Log in

Cart

Your cart is currently empty.

Continue shopping
Total
£0.00

UK GDPR

This policy outlines the UK GDPR (UK General Data Protection Regulation) provisions, effective from January 1, 2021, ensuring that users’ personal data is fully protected in the UK.

I. Scope

UK GDPR applies to:

  • All organizations operating within the UK, regardless of where the data is processed;

  • Entities outside the UK if they offer goods or services, or monitor user behavior in the UK (e.g., via cookies or tracking technologies).

Note: Data processing for personal or household purposes is not covered.

II. Principles of Data Processing

Data processing must adhere to the following principles:

  • Lawfulness and Transparency: Data must be processed legally, fairly, and transparently for users;

  • Purpose Limitation: Data may only be collected for specific, legitimate purposes;

  • Data Minimization: Only data necessary for processing should be collected;

  • Accuracy: Data must be accurate and kept up to date;

  • Storage Limitation: Data should not be kept longer than necessary for the processing purpose;

  • Integrity and Confidentiality: Appropriate technical and organizational measures must be implemented to protect data from unauthorized access.

III. Users’ Rights

Under UK GDPR, users have the following rights:

  • Right of Access: Obtain information about their personal data;

  • Right to Rectification: Correct inaccurate or incomplete data;

  • Right to Erasure (“Right to be Forgotten”): Request deletion of personal data under certain circumstances;

  • Right to Restrict Processing: Request limitation of data processing in specific situations;

  • Data Portability: Request transfer of their data to another data controller;

  • Right to Object: Object to processing based on legitimate interests or withdraw consent;

  • Protection of Minors’ Data: Users under 18 must obtain legal guardian consent to provide personal data.

IV. Responsibilities of the Data Controller

Data controllers must ensure:

  • Compliance with data protection laws and implementation of appropriate security measures such as encryption and access controls;

  • Timely response to users’ data requests;

  • Notification to the UK Information Commissioner’s Office (ICO) and users in case of a data breach;

  • Maintenance of records of processing activities and performing Data Protection Impact Assessments (DPIA) when necessary;

  • Appointment of a Data Protection Officer (DPO) if required and notification to users.

V. International Data Transfers

When data is transferred outside the UK:

  • Ensure the destination country provides an adequate level of protection, or

  • Use standard contractual clauses and additional security measures such as end-to-end encryption.

VI. Supervision and Penalties

The UK Information Commissioner’s Office (ICO) can:

  • Conduct inspections and investigate compliance;

  • Suspend non-compliant data processing activities;

  • Impose fines of up to £20 million or 4% of global annual turnover, whichever is higher.

Even after a user’s death, rights over personal data can be exercised according to a will; if not specified, heirs may exercise these rights.

VII. Importance of UK GDPR

  • For users: Enhances transparency and protection of personal data;

  • For the platform: Reduces legal risks and ensures compliance;

  • For the market: Provides a more reliable digital environment in accordance with Google and GMC policies.

VIII. Contact Information

To exercise your rights or learn more about our privacy practices, please contact the Data Protection Officer (DPO):

Email: contact@homenestz.com

We typically respond within 24 hours (complex cases may require longer).