GDPR Compliance

Information about how we comply with the General Data Protection Regulation

Our Commitment to GDPR

copper-shift is committed to complying with the General Data Protection Regulation (GDPR) and UK data protection law. We process personal data lawfully, fairly, and transparently.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to fulfill a service contract with you
  • Legitimate interests: When we have a legitimate business interest that doesn't override your rights
  • Legal obligation: When we must process data to comply with legal requirements

Data Controller

copper-shift is the data controller responsible for your personal information. Our contact details are:

copper-shift
Unit 7, Greenfield Business Park
Holywell Green, Halifax HX4 9BR
United Kingdom
Email: [email protected]

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to access: Request copies of your personal data
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Request transfer of your data to another organization
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: Protection from decisions based solely on automated processing

How to Exercise Your Rights

To exercise any of your GDPR rights, contact us at [email protected] with:

  • Your full name and contact information
  • Description of the right you wish to exercise
  • Any relevant details to help us locate your information

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any extension.

Data Processing Activities

We process personal data for the following purposes:

  • Responding to inquiries and service requests
  • Providing ecological consulting and restoration services
  • Managing client relationships and projects
  • Complying with legal and regulatory obligations

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Typical retention periods include:

  • Inquiry data: 2 years from last contact
  • Client project data: 7 years after project completion
  • Financial records: 7 years as required by UK law

International Data Transfers

We do not routinely transfer personal data outside the UK. If international transfers become necessary, we will ensure appropriate safeguards are in place as required by GDPR.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Secure data storage systems
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: www.ico.org.uk
Helpline: 0303 123 1113

Updates to This Information

We may update this GDPR information periodically to reflect changes in our practices or legal requirements. Please review this page regularly.