GDPR Compliance
Information about how we comply with the General Data Protection Regulation (GDPR).
Last updated: January 2023
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. At Fides Bridge, we are committed to ensuring our compliance with GDPR and protecting the personal data of our users.
Our Approach to GDPR
Our approach to GDPR compliance is centered on the following key elements:
Data Protection by Design
We have implemented appropriate technical and organizational measures to integrate data protection into our data processing activities from the earliest stage of design.
Data Protection by Default
We ensure that only personal data necessary for each specific purpose of processing is processed, and that data is not made accessible to an indefinite number of individuals.
Lawful Basis for Processing
We process personal data only where we have a lawful basis to do so under the GDPR, such as consent, contract, legal obligation, vital interests, public task, or legitimate interests.
Transparent Information
We provide clear and transparent information about how we collect, use, store, and process personal data through our Privacy Policy and related documentation.
Legal Basis for Processing Personal Data
Under the GDPR, we process personal data based on one or more of the following legal bases:
Consent
Where you have given us explicit consent to process your personal data for a specific purpose. You can withdraw your consent at any time.
Contract
Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
Legal Obligation
Where processing is necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests
Where processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms.
Data Subject Rights Under GDPR
The GDPR provides you with certain rights concerning your personal data. We are committed to respecting these rights and supporting you in exercising them. These rights include:
| Right | Description | How to Exercise |
|---|---|---|
| Right to Be Informed | You have the right to be informed about the collection and use of your personal data. | Review our Privacy Policy. |
| Right of Access | You have the right to obtain confirmation if we process your personal data and request a copy of it. | Contact our DPO. |
| Right to Rectification | You have the right to request that inaccurate personal data be corrected or completed if incomplete. | Update your account information or contact our DPO. |
| Right to Erasure | You have the right to request the deletion of your personal data in certain circumstances. | Contact our DPO with your request. |
| Right to Restrict Processing | You have the right to request the restriction of processing your personal data. | Contact our DPO with your request. |
| Right to Data Portability | You have the right to receive your personal data in a structured, commonly used format or to request the transfer to another controller. | Contact our DPO with your request. |
| Right to Object | You have the right to object to the processing of your personal data in certain circumstances. | Contact our DPO with your objection. |
| Rights Related to Automated Decision-making | You have the right not to be subject to a decision based solely on automated processing, including profiling. | Contact our DPO with your request. |
Data Protection Impact Assessments (DPIAs)
We conduct Data Protection Impact Assessments (DPIAs) whenever we identify processing that is likely to result in a high risk to individuals' rights and freedoms. DPIAs help us identify and minimize data protection risks associated with our processing activities.
International Data Transfers
When transferring personal data outside the EEA or UK, we ensure that adequate safeguards are in place to provide a level of protection equivalent to that guaranteed within the EEA or UK. These safeguards may include:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules
- Adequacy decisions by the European Commission
- Additional technical and organizational measures where necessary
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR requirements. You can contact our DPO if you have any questions or concerns about how we handle your personal data:
Data Protection Officer
Fides Bridge Ltd
123 Privacy Street
London, EC1A 1BB
United Kingdom
Email: dpo@fidesbridge.com
Phone: +44 20 1234 5679
Supervisory Authority
If you are located in the European Union or UK, you have the right to lodge a complaint with your local supervisory authority if you believe that our processing of your personal data violates the GDPR. We encourage you to contact us first so we can address your concerns directly.
Related policies: