GDPR Compliance

General Data Protection Regulation Compliance

river-kit is committed to full compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We take our responsibilities regarding your personal data seriously and have implemented appropriate measures to ensure compliance.

Data Controller Information

For the purposes of data protection legislation, river-kit acts as the data controller for personal data collected through our website and services.

Data Controller: river-kit
Address: 42 Berkeley Square, Mayfair, London W1J 5AJ, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you provide explicit consent for us to process your data for specific purposes
• Contract: When processing is necessary to fulfill a contract with you or take steps before entering into a contract
• Legal Obligation: When we must process data to comply with legal requirements
• Legitimate Interests: When processing serves our legitimate business interests while respecting your rights and freedoms

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

You may request access to your personal data and receive a copy of the information we hold about you.

Right to Rectification

You may request correction of inaccurate or incomplete personal data.

Right to Erasure

You may request deletion of your personal data in certain circumstances, including when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restriction of Processing

You may request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You may request to receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.

Right to Object

You may object to processing of your personal data where we rely on legitimate interests as the legal basis for processing.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with details of your request. We will respond within one month of receiving your request, though this may be extended by two additional months for complex requests.

We may need to verify your identity before processing your request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.

Data Security Measures

We have implemented appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Staff training on data protection principles
• Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you may contact our data protection representative at [email protected]

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with data protection law. In the United Kingdom, the supervisory authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. The date of the last update will be clearly indicated.