Your data protection rights under UK GDPR.
Last updated: January 2024
Elara Flux Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of personal data seriously and have implemented measures to ensure compliance with data protection legislation.
For the purposes of UK GDPR, the data controller is:
Elara Flux Ltd
47 Greenway Business Centre
Bristol, BS1 5QT
United Kingdom
Email: [email protected]
We process personal data under the following lawful bases as defined by Article 6 of UK GDPR:
Where processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering a contract. This includes processing data to provide ecological consultancy services, generate quotations, and manage project communications.
Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights. This includes improving our services, maintaining business records, and communicating about relevant opportunities.
Where processing is required to comply with legal requirements, such as tax regulations, health and safety obligations, and regulatory reporting.
Where you have provided explicit consent for specific processing activities, such as receiving marketing communications. You may withdraw consent at any time.
As a data subject, you have the following rights:
You have the right to obtain confirmation of whether we process your personal data and to access that data along with supplementary information about how it is processed.
You have the right to have inaccurate personal data corrected and incomplete data completed.
Also known as the "right to be forgotten", you may request deletion of your personal data in certain circumstances, including where the data is no longer necessary for its original purpose.
You have the right to request restriction of processing in certain circumstances, such as while we verify the accuracy of data you have challenged.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.
To exercise any of these rights, please contact us at:
Email: [email protected]
We will respond to your request within one month of receipt. In complex cases, this period may be extended by two further months, and we will notify you if this is necessary.
There is generally no fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals. This ensures privacy considerations are embedded in our project planning and service delivery.
We primarily process and store data within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO, or transfers to countries with adequate data protection frameworks.
Given the nature and scale of our data processing activities, we have not appointed a formal Data Protection Officer. However, enquiries regarding data protection can be directed to our management team at [email protected].
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
We may update this GDPR information periodically to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last revised.