GDPR Compliance

Information about your rights under UK GDPR and Data Protection Act 2018

Our Commitment

Stellar Patch Limited is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page provides specific information about how we comply with data protection legislation and how you can exercise your rights.

Data Controller Information

Stellar Patch Limited is the data controller responsible for your personal information.

Registered Company: Stellar Patch Limited
Company Number: 05247891
Registered Address: 42 Westbourne Gardens, London W2 5HU, United Kingdom
Data Protection Contact: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis. The specific basis depends on the context:

Consent

When you provide your information voluntarily through contact channels or subscribe to communications, we rely on your explicit consent. You may withdraw consent at any time by contacting us.

Contract Performance

When we provide consulting services, processing your data is necessary to fulfill our contractual obligations and deliver the services you've engaged us for.

Legitimate Interests

We process certain data based on our legitimate business interests, such as:

  • Maintaining and improving our website
  • Understanding how visitors use our services
  • Protecting against fraud and security threats
  • Managing business operations efficiently

We always balance these interests against your rights and will not process data in ways you would not reasonably expect.

Legal Obligations

In some cases, we must process personal data to comply with legal requirements, such as tax regulations, accounting standards, or legal proceedings.

Your Rights Under UK GDPR

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. This is commonly known as a Subject Access Request (SAR).

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request correction or completion.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

This right is not absolute. We may need to retain certain information to comply with legal obligations or establish legal claims.

Right to Restriction of Processing

You can request that we limit how we use your personal data in specific situations:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification of legitimate grounds

Right to Data Portability

Where technically feasible, you can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Should this change, we will update this information and ensure appropriate safeguards.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

  • Email: [email protected]
  • Post: Data Protection Officer, Stellar Patch Limited, 42 Westbourne Gardens, London W2 5HU

To help us process your request efficiently, please provide:

  • Your full name and contact details
  • Clear description of your request
  • Proof of identity (we may request this for security purposes)

We will respond to valid requests within one month. If your request is complex or we receive multiple requests, we may extend this by two months and will notify you accordingly.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of personal data during transmission and storage
  • Regular security assessments and vulnerability testing
  • Access controls limiting employee access to personal data
  • Staff training on data protection principles and obligations
  • Secure backup procedures
  • Incident response procedures for potential data breaches

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within seventy-two hours of becoming aware
  • Inform affected individuals without undue delay if there is a high risk to their rights
  • Document the breach, its effects, and remedial actions taken

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we ensure they:

  • Provide sufficient guarantees of appropriate security measures
  • Process data only according to our documented instructions
  • Have contractual obligations aligned with GDPR requirements
  • Assist us in responding to data subject requests
  • Notify us of any data breaches affecting our data

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data internationally, we ensure appropriate safeguards through:

  • UK adequacy regulations recognizing recipient countries
  • Standard contractual clauses approved by regulatory authorities
  • Binding corporate rules for transfers within corporate groups
  • Additional security measures where necessary

Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by law:

  • Inquiry data: Two years from last contact (unless you become a client)
  • Client project data: Seven years after project completion (for legal and contractual purposes)
  • Marketing data: Until you unsubscribe or three years of inactivity
  • Financial records: Seven years (legal requirement)
  • Website analytics: Twenty-six months

After retention periods expire, we securely delete or anonymize personal data.

Children's Data

Our services are directed at business professionals. We do not knowingly collect or process data from individuals under sixteen years of age. If we discover we have inadvertently collected such data, we will delete it immediately.

Cookies and Tracking

Our website uses cookies and similar technologies. For comprehensive information about the cookies we use and how to manage them, please refer to our Cookies Policy.

Updates to This Information

We review our GDPR compliance regularly and update this page as necessary. Significant changes will be communicated through our website or directly to clients and contacts where appropriate.

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not complied with data protection law:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Telephone: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Additional Information

For more detailed information about how we handle personal data, please refer to our Privacy Policy.

If you have questions about our GDPR compliance or data protection practices, contact our data protection team at [email protected].