Your data protection rights under UK GDPR
Last updated: January 2024
Bright Bundle is committed to protecting and respecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we handle your personal data and outlines your rights under these regulations.
Bright Bundle is the data controller responsible for your personal data. If you have any questions about this policy or our data protection practices, please contact us at:
Bright Bundle
47 Greenfield Lane
Woking, Surrey GU21 4PH
Email: [email protected]
We process your personal data under the following lawful bases:
Under UK GDPR, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making processes.
To exercise any of your rights, please contact us using the details above. We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We primarily store and process your data within the United Kingdom. If we transfer your data outside the UK, we will ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance page from time to time. Any changes will be posted on this page with an updated revision date.