GDPR Compliance

Our Commitment to Data Protection

Shiny Symposium is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about how we comply with these regulations and what they mean for you.

Data Controller Information

For the purposes of UK data protection law, Shiny Symposium is the data controller responsible for your personal information.

Our contact details are:
Shiny Symposium
142 Colmore Row
Birmingham
B3 3AP
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The specific legal basis depends on the purpose of processing:

Contractual Necessity

When you engage our services, we process your personal data to fulfil our contractual obligations to you. This includes providing financial management guidance, communicating about your case, and maintaining records of our work together.

Legal Obligation

We may process your data to comply with legal requirements we're subject to, such as maintaining records for regulatory purposes, complying with requests from authorities, or meeting professional standards requirements.

Legitimate Interests

In some cases, we process data based on legitimate business interests, such as improving our services, ensuring website security, or preventing fraud. We carefully balance these interests against your rights and freedoms.

Consent

Where required, we obtain your explicit consent before processing your data, such as for marketing communications or certain cookies. You can withdraw consent at any time.

Your Rights Under GDPR

UK GDPR grants you specific rights regarding your personal data. Here's what each right means and how you can exercise it:

Right of Access

You have the right to obtain confirmation of whether we're processing your personal data and, if so, to receive a copy of it. This is commonly known as a Subject Access Request. We will provide this information free of charge within one month of your request.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make amendments within one month and notify any third parties with whom we've shared the data where appropriate.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected, you withdraw consent, or you object to processing. This right is not absolute and may be limited by legal obligations to retain certain records.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to processing. During a restriction period, we can store the data but not use it further without your consent or for legal purposes.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request to receive your personal data in a structured, commonly used, machine-readable format. You can also request that we transfer this data directly to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop such processing immediately. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant impacts. We do not currently employ automated decision-making processes, but if this changes, we will update this notice accordingly.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] or write to us at our postal address listed above.

When making a request, please provide sufficient information to help us identify you and understand your request. We may need to verify your identity before responding to certain requests.

We aim to respond to all requests within one month. If your request is particularly complex or we've received multiple requests from you, we may extend this period by up to two months, but we'll explain why and keep you informed.

Data Protection Principles

We adhere to the core data protection principles set out in UK GDPR:

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. This means we're open about how we use your data and only do so when we have a proper legal basis.

Purpose Limitation

We collect personal data for specific, explicit, and legitimate purposes and don't use it in ways incompatible with those purposes.

Data Minimisation

We only collect and process personal data that's adequate, relevant, and necessary for the purposes we've specified.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. We encourage you to inform us of any changes to your personal information.

Storage Limitation

We don't keep personal data longer than necessary for the purposes we collected it. We have retention policies that specify how long different categories of data are kept.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorised access, accidental loss, destruction, or damage.

Accountability

We take responsibility for complying with GDPR and can demonstrate our compliance through our policies, procedures, and records.

International Data Transfers

We primarily store and process your data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK authorities, to protect your data in accordance with UK GDPR standards.

Data Security Measures

We implement technical and organisational measures designed to ensure appropriate security for your personal data, including:

Encryption of data in transit and at rest where appropriate. Access controls ensuring only authorized personnel can access personal data. Regular security assessments and updates to our systems. Staff training on data protection and security. Secure data disposal procedures. Incident response procedures to handle potential data breaches.

Data Breach Procedures

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also inform you directly without undue delay.

Children's Data

Our services are not directed at children under 18 years of age. We do not knowingly collect or process personal data from children. If we become aware that we've inadvertently collected data from a child, we will delete it promptly.

Regular Reviews and Updates

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR. This includes reviewing our legitimate interest assessments, updating our processing records, and ensuring our security measures remain appropriate.

Questions and Complaints

If you have questions about how we handle your personal data or our GDPR compliance, please contact us at [email protected].

If you're not satisfied with our response or believe we're not processing your data in accordance with the law, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Related Policies

For more detailed information about specific aspects of how we handle your data, please refer to our:

Privacy Policy - comprehensive information about data collection and use
Cookies Policy - specific information about cookies and tracking technologies