GDPR Compliance

How we protect your data rights under UK GDPR

Our Commitment to Data Protection

Secure Branch Limited is committed to complying with the UK General Data Protection Regulation and Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented comprehensive measures to protect your personal information.

Data Controller Information

For the purposes of UK GDPR, the data controller is:

Secure Branch Limited
Unit 14, Aston Science Park
Love Lane, Birmingham B7 4BJ
United Kingdom
Company Registration: 10847293
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis under Article 6 of UK GDPR:

Consent

When you provide explicit consent for specific processing activities, such as receiving marketing communications. You may withdraw consent at any time by contacting us or using unsubscribe links in our emails.

Contract Performance

When processing is necessary to fulfill a contract with you, including:

  • Providing quotations and proposals
  • Conducting site assessments
  • Installing and commissioning charging infrastructure
  • Delivering maintenance and support services
  • Processing payments

Legal Obligation

When we must process data to comply with legal requirements, such as:

  • Maintaining financial records for tax purposes
  • Complying with electrical safety regulations
  • Responding to lawful requests from regulatory authorities
  • Maintaining records for warranty and liability purposes

Legitimate Interests

When processing is necessary for legitimate business interests, provided these interests do not override your fundamental rights:

  • Responding to general inquiries
  • Improving our services based on feedback
  • Preventing fraud and ensuring security
  • Managing business operations efficiently

Your Rights Under GDPR

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This GDPR page and our Privacy Policy fulfill this obligation by explaining our data practices transparently.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this information within one month of receiving your request, free of charge. The data will be provided in a commonly used electronic format.

Right to Rectification

If you believe personal data we hold is inaccurate or incomplete, you can request corrections. We will update our records promptly and notify any third parties with whom we have shared the data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

This right is not absolute. We may need to retain data to comply with legal obligations or establish legal claims.

Right to Restrict Processing

You can request that we limit how we use your data in specific situations:

  • You contest the accuracy of the data while we verify it
  • Processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing while we verify legitimate grounds

Right to Data Portability

You can request that we transfer data you provided to another organization, or provide it to you in a structured, commonly used, machine-readable format. This applies when processing is based on consent or contract performance and is carried out by automated means.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. For marketing, we will stop processing immediately upon request. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects. Should this change, you will have the right to request human intervention, express your point of view, and challenge decisions made solely by automated means.

How to Exercise Your Rights

To exercise any of the rights described above, please contact us:

  • Email: [email protected]
  • Post: Data Protection Officer, Secure Branch Limited, Unit 14, Aston Science Park, Love Lane, Birmingham B7 4BJ

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any delay.

Data Security Measures

We implement appropriate technical and organizational measures to protect personal data:

Technical Safeguards

  • Encryption of data in transit using SSL/TLS protocols
  • Encrypted storage for sensitive information
  • Regular security updates and patch management
  • Secure backup systems with access controls
  • Network security measures including firewalls and intrusion detection

Organizational Safeguards

  • Access controls limiting data access to authorized personnel only
  • Confidentiality agreements with employees and contractors
  • Regular staff training on data protection practices
  • Clear data retention and deletion policies
  • Incident response procedures for data breaches

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and steps being taken
  • Offer guidance on measures you can take to protect yourself

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place:

  • Transfers to countries with adequacy decisions recognizing equivalent data protection
  • Standard contractual clauses approved by UK authorities
  • Binding corporate rules for transfers within corporate groups

We will inform you if your data will be transferred internationally and the safeguards applied.

Children's Privacy

Our services are directed at businesses rather than individuals. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected such data, we will delete it promptly.

Data Protection Impact Assessments

For processing activities that pose high risks to individual rights, we conduct Data Protection Impact Assessments to identify and mitigate risks. This includes evaluating new technologies or processing methods before implementation.

Accountability and Governance

We maintain comprehensive documentation demonstrating compliance with GDPR principles:

  • Records of processing activities
  • Data protection policies and procedures
  • Training records for staff
  • Contracts with data processors
  • Documentation of consent where applicable

Supervisory Authority

The supervisory authority responsible for monitoring GDPR compliance in the UK is:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

You have the right to lodge a complaint with the ICO if you believe your data protection rights have been violated. We encourage you to contact us first so we can address your concerns directly.

Updates to This Information

We review our GDPR compliance regularly and update this page to reflect any changes in our practices or legal requirements. Significant updates will be communicated to active clients via email.

Further Information

For additional details about how we handle personal data, please refer to our Privacy Policy. If you have specific questions about GDPR compliance or data protection, contact our team at [email protected].