UK GDPR Compliance | CHILLI GEEKS LTD
1. Commitment to Data Protection
As a leading cybersecurity consultancy, CHILLI GEEKS LTD recognizes that data protection is intrinsically linked to information security. We are fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We embed privacy-by-design into all our operations, ensuring that the personal data of our clients, employees, and partners is handled lawfully, securely, and transparently.
2. Data Protection Principles
We strictly adhere to the core principles of the UK GDPR in all data processing activities:
- Lawfulness, Fairness, and Transparency: We process data legally and communicate clearly about how it is used.
- Purpose Limitation: Data is collected only for specified, explicit, and legitimate business purposes.
- Data Minimisation: We collect only the data that is absolutely necessary for our operations.
- Accuracy: We take reasonable steps to ensure data remains accurate and up to date.
- Storage Limitation: Data is retained only for as long as required to fulfill its intended purpose.
- Integrity and Confidentiality: We process data in a manner that ensures robust security against unauthorized access and accidental loss.
3. Security Measures
CHILLI GEEKS LTD deploys enterprise-grade security controls to protect the personal data entrusted to us. Our defensive posture includes:
- Encryption: Utilization of AES-256 for data at rest and TLS 1.3 for data in transit.
- Access Controls: Enforcement of Zero Trust architecture, Multi-Factor Authentication (MFA), and strictly audited Role-Based Access Controls (RBAC).
- Monitoring Systems: Continuous 24/7 Security Operations Center (SOC) monitoring to detect and thwart anomalous activities.
- Vulnerability Management: Regular internal penetration testing and automated vulnerability scanning of our infrastructure.
- Staff Training: Mandatory, ongoing security awareness and GDPR compliance training for all employees and contractors.
4. Data Subject Rights
Under the UK GDPR, individuals maintain comprehensive rights over their personal data. We fully support and facilitate these rights, which include:
- The right to be informed.
- The right of access to personal data.
- The right to rectification of errors.
- The right to erasure ("Right to be Forgotten").
- The right to restrict processing.
- The right to data portability.
- The right to object to processing.
- Rights regarding automated decision making and profiling.
5. Data Breach Procedures
CHILLI GEEKS LTD maintains a comprehensive Incident Response Plan. In the highly unlikely event of a personal data breach, our security team will immediately isolate the affected systems and conduct a forensic investigation. If a breach poses a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours. Affected individuals will also be notified promptly without undue delay, along with remediation recommendations.
6. International Transfers
Our primary infrastructure is hosted within the United Kingdom. However, if business operations require the transfer of personal data outside the UK or the European Economic Area (EEA), CHILLI GEEKS LTD guarantees that appropriate safeguards are implemented. Such transfers will only occur utilizing UK-approved Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) to ensure data remains protected to UK GDPR standards.
7. Regulatory Authority
CHILLI GEEKS LTD operates under the jurisdiction of the UK's independent regulatory authority for data protection. If you believe we have not processed your data in accordance with the law, you retain the right to lodge a formal complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office (ICO)Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk
8. Contact for Data Requests
To exercise your GDPR rights, submit a Data Subject Access Request (DSAR), or inquire about our compliance frameworks, please contact our Data Protection Officer:
CHILLI GEEKS LTD6 Selbourne Drive
Dewsbury, England
WF12 9PB
+44 7411 573179