Last updated: January 2024
Our Commitment to GDPR
London Design Furniture is committed to ensuring the protection of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our compliance measures and your rights under these regulations.
Data Controller
London Design Furniture acts as the data controller for personal information collected through our website and business operations.
Contact details:
47 Clerkenwell Road
London EC1M 5RS
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications.
- Contract: Where processing is necessary for the performance of a contract with you, such as fulfilling furniture orders.
- Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.
- Legal Obligation: Where processing is necessary to comply with legal requirements.
Your Rights Under GDPR
Under UK GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your request.
Right to Rectification
You have the right to request correction of any inaccurate personal data we hold about you.
Right to Erasure
You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.
Right to Restrict Processing
You have the right to request restriction of processing of your personal data in certain circumstances.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object
You have the right to object to processing of your personal data, including for direct marketing purposes.
Rights Related to Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
Data Protection Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data where appropriate
- Regular security assessments
- Staff training on data protection
- Access controls and authentication procedures
- Regular backups and data recovery procedures
Data Breach Procedures
In the event of a personal data breach, we have procedures in place to:
- Detect, investigate, and report breaches
- Notify the Information Commissioner's Office within 72 hours where required
- Notify affected individuals without undue delay where the breach is likely to result in high risk
International Data Transfers
We do not routinely transfer personal data outside the United Kingdom. Where such transfers are necessary, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
Exercising Your Rights
To exercise any of your rights under GDPR, please contact us using the details provided above. We will respond to your request within one month. In complex cases, this may be extended by a further two months, and we will inform you if this is necessary.
Complaints
If you are not satisfied with our response to any data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
Updates to This Notice
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.