GDPR Information

General Data Protection Regulation Compliance

Data Controller

crimson-hike Environmental Consulting acts as the data controller for personal information collected through this website and in the course of providing our services. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you submit an inquiry form, you provide explicit consent for us to process your information to respond to your request.
• Contractual Necessity: Processing is necessary for the performance of professional services you have engaged us to provide.
• Legitimate Interests: We may process data where necessary for our legitimate business interests, provided these do not override your fundamental rights.

Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: You can request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to Rectification: You can request correction of inaccurate or incomplete personal data.
• Right to Erasure: You can request deletion of your personal data under certain circumstances.
• Right to Restriction: You can request that we restrict processing of your personal data in specific situations.
• Right to Data Portability: You can request to receive your personal data in a structured, commonly used format.
• Right to Object: You can object to processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Inquiry data is typically retained for three years after the last contact unless you are an active client, in which case data is retained for the duration of our professional relationship plus seven years for regulatory compliance purposes.

International Data Transfers

Your personal data is stored and processed within the United Kingdom. We do not transfer personal data outside the UK or European Economic Area unless necessary for service delivery and appropriate safeguards are in place.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments. Despite these measures, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and will report the breach to the relevant supervisory authority within 72 hours of becoming aware of it.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two months for complex requests. We may request additional information to verify your identity before processing your request.

Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters.

Contact

For questions about our GDPR compliance or to exercise your data protection rights, contact us at [email protected].