GDPR Compliance
Your Rights, Our Commitment

We are committed to protecting your personal data and ensuring full compliance with UK GDPR and EU GDPR regulations. Learn about your rights and our obligations.

Last updated: January 2, 2025

GDPR Compliance Overview

Understanding UK GDPR and EU GDPR compliance

UK GDPR Compliance

We comply with the UK General Data Protection Regulation (UK GDPR), which governs data protection in the United Kingdom after Brexit.

  • Data Protection Act 2018
  • ICO guidelines and requirements
  • UK-specific data protection standards
  • Cross-border data transfer regulations

EU GDPR Compliance

We also comply with the EU General Data Protection Regulation for our EU customers and users.

  • EU GDPR Regulation 2016/679
  • European Data Protection Board guidelines
  • Adequacy decisions for data transfers
  • EU representative requirements

Your Data Protection Rights

Under UK GDPR and EU GDPR, you have the following rights

Right of Access

You have the right to request copies of your personal data that we hold about you.

  • What personal data we hold
  • Why we process it
  • How long we keep it
  • Who we share it with

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

  • Correct inaccurate information
  • Complete incomplete data
  • Update your details
  • Verify corrections

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

  • Data no longer necessary
  • Withdraw consent
  • Unlawful processing
  • Object to processing

Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances.

  • Contest accuracy
  • Unlawful processing
  • Object to processing
  • Establish legal claims

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format.

  • Machine-readable format
  • Transfer to another service
  • Direct transmission
  • Common formats (CSV, JSON)

Right to Object

You have the right to object to processing based on legitimate interests or for marketing.

  • Legitimate interest processing
  • Direct marketing
  • Profiling activities
  • Scientific research

Legal Basis for Processing

We process your personal data under the following legal bases

Contract Performance

Processing necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.

Examples:
  • Providing POS services
  • Processing payments
  • Customer support
  • Account management

Consent

You have given clear consent for us to process your personal data for specific purposes.

Examples:
  • Marketing communications
  • Analytics cookies
  • Optional features
  • Newsletter subscriptions

Legitimate Interests

Processing necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests.

Examples:
  • Service improvement
  • Fraud prevention
  • Security measures
  • Business analytics

Legal Obligation

Processing necessary for compliance with a legal obligation to which we are subject.

Examples:
  • Tax compliance
  • Financial reporting
  • Regulatory requirements
  • Court orders

Data Protection Measures

How we protect your personal data

Technical Measures

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Role-based access and authentication
  • Network Security: Firewalls and intrusion detection
  • Regular Updates: Security patches and updates
  • Backup Systems: Secure data backup and recovery
  • Monitoring: Continuous security monitoring

Organizational Measures

  • Staff Training: Regular data protection training
  • Policies: Comprehensive data protection policies
  • Access Management: Limited access on need-to-know basis
  • Incident Response: Data breach response procedures
  • Audits: Regular compliance audits
  • Documentation: Detailed processing records

International Data Transfers

How we handle data transfers outside the UK/EU

Adequate Protection

We ensure adequate protection for international data transfers through:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU Commission approved SCCs
  • Binding Corporate Rules: Internal data protection rules
  • Certification Schemes: Approved certification mechanisms

Data Location

Your data is primarily processed within:

  • Primary: United Kingdom
  • Secondary: European Economic Area
  • Third-Party Services: Only with adequate safeguards
  • Backup: Secure locations with same protection level

Contact & Complaints

How to exercise your rights or make a complaint

Exercise Your Rights

To exercise any of your data protection rights, contact us:

Email: privacy@posable.co.uk

Address:
Posable Ltd
5 Beach Road
Perranporth, Cornwall
TR6 0JL, United Kingdom

Response Time: We will respond to your request within one month of receipt.

Make a Complaint

If you believe we have not handled your data properly, you can complain to:

UK Users:
Information Commissioner's Office (ICO)
0303 123 1113

EU Users:
Your local data protection authority
Find your authority

Right to Compensation: You may be entitled to compensation for material or non-material damage.