GDPR Compliance

Our commitment to protecting your personal data

About This Page

This page provides specific information about how Neoplastic Hub Ltd complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It supplements our main Privacy Policy with additional details about your rights and our data protection practices.

Data Controller

Neoplastic Hub Ltd is the data controller responsible for your personal information. This means we determine how and why your data is processed.

Neoplastic Hub Ltd
Company Number: 07234891
Registered Address: Unit 14-16 Makers Yard, Thorneycroft Lane, Leicester, LE3 5GH
Data Protection Contact: [email protected]

Lawful Bases for Processing

The UK GDPR requires us to identify a lawful basis before processing personal data. We rely on the following bases depending on the processing activity:

Contractual Necessity

When you purchase products or book workshops, we process your personal data to fulfil our contractual obligations to you. This includes processing orders, arranging deliveries, managing bookings, and providing customer service related to your purchases.

Legitimate Interests

Certain processing activities support our legitimate business interests, provided these do not override your rights and freedoms. Examples include:

  • Maintaining records of customer interactions for quality and training purposes
  • Analysing how customers use our website to improve user experience
  • Preventing fraud and ensuring security of our systems
  • Administering and managing our business operations

We conduct balancing tests to ensure our interests do not unduly impact your privacy rights.

Consent

Where we send marketing communications or place non-essential cookies, we rely on your consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Legal Obligation

We process certain data to comply with legal requirements, including tax and accounting regulations, consumer protection laws, and responding to legitimate requests from authorities.

Your Data Subject Rights

Under UK GDPR, you have comprehensive rights over your personal data:

Right to Access

You may request confirmation of whether we process your personal data and, if so, obtain a copy of that data along with supplementary information about how we use it. This is commonly known as a Subject Access Request (SAR).

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We aim to update records promptly upon receiving your request.

Right to Erasure

Also known as the "right to be forgotten", you may request deletion of your personal data in certain circumstances—for example, when the data is no longer necessary for its original purpose, or when you withdraw consent. Note that legal obligations or legitimate interests may require us to retain some information.

Right to Restrict Processing

You can ask us to limit how we use your data while we address concerns about its accuracy, our legal basis for processing, or while considering an objection you have raised.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may receive your personal data in a structured, commonly used format and have it transmitted to another controller.

Right to Object

You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests. You can object to direct marketing at any time, and we will stop without question.

Rights Related to Automated Decision-Making

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects. Should this change, we will inform you and provide appropriate safeguards.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. Include sufficient information for us to verify your identity and specify which right you wish to exercise.

We will respond within one month of receiving your request. If your request is complex or we receive many requests, we may extend this by up to two months, but we will inform you within the initial month.

There is no fee for most requests. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.

Data Protection Principles

Our data handling practices adhere to the UK GDPR's core principles:

  • Lawfulness, fairness, and transparency: We process data legally and openly
  • Purpose limitation: Data is collected for specified, legitimate purposes
  • Data minimisation: We collect only what is necessary
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: Data is retained only as long as needed
  • Integrity and confidentiality: Appropriate security measures protect data
  • Accountability: We can demonstrate compliance with these principles

Data Security Measures

We implement technical and organisational measures appropriate to the risks involved in our processing activities:

  • Encryption of data in transit using TLS/SSL protocols
  • Secure storage with access controls and authentication
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Incident response procedures for potential breaches

Data Breach Procedures

In the unlikely event of a personal data breach, we have procedures to:

  • Assess the risk to individuals' rights and freedoms
  • Notify the Information Commissioner's Office within 72 hours where required
  • Communicate directly with affected individuals when the breach poses high risk
  • Document all breaches and our responses

International Data Transfers

When personal data is transferred outside the United Kingdom, we ensure adequate protection through:

  • Transfers to countries with adequate data protection (recognised by UK authorities)
  • Standard Contractual Clauses approved by the ICO
  • Other appropriate safeguards as required by law

Complaints

If you are dissatisfied with how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our GDPR compliance regularly and update this page as necessary. Check back periodically for any changes.