GDPR Compliance

nifty-wheels Ltd is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and explains your rights as a data subject.

Our Data Protection Principles

In accordance with the UK GDPR, we adhere to the following principles when processing personal data:

• Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.
• Data minimisation: We ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date.
• Storage limitation: We keep personal data in a form that permits identification for no longer than necessary.
• Integrity and confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.
• Accountability: We are responsible for and can demonstrate compliance with these principles.

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to upholding these rights:

Right to Be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page, explaining what data we collect, why we collect it, and how we use it.

Right of Access

You have the right to obtain confirmation that your data is being processed and to access your personal data. Upon request, we will provide a copy of your personal data free of charge within one month.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will respond to rectification requests within one month.

Right to Erasure

Also known as the "right to be forgotten," you can request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests, direct marketing, and processing for research or statistical purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not currently engage in automated decision-making that falls under this provision.

How We Handle Data Subject Requests

We have procedures in place to handle requests from data subjects efficiently and within the required timeframes:

• We will respond to most requests within one month of receipt
• If a request is complex or we receive numerous requests, we may extend the response period by up to two additional months, informing you within one month of the reason for the delay
• We will verify your identity before processing your request to protect your data from unauthorised access
• There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests

Data Protection Officer

While we are not legally required to appoint a Data Protection Officer under UK GDPR, we have designated a member of our leadership team to oversee data protection compliance. For all data protection matters, please contact:

Email: [email protected]

Post: Data Protection Lead, nifty-wheels Ltd, Floor 4, The Hive, 47 Lever Street, Manchester M1 1FN

Data Processing Activities

We maintain records of our processing activities as required under Article 30 of the UK GDPR. These records include:

• The purposes of processing
• Categories of data subjects and personal data
• Categories of recipients
• International transfers and associated safeguards
• Retention periods
• Security measures in place

Data Protection Impact Assessments

Where processing is likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise data protection risks.

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach likely to result in risk to individuals, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in high risk, we will also notify affected individuals without undue delay.

International Data Transfers

When we transfer personal data outside the United Kingdom, we ensure adequate protection through:

• Transfers to countries with adequacy decisions
• Standard Contractual Clauses approved by the ICO
• Binding Corporate Rules where applicable
• Other appropriate safeguards as permitted under UK GDPR

Training and Awareness

All our staff receive data protection training as part of their induction and regular refresher training thereafter. This ensures everyone understands their responsibilities under UK GDPR and our internal policies.

Submitting a Request

To exercise any of your data protection rights, please contact us using the details below. Please provide sufficient information to verify your identity and specify which right you wish to exercise.

Email: [email protected]

Post: Data Protection Lead, nifty-wheels Ltd, Floor 4, The Hive, 47 Lever Street, Manchester M1 1FN

Complaints

If you believe we have not handled your personal data properly or have not adequately addressed your concerns, you have the right to lodge a complaint with the Information Commissioner's Office:

Website: nifty-wheels.com

Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first so we can attempt to resolve your issue.