Data Protection & GDPR

1. Introduction

HMCFO LTD is committed to compliance with data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines our approach to protecting your personal data and your rights under these regulations.

2. Data Controller Information

3. Legal Basis for Processing

We process personal data based on the following legal grounds under UK GDPR:

• Consent: You have explicitly consented to the processing of your data.
• Contract: Processing is necessary to fulfil a contract with you.
• Legal Obligation: We are required by law to process your data.
• Vital Interests: Processing is necessary to protect your vital interests.
• Public Task: Processing is necessary for a task in the public interest.
• Legitimate Interests: We have a legitimate business interest that does not override your rights.

4. Your Data Protection Rights

Under UK GDPR, you have the following rights:

• Right to Access: You can request a copy of your personal data held by us.
• Right to Rectification: You can request correction of inaccurate data.
• Right to Erasure: You can request deletion of your data (subject to legal requirements).
• Right to Restrict Processing: You can request limitations on how we use your data.
• Right to Data Portability: You can request your data in a machine-readable format.
• Right to Object: You can object to certain types of processing.
• Rights Related to Automated Decision-Making: You have rights regarding decisions based solely on automated processing.

5. How to Exercise Your Rights

To exercise any of these rights, please contact us in writing at the address or email provided above. We will respond to your request within 30 days (or up to three months for complex requests). You may also lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have violated your data protection rights.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Specific retention periods depend on the type of data and the purposes for which we hold it. Please refer to our Privacy Policy for more detailed retention information.

7. International Data Transfers

If we transfer your data outside the UK and EU, we ensure that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other approved mechanisms under UK GDPR.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, alteration, and destruction. These measures include encryption, secure access controls, regular security assessments, and staff training.

9. Data Breaches

In the event of a confirmed data breach, we will notify affected individuals and the ICO without undue delay, as required by UK GDPR, unless the breach poses low risk to personal rights and freedoms.

10. Children's Data

Our website and services are not intended for individuals under 13 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information and terminate the child's access to our services.

11. Third-Party Data Processors

We may engage third-party service providers to process data on our behalf (such as hosting providers, analytics services, and email platforms). These processors are contractually obligated to comply with data protection laws and maintain appropriate security measures.

12. Contact Information Commissioner's Office (ICO)

If you wish to lodge a complaint regarding our data protection practices, you can contact the ICO:

13. Updates to This Policy

We may update this Data Protection & GDPR Policy periodically to reflect changes in our practices or in response to legal or regulatory updates. Any changes will be posted on this page with an updated "Last Updated" date.

14. Contact Us

If you have any questions or concerns about our data protection practices or this policy, please contact us at:
📧 info@hmcfo.cc