Your data protection rights under UK GDPR
Coral Glen Environmental Consulting is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and protect your rights.
Coral Glen Environmental Consulting is the data controller responsible for your personal data. Our contact details are:
Coral Glen Environmental Consulting
47 Greenfield Lane
Bristol, BS8 2QT
Email: [email protected]
We adhere to the following principles when processing personal data:
You have the right to know how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.
You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request.
If you believe information we hold about you is inaccurate or incomplete, you can request correction. We will respond within one month.
Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.
You can request that we limit how we use your data while concerns are being investigated or resolved.
Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
We do not make decisions based solely on automated processing that produce legal effects or similarly significantly affect you.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by up to two months for complex requests.
We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.
Where we use third-party service providers who process data on our behalf, we ensure appropriate contracts are in place that meet UK GDPR requirements. These processors are bound by confidentiality obligations and may only use data as instructed by us.
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
We maintain records of our processing activities as required under Article 30 of UK GDPR, including the purposes of processing, categories of data subjects and personal data, recipients, and retention periods.
All staff members who handle personal data receive appropriate training on data protection principles and practices.
If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We review our data protection practices regularly and may update this page accordingly. Significant changes will be communicated through our website.