Your data protection rights under UK GDPR
Last updated: January 2024
fresh-swish is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take data protection seriously and have implemented measures to ensure your personal data is handled lawfully, fairly, and transparently.
fresh-swish acts as the Data Controller for personal information collected through our website and services. As the Data Controller, we determine the purposes and means of processing personal data.
Contact details:
fresh-swish
47 Greenfield Lane
Cambridge CB2 8QT
Email: [email protected]
Under UK GDPR, we must have a valid legal basis to process your personal data. We rely on the following lawful bases:
UK GDPR provides you with specific rights regarding your personal data:
You have the right to obtain confirmation that we are processing your personal data and to access that data along with information about how it is processed.
You have the right to have inaccurate personal data corrected and incomplete data completed.
Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including when it is no longer necessary for the purpose it was collected.
You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
You can object to processing based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not use automated decision-making in our services.
To exercise any of your data protection rights, please contact us:
We will respond to your request within one month. This period may be extended by two further months where necessary, depending on the complexity of the request. We will inform you of any such extension within one month of receiving your request.
We will provide information free of charge. However, we may charge a reasonable fee for repetitive, manifestly unfounded, or excessive requests.
Where required under UK GDPR, we conduct Data Protection Impact Assessments (DPIAs) before undertaking processing that is likely to result in high risk to individuals' rights and freedoms.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We primarily process data within the United Kingdom. If we need to transfer your data outside the UK, we will ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved transfer mechanisms.
Given the nature and scale of our data processing activities, we have not appointed a Data Protection Officer. However, you may contact us with any data protection queries at [email protected].
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first so we can try to resolve any issues.
We may update this GDPR compliance notice periodically. The updated version will be indicated by an updated "Last updated" date. Significant changes will be communicated to you where appropriate.