nightfall-hound

GDPR Compliance

Our commitment to data protection under UK GDPR

Our Commitment to Data Protection

nightfall-hound is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we comply with these regulations and respect your data protection rights.

Data Controller Information

nightfall-hound acts as the data controller for personal information collected through our website and consultation services.

Contact details:
Email: [email protected]
Address: 47 Kensington Gardens, Bloomsbury, London WC1N 2EH, United Kingdom

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so under UK GDPR:

  • Consent: You have given clear consent for us to process your personal data for specific purposes, such as when submitting a consultation request
  • Contract: Processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and fundamental rights do not override those interests

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided through our Privacy Policy and this GDPR Compliance page.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month of receipt.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion of that data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing of your personal data when we rely on legitimate interests as our lawful basis. You also have an absolute right to object to processing for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling in our consultation services. If this changes, we will update this page and inform affected individuals.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. When making a request, please include:

  • Your full name and contact information
  • Clear description of the right you wish to exercise
  • Any relevant details that will help us locate your data

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection obligations
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR.

International Data Transfers

We primarily store and process your data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR, such as:

  • Adequacy decisions
  • Standard contractual clauses
  • Binding corporate rules

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Our standard retention periods are:

  • Consultation requests and correspondence: 3 years from last contact
  • Website analytics data: 26 months
  • Cookie data: As specified in our Cookie Policy

Third-Party Processors

When we use third-party service providers who process personal data on our behalf, we ensure:

  • They only process data according to our documented instructions
  • Appropriate data processing agreements are in place
  • They implement appropriate security measures
  • They assist us in meeting our GDPR obligations

Children's Data

Our services are not directed at children under 16. We do not knowingly collect or process personal data from individuals under 16 without appropriate parental or guardian consent.

Updates to This Information

We may update this GDPR Compliance information periodically. Any changes will be posted on this page with an updated revision date.

Complaints

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

However, we encourage you to contact us first so we can attempt to resolve any concerns directly.