GDPR Compliance | Lively Backroads

Lively Backroads is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we handle your personal data and your rights under these regulations.

Data Controller

Lively Backroads is the data controller responsible for your personal data. Our contact details are:

Lively Backroads
47 Moseley Road
Birmingham, B12 9BN
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Contractual Necessity

When you engage our services, we process your data to fulfil our contractual obligations, including providing quotes, scheduling work, and delivering services.

Legitimate Interests

We may process your data where it is in our legitimate business interests, such as improving our services, marketing to existing customers, and preventing fraud.

Consent

Where you have given explicit consent, such as subscribing to marketing communications, we process your data based on that consent. You may withdraw consent at any time.

Legal Obligation

We may process data where necessary to comply with legal requirements, such as tax and accounting obligations.

Your Rights Under GDPR

Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month.

Right to Rectification

If the personal data we hold is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure

You may request that we delete your personal data where there is no compelling reason for its continued processing. This right is not absolute and may be subject to legal obligations.

Right to Restrict Processing

You may request that we limit how we use your data while we investigate any concerns you have raised.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transfer it to another controller.

Right to Object

You may object to processing based on legitimate interests or direct marketing at any time.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

Data Transfers

Your personal data is primarily processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

Enquiry data: 2 years from last contact if no service is provided
Customer data: 7 years after completion of services for warranty and legal purposes
Marketing data: Until you withdraw consent
Website analytics: 26 months

Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Secure servers and encrypted data transmission
Access controls limiting data access to authorised personnel
Regular security assessments
Staff training on data protection

Data Breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex, we may extend this period by two months, in which case we will inform you.

Complaints

If you are not satisfied with how we handle your data or your request, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated date.