Our Commitment to Data Protection
neon-element is committed to protecting your personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018.
This page provides specific information about your rights as a data subject and how we comply with GDPR requirements.
Data Controller Information
Data Controller: neon-element
Address: Unit 7, Industrial Park, Bristol BS2 0QR, United Kingdom
Email: [email protected]
Your Data Subject Rights
Right to Be Informed
You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy and this GDPR statement.
Right of Access
You can request a copy of the personal data we hold about you. This is commonly known as a "subject access request" and allows you to:
- Confirm whether we are processing your personal data
- Receive a copy of your personal data
- Understand how we process your data
We will respond to valid requests within one month. There is no charge for this service unless your request is manifestly unfounded or excessive.
Right to Rectification
If you believe personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will respond within one month and notify any third parties with whom we have shared the data.
Right to Erasure
Also known as the "right to be forgotten," you can request deletion of your personal data in specific circumstances:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Erasure is required for compliance with a legal obligation
This right is not absolute. We may need to retain certain information for legal compliance or legitimate business purposes.
Right to Restriction of Processing
You can request that we limit how we use your personal data in specific situations:
- You contest the accuracy of the data
- Processing is unlawful but you prefer restriction to erasure
- We no longer need the data but you require it for legal claims
- You have objected to processing pending verification of our legitimate grounds
Right to Data Portability
You can request to receive your personal data in a structured, commonly used, and machine-readable format. This applies to data:
- You provided to us
- Processed based on consent or contract
- Processed by automated means
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not currently employ automated decision-making processes.
How to Exercise Your Rights
To exercise any of these rights, contact us via:
- Email: [email protected]
- Post: Unit 7, Industrial Park, Bristol BS2 0QR, United Kingdom
We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests.
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: You have given clear consent for specific processing purposes
- Contract: Processing is necessary for a contract with you
- Legal obligation: Processing is necessary to comply with the law
- Legitimate interests: Processing is necessary for our legitimate interests, provided these do not override your rights
International Data Transfers
We primarily process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place in accordance with GDPR requirements.
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, in compliance with GDPR requirements.
Data Protection Officer
For organisations of our size, appointment of a dedicated Data Protection Officer is not required. Data protection enquiries should be directed to [email protected]
Complaints and Supervisory Authority
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Updates to This Statement
We may update this GDPR information to reflect changes in our practices or legal requirements. We encourage you to review this page periodically.