Mesa-egret is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we uphold your rights and our responsibilities regarding your personal data.
Our Commitment
We process personal data lawfully, fairly, and transparently. We collect data only for specified, explicit, and legitimate purposes and ensure it remains adequate, relevant, and limited to what is necessary. We maintain accuracy and retain data only as long as required.
Lawful Basis for Processing
We process your personal data under the following lawful bases:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose
- Contract: Where processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract
- Legitimate interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests
Your Rights Under UK GDPR
Right to Be Informed
You have the right to be informed about how we collect and use your personal data. This notice and our Privacy Policy fulfil this obligation.
Right of Access
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month.
Right to Rectification
You have the right to have inaccurate personal data corrected or completed if it is incomplete. We will respond to your request within one month.
Right to Erasure
You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and only applies in certain circumstances.
Right to Restrict Processing
You have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances.
Right to Data Portability
You have the right to obtain and reuse your personal data for your own purposes across different services. This right only applies to automated information initially provided by you.
Right to Object
You have the right to object to processing based on legitimate interests, direct marketing, and processing for purposes of scientific or historical research and statistics.
Data Controller
Mesa-egret acts as the data controller for personal information collected through this website. As the data controller, we determine the purposes and means of processing personal data.
Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data where appropriate
- Regular testing and evaluation of security measures
- Staff training on data protection practices
- Access controls limiting who can view personal data
International Transfers
We do not routinely transfer personal data outside the United Kingdom. Should any transfer be necessary, we will ensure appropriate safeguards are in place to protect your data.
Exercising Your Rights
To exercise any of your rights, please contact us using the details below. We may need to verify your identity before fulfilling your request.
Mesa-egret
147 St Vincent Street
Glasgow G2 5JF
United Kingdom
[email protected]
Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues.