.org (our website).
Please read these terms and notices carefully before you start using our website.
You may print off and keep a copy of these terms. They are a legal agreement between you and Data Priva Limited T/A GDPREP.ORG and can only be modified with our consent.
The information on our website refers to only the laws of England and Wales and is intended for residents of England and Wales. Laws and regulations may be different outside of England and Wales.
We disclaim all liability in respect to actions taken or not taken based on any or all the contents of this website to the fullest extent permitted by law. The material displayed on our website is provided without any guarantees, conditions or warranties as to its accuracy. To the extent permitted by law, we and third parties connected to us hereby expressly exclude all conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity.
We declaim any liability for any direct, indirect or consequential loss or damage incurred by any user in connection with our website or in connection with the use, inability to use, or results of the use of our website, any websites linked to it and any materials or materials posted on it or omitted from it, including, without limitation, any liability for:
We do not exclude our liability for death or personal injury arising from our negligence, our liability for fraudulent misrepresentation or any other liability which cannot be excluded or limited by law.
The information contained in this website is provided for informational purposes only and should not be construed as legal advice on any matter. You should not rely on the information published on this website, including information contained in our Blogs and Podcasts . The information on this website does not take account of individual circumstances and may not reflect recent changes in the law.
Do not act or refrain from acting upon this information without seeking professional legal advice: you are strongly advised to obtain specific, personal legal advice about your case or matter and not to rely on the information or comments in this website.
We aim to update our website regularly and may change the content at any time. The material on this website may not reflect the most current legal developments, particularly information in our archives. Any of the material on our website may be out of date at any given time, and we are under no obligation to update such material.
While we make reasonable efforts to keep our information accurate, we assume no responsibility for its accuracy and correctness, or for any consequences of relying on it, howsoever arising.
We enter into no express or implied conditions, warranties, terms or representations regarding the quality, accuracy or completeness of the information. The content and interpretation of the law addressed herein is subject to revision.
If the need arises we may suspend access to our website, or close it indefinitely.
We shall not be liable for any technical, editorial, typographical, or other errors or omissions within the information provided on this website, nor shall we be responsible for the content of any web images or information linked to this website.
The transmission and receipt of information contained on this website, in whole or in part, or communication with GDPREP.ORG via the internet or email through this website does not constitute or create a contractual relationship between us and any recipient. You should not send us any confidential information in response to this webpage. Such responses will not create a contractual relationship, and whatever you disclose to us will not be privileged or confidential unless we have agreed to act as your legal advisers, and you have executed a written engagement agreement with Data Priva Limited T/A GDPREP.ORG.
While we try to ensure that the website is available 24 hours a day, we cannot guarantee this and will not be liable if for any reason the website is unavailable at any time or for any period. Access to the website may be suspended temporarily and without notice in the case of system failure, maintenance, or repair, for reasons beyond our control or any other reason we consider to be appropriate in the circumstances. We shall have no liability in respect of any such suspension, or if for any reason our website is unavailable at any time or for any period.
Access to our website is permitted on a temporary basis, and we reserve the right to withdraw or amend the service we provide on our website at any time without notice.
You must not misuse our website by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our website, the server on which our website is stored, or any server, computer or database connected to our website.
You must not attack our website via a denial-of-service attack or a distributed denial-of service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities, and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our website will cease immediately.
We will determine, in our absolute discretion, whether your use of our website is unacceptable, and, in this event, we may take such action as we deem appropriate.
This website may contain links to other third-party websites and resources not operated or controlled by us. If you use these links, you will leave the website. These links are provided for information and convenience only and do not constitute any endorsement by Data Priva Limited T/A GDPREP.ORG of the organisation promoted on the linked websites, their products or services.
We do not have any control over such linked websites or the content of them and cannot accept any responsibility for them or for any loss or damage that may arise from your use of them.
You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval, or endorsement on our part where none exists. You must not establish a link from any website that is not owned by you. We reserve the right to withdraw linking permission without notice.
Our website must not be framed on any other site.
The user agrees that material downloaded or otherwise accessed using this website is obtained entirely at the user’s own risk and that the user will be entirely responsible for any resulting damage to software or computer systems and/or any resulting loss of data, even if such loss and damage was reasonably foreseeable and we had been advised of the possibility of the same.
We will not be liable for any loss or damage caused by a distributed denial of service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of the website, or to your downloading of any material posted on it, or on any website linked to it.
The intellectual property rights (including, without limitation, copyright trade marks and other intellectual property rights) in all material on the website (including, without limitation, logos, designs, text, images and other materials) are owned by or licensed to Data Priva Limited T/A GDPREP.ORG or appear with the permission of the relevant owner. Those works are protected by copyright and trademark laws and treaties around the world. All such rights are reserved.
Your use of the materials on this website is limited as set out below:
Updated: May 2022
Data Priva Limited T/A GDPREP.ORG respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
This privacy notice sets out the types of personal information we collect, how we collect and process that information, who we may share it with in relation to the services we provide and certain rights and options that you have in this respect.
Data Priva Limited T/A GDPREP.ORG is the controller and responsible for your personal data. Our registered address is Studio Office, 25A Archer Road, Penarth, CF64 3HJ. We can be contacted on +447810 883333 and by emailing us at; firstname.lastname@example.org. We are registered with the UK data protection regulator (Information Commissioner’s Office (ICO)). Our unique registration number is ZA330354.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed. This is known as anonymous data.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We use different methods to collect data from and about you including through:
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
We may receive personal data about you from various third parties and public sources such as Technical Data including analytics providers such as Google based outside of the EU, advertising networks and search information providers. We may receive Contact Data through online publicly available sources for example, corporate websites, corporate profile sites such as LinkedIn and government registers such as Companies House.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We have set out below, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased our services and in that instance, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside GDPREP.ORG for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your personal data with the parties set out below for the purposes set above;
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
In the course of providing our legal services to you, there may be occasions where your service requires us to transfer personal data out of the EEA. Similarly, where we use cloud service providers (customer relationship management systems), ultimately the storage of that data can be based outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented;
If you would like to find out more about our safeguards please contact us at email@example.com.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers including Contact, Identity, Financial and Transaction Data for six years after they cease being customers for tax and legal purposes. In some circumstances you can ask us to delete your data: see “Your data protection rights” below for further information.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You can:
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you wish to exercise any of the rights set out above, please contact us.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. The ICO website is https://ico.org.uk.
Where we make changes to our privacy notice we shall let you know. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This version was last updated: May 2022.