GDPR Compliance

Our Commitment to Data Protection

Lively Gearbox Technology Solutions Ltd is committed to protecting the fundamental rights and freedoms of individuals in relation to the processing of their personal data. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page provides information specifically about our GDPR compliance measures. For comprehensive details about how we handle personal data, please refer to our Privacy Policy.

Our Role as Data Controller and Processor

Depending on the context, we may act as either a data controller or data processor:

As a Data Controller

We act as the data controller when we determine the purposes and means of processing personal data. This includes data we collect through our website, from enquiries, and during the course of our business operations.

As a Data Processor

When we provide services to clients that involve processing personal data on their behalf, we act as a data processor. In these circumstances, we process data only according to our clients' documented instructions and in compliance with applicable data protection laws.

We maintain data processing agreements with all clients for whom we process personal data, clearly establishing responsibilities and ensuring compliance with Article 28 of the UK GDPR.

Data Protection Principles

We adhere to the core principles of the UK GDPR in all our data processing activities:

• Lawfulness, fairness, and transparency: We process data lawfully and are transparent about how we use personal information
• Purpose limitation: We collect data for specified, explicit purposes and do not process it in ways incompatible with those purposes
• Data minimisation: We limit data collection to what is necessary for the stated purpose
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date
• Storage limitation: We retain data only for as long as necessary for the purposes of processing
• Integrity and confidentiality: We implement appropriate security measures to protect personal data
• Accountability: We document our processing activities and can demonstrate compliance

Legal Bases for Processing

We ensure that all processing of personal data is supported by a valid legal basis under Article 6 of the UK GDPR:

• Contract: Processing necessary to fulfil contractual obligations or pre-contractual steps
• Legitimate interests: Processing necessary for our legitimate business interests, where these don't override individual rights
• Legal obligation: Processing required by law
• Consent: Processing based on freely given, specific, informed consent

We document the legal basis for each processing activity and are prepared to provide this information upon request.

Your Rights Under UK GDPR

The UK GDPR provides individuals with specific rights regarding their personal data. We are committed to upholding these rights:

Technical and Organisational Measures

We implement appropriate security measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Staff training on data protection and security awareness
• Incident response procedures and breach notification processes
• Physical security measures at our premises
• Supplier due diligence and contractual protections

Our ISO 27001 certification demonstrates our commitment to maintaining robust information security management systems.

International Data Transfers

Where we transfer personal data outside the UK, we ensure adequate protection through:

• Transfers to countries with an adequacy decision from the UK Government
• Implementation of UK International Data Transfer Agreements or Standard Contractual Clauses
• Assessment of supplementary measures where required

We maintain records of all international transfers and the safeguards in place.

Data Breach Response

We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach that poses a risk to individuals' rights and freedoms:

• We will notify the Information Commissioner's Office within 72 hours of becoming aware
• We will notify affected individuals without undue delay where there is a high risk to their rights and freedoms
• We will document all breaches and our response actions

Records of Processing Activities

As required by Article 30 of the UK GDPR, we maintain detailed records of our processing activities. These records include information about data categories, purposes, recipients, transfers, retention periods, and security measures.

Exercising Your Rights

To exercise any of your data protection rights, please contact us using the details below. We will respond to your request within one month. In exceptional circumstances, we may extend this by a further two months, in which case we will inform you of the extension and the reasons for it.

There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

Supervisory Authority

The supervisory authority for data protection in the United Kingdom is the Information Commissioner's Office (ICO). If you are not satisfied with our response to a data protection matter, you have the right to lodge a complaint with the ICO: