GDPR Compliance

Our Commitment to Data Protection

forest-quartz is committed to protecting your personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. This page provides specific information about how we comply with these regulations.

Data Controller

forest-quartz acts as the data controller for personal information collected through our services. We are responsible for deciding how we hold and use personal information about you.

Contact details:
forest-quartz
47 Marlborough Street
Bristol, BS1 3PH
United Kingdom
Email: [email protected]

Lawful Bases for Processing

We process personal data under the following lawful bases:

• Contract performance: Processing is necessary to fulfil our digitisation services
• Legal obligation: Processing is required to comply with legal requirements
• Legitimate interests: Processing is necessary for our legitimate business interests
• Consent: You have given explicit consent for specific processing activities

Your Data Protection Rights

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.

Right to Rectification

You have the right to request correction of any information you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to request restriction of processing your personal data in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to request transfer of your personal data to another organisation or directly to you in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis for processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two further months, in which case we will inform you.

We may request specific information from you to confirm your identity and ensure we are disclosing information to the correct person.

Data Security Measures

We have implemented appropriate technical and organisational measures including:

• Secure storage of physical materials in locked facilities
• Encrypted digital storage systems
• Restricted access to personal data on a need-to-know basis
• Regular security assessments and updates
• Staff training on data protection requirements

Data Breach Procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. Should this become necessary, we will ensure appropriate safeguards are in place as required by UK data protection law.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Changes to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised date.