GDPR Compliance

Our Commitment to GDPR

fervent-issuer is committed to full compliance with the General Data Protection Regulation (GDPR). We respect your rights regarding personal data and have implemented comprehensive measures to ensure lawful, transparent, and secure data processing.

Data Controller Information

Data Controller: fervent-issuer
Address: 47 Thornbury Lane, Bristol BS7 8PQ, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis under GDPR Article 6:

1. Consent (Article 6(1)(a))

When you provide clear, informed consent for specific purposes such as:

• Marketing communications
• Newsletter subscriptions
• Optional data collection beyond service requirements

2. Contract Performance (Article 6(1)(b))

When processing is necessary to fulfill our contractual obligations:

• Processing service requests and consultations
• Project execution and delivery
• Payment processing
• Warranty administration

3. Legal Obligation (Article 6(1)(c))

When required by UK or EU law:

• Tax and accounting records
• Health and safety documentation
• Building regulations compliance

4. Legitimate Interests (Article 6(1)(f))

When necessary for our legitimate business interests while respecting your rights:

• Website analytics and improvement
• Fraud prevention
• Network and information security

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15)

You can request confirmation of whether we process your data and obtain a copy of that data.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data when:

• Data is no longer necessary for its original purpose
• You withdraw consent and no other legal basis exists
• You object and no overriding legitimate grounds exist
• Data has been unlawfully processed

Right to Restriction of Processing (Article 18)

You can request limitation of data processing in certain circumstances.

Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Right Not to Be Subject to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected] with:

• Your full name and contact information
• Description of your request
• Proof of identity (to prevent unauthorized access)

We will respond to valid requests within one month. Complex requests may require up to three months, and we will inform you of any extension.

Data Protection Principles

We adhere to GDPR's core principles (Article 5):

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it incompatibly with those purposes.

Data Minimization

We collect only data that is adequate, relevant, and limited to what is necessary.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date.

Storage Limitation

We retain data only as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality

We implement appropriate security measures to protect against unauthorized or unlawful processing and accidental loss.

Accountability

We are responsible for demonstrating compliance with these principles.

Data Security Measures

We implement technical and organizational measures pursuant to Article 32:

• Encryption of data in transit and at rest
• Regular security testing and assessment
• Access controls and authentication protocols
• Staff training on data protection
• Incident response procedures
• Regular backup and disaster recovery planning

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware
• Inform affected individuals without undue delay if the breach poses a high risk
• Document all breaches and our response

International Data Transfers

We primarily process data within the UK and EU. Any transfers to third countries will be protected by appropriate safeguards such as:

• Adequacy decisions
• Standard contractual clauses
• Binding corporate rules

Third-Party Processors

We work with carefully selected third-party processors who provide adequate guarantees of GDPR compliance. Data processing agreements are in place with all processors.

Children's Data

We do not knowingly process personal data of individuals under 18 years of age. Our services are directed at adults.

Updates to This Information

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. The "Last updated" date will be revised accordingly.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk

Contact Us

For questions about GDPR compliance or to exercise your rights:

Email: [email protected]