Our commitment to data protection under the UK General Data Protection Regulation.
Last updated: January 2024
crisp-speed is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about how we meet our obligations under these regulations.
crisp-speed acts as the data controller for personal information collected through our website and in the course of providing ecological consulting services. Our contact details are:
crisp-speed
Unit 14, Greenfield Business Centre
Harrogate Road
Leeds LS17 8QP
United Kingdom
Email: [email protected]
We process personal data only when we have a lawful basis to do so. The bases we rely on include:
When you engage our services, we process your data as necessary to fulfil our contractual obligations. This includes preparing quotes, conducting surveys, producing reports, and communicating about project progress.
We may process data for our legitimate business interests, such as improving our services, maintaining security, and preventing fraud. We always balance these interests against your rights and freedoms.
We process certain data to comply with legal requirements, including tax obligations, professional indemnity requirements, and responses to lawful requests from authorities.
Where we rely on consent, you have the right to withdraw it at any time. This applies to marketing communications and certain optional data processing activities.
Under UK GDPR, you have the following rights:
You can request a copy of the personal data we hold about you. We will respond within one month of your request. There is no charge for this unless your request is manifestly unfounded or excessive.
You can request that we correct any inaccurate personal data or complete any incomplete data we hold about you.
You can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purpose it was collected, or you withdraw consent.
You can request that we limit how we use your data while a complaint is being investigated or if you have objected to processing.
You can request a copy of your data in a structured, commonly used, machine-readable format, and request we transfer it to another controller.
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
We do not make decisions based solely on automated processing that produce legal effects concerning you.
To exercise any of your rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond within one month, or inform you if an extension is needed.
Where processing is likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments to identify and minimise risks.
We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay.
If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner, or transfers to countries with adequacy decisions.
We retain personal data only for as long as necessary. Our standard retention periods are:
If you have concerns about how we handle your data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
We review our GDPR compliance procedures regularly and update this page as necessary. The date at the top of this page indicates when it was last revised.