Last updated August 14, 2023
<aside> 👋 Table of contents
</aside>
The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other data protection regulations is:
Business Smart Solutions Ltd.
20-22 Wenlock Road
London, N1 7GU
United Kingdom
0204 529 1139
www.businesssmartsolutions.co.uk
The designated data protection officer is:
Ben Moreton
CEO
Business Smart Solutions Ltd
0204 529 1139
Scope of processing personal data
In general, we only process the personal data of our users to the extent necessary to provide a functioning website with our content and services. The regular processing of personal data only takes place with the consent of the user. Exceptions include cases where prior consent cannot be technically obtained and where the processing of the data is permitted by law.
Legal basis for data processing
Where consent is appropriate for processing personal data, Art. 6 (1) (1) (a) GDPR serves as the legal basis to obtain the consent of the data subject for the processing of their data.
As for the processing of personal data required for the performance of a contract of which the data subject is party, Art. 6 (1) (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual activities.
When it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, Art. 6 (1) (1) (c) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (1) (d) GDPR serves as the legal basis.
If the processing of data is necessary to safeguard the legitimate interests of our company or that of a third party, and the fundamental rights and freedoms of the data subject do not outweigh the interest of the former, Art. 6 (1) (1) (f) GDPR will serve as the legal basis for the processing of data.
Data removal and Storage Duration
The personal data of the data subject will be erased or restricted as soon as the purpose of its storage has been accomplished. Additional storage may occur if this is provided for by the European or national legislator within the EU regulations, law, or other relevant regulations to which the data controller is subject. Restriction or erasure of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.
In compliance with ISO 9001 standards, we maintain detailed records of all personal data processing activities. These records are systematically reviewed to ensure accuracy, completeness, and compliance with both legal obligations and our commitment to quality management
To ensure compliance with legal requirements and to meet our operational needs, Business Smart Solutions Ltd. adheres to the following data retention periods:
Please note that the retention periods may be subject to change based on legal and regulatory updates or organizational policy revisions.
Information Security Measures
We employ comprehensive information security measures to protect personal data against unauthorized access, alteration, and destruction. This includes robust encryption, access controls, and regular security assessments in line with ISO 27001 standards.
Data Handling Access to personal data is strictly controlled and limited to authorized personnel only. We implement stringent access control measures to ensure that personal data is handled and processed only by individuals who have undergone proper training and clearance.
Feedback
We value customer feedback and consider it essential for improving our data protection practices. Your suggestions help us better safeguard your personal data and enhance the overall quality of our services
When your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:
Right of access (Art. 15 GDPR)
You may request the data controller to confirm whether your personal data is processed by them.
If such processing occurs, you can request the following information from the data controller:
Right to rectification (Art. 16 GDPR)
You have a right to rectification and/or modification of the data, if your processed personal data is incorrect or incomplete. The data controller must correct the data without delay
Right to the restriction of processing (Art. 18 GDPR)
You may request the restriction of the processing of your personal data under the following conditions:
Right to erasure ("Right to be forgotten") (Art. 17 GDPR)
If you request from the data controller to delete your personal data without undue delay, they are required to do so immediately if one of the following applies:
The right to deletion does not exist if the processing is necessary
Right to data portability
You have the right to receive your personal data given to the data controller in a structured and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the data controller who was initially given the data, if:
Right to object
For reasons that arise from your particular situation, you have, at any time, the right to object to the processing of your personal data pursuant to Art. 6 (1) (1) (e) or 6 (1) (1) (f) GDPR; this also applies to profiling based on these provisions.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data in regard to such advertising; this also applies to profiling associated with direct marketing.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR. A list, of the locally competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link:Â https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
You have the right to lodge a complaint about the processing of your personal data with a data protection supervisory authority. Austrian Data Protection Authority Barichgasse 40-42 1030 Vienna Phone: +43 1 52 152-0 E-mail: dsb@dsb.gv.at
Data Breach Notification In the unlikely event of a data breach, we are committed to promptly notifying affected individuals and relevant authorities in accordance with GDPR requirements. Our incident response plan outlines the steps we take to address and mitigate any breach, ensuring the ongoing protection of personal data.
Description and scope of data processing
You can subscribe to a newsletter on our website free of charge. When subscribing for the newsletter, the data from the input mask is transmitted to us.
No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.
Purpose of data processing
The user's email address is collected to deliver the newsletter to the recipient.
Additional personal data as part of the registration process is collected to prevent misuse of the services or email address.
Legal basis for data processing
The legal basis for the processing of data provided by the user after registration for the newsletter is Art. 6 (1) (1) (a) GDPR if the user has given his consent.
Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address will therefore be stored as long as the newsletter subscription is active.
The other personal data collected during the registration process is generally deleted after a period of seven days.
Objection
The subscription for the newsletter can be cancelled by the data subject at any time. For this purpose, every newsletter contains an opt-out link.
Through this, it is also possible to withdraw the consent to the storage of personal data collected during the registration process.