GDPR | caribou-muse

Last updated: January 2024

Our Commitment to GDPR

caribou-muse is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we fulfil our obligations and respect your data protection rights.

Data Controller

caribou-muse acts as the data controller for personal information collected through our website and services. We determine the purposes and means of processing your personal data.

Contact:
caribou-muse
15 Colmore Row
Birmingham, B3 2BH
Email: [email protected]

Lawful Bases for Processing

We process personal data under the following lawful bases:

Consent: Where you have given clear consent for us to process your personal data for a specific purpose
Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
Legal obligation: Where processing is necessary for compliance with a legal obligation
Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this within one month of your request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

In certain circumstances, you have the right to request that we delete your personal data. This right is not absolute and may be subject to legal retention requirements.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

Where technically feasible, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you. We do not currently use automated decision-making in our services.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, this may be extended by a further two months, in which case we will inform you.

Data Protection Officer

Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer. However, our management team is responsible for overseeing data protection compliance.

International Transfers

We do not routinely transfer personal data outside the United Kingdom. Should any transfer be necessary, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and, where required, inform affected individuals without undue delay.

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.