GDPR Compliance Information

Our Commitment to Data Protection

Dreamy Crypt Ltd operates in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented comprehensive measures to protect your personal information.

This page explains how we fulfill our GDPR obligations and outlines your rights as a data subject.

Data Controller Details

For the purposes of data protection legislation, the data controller is:

Dreamy Crypt Ltd
Company Number: 13284756
Registered Office: 47 Redland Grove, Bristol, BS6 6PG, United Kingdom
Contact: [email protected]

Lawful Bases for Processing

We process personal data only when we have a valid lawful basis under UK GDPR. The specific basis depends on the purpose of processing:

Contract Performance

When you purchase our services, we process your personal information to fulfill our contractual obligations. This includes delivering consultations, providing guidance, and maintaining records of our professional relationship.

Legitimate Interests

We process certain data based on legitimate interests that benefit our business while respecting your fundamental rights. Examples include fraud prevention, network security, improving our services based on aggregated feedback, and maintaining business records for operational continuity.

We have conducted legitimate interest assessments to ensure this processing is necessary and proportionate.

Legal Obligations

UK law requires us to retain specific business records for accounting, tax, and regulatory purposes. We process personal data to the extent necessary to comply with these obligations.

Consent

Where required by law or where we have no other lawful basis, we obtain your explicit consent before processing personal data. You may withdraw consent at any time without affecting the lawfulness of processing conducted before withdrawal.

Data Protection Principles

Our data handling practices adhere to the core GDPR principles:

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate how and why we collect information.

Purpose Limitation

We collect personal data for specific, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes.

Data Minimization

We collect only the personal information necessary to achieve our stated purposes. We don't gather excessive or irrelevant data.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. We promptly correct or erase inaccurate information.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law. We have defined retention periods for different data categories.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorized access, accidental loss, destruction, or damage.

Accountability

We maintain documentation of our processing activities and can demonstrate compliance with data protection principles.

Your Rights Under UK GDPR

As a data subject, you have several important rights regarding your personal information:

Right of Access

You may request confirmation of whether we process your personal data and obtain a copy of that data. We will provide this information in a commonly used electronic format unless you request otherwise.

Right to Rectification

If you believe personal data we hold about you is inaccurate or incomplete, you may request correction. We will amend our records promptly upon verification.

Right to Erasure

In certain circumstances, you may request deletion of your personal data. This right applies when data is no longer necessary for its original purpose, when you withdraw consent, when you object to processing, or when data has been unlawfully processed.

This right is not absolute. We may retain information where we have overriding legitimate grounds or legal obligations to do so.

Right to Restriction of Processing

You may request that we limit how we use your personal data if you contest its accuracy, object to processing, or need us to retain data for legal claims despite no longer requiring it for our original purposes.

Right to Data Portability

Where processing is based on consent or contract performance and is carried out by automated means, you may request to receive your personal data in a structured, commonly used, machine-readable format. You may also request that we transmit this data directly to another controller where technically feasible.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significantly affects you. We do not currently engage in such automated decision-making.

Exercising Your Rights

To exercise any of your data protection rights, contact us at [email protected] with your request. Please include sufficient information to allow us to identify you and verify your identity.

We will respond to requests without undue delay and within one month of receipt. In complex cases, we may extend this period by two additional months, in which case we will inform you of the extension and the reasons for it.

We do not charge a fee for most requests unless they are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable administrative fee or refuse the request.

International Data Transfers

We primarily process and store personal data within the United Kingdom. In limited circumstances, data may be transferred to service providers located in other countries.

Any international transfers are conducted in accordance with UK GDPR requirements, using appropriate safeguards such as standard contractual clauses or ensuring the destination country provides adequate data protection.

Data Security Measures

We have implemented technical and organizational measures appropriate to the risk level associated with processing personal data. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls limiting who can view personal information
• Staff training on data protection responsibilities
• Secure backup and disaster recovery procedures
• Incident response protocols
• Vendor security requirements for third-party processors

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. Where required by law, we will also report the breach to the Information Commissioner's Office within 72 hours of becoming aware of it.

Our breach response procedures ensure prompt detection, investigation, and mitigation of any security incidents.

Third-Party Data Processors

We engage carefully vetted third-party service providers to support our business operations. These processors act only on our instructions and are contractually bound to comply with UK GDPR requirements.

We maintain a register of processors and conduct due diligence to ensure they provide sufficient guarantees regarding data security and protection.

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from individuals below this age. If we discover we have inadvertently collected such information, we will delete it promptly.

Updates to Our Practices

We regularly review and update our data protection practices to ensure ongoing compliance with UK GDPR. Material changes to how we process personal data will be communicated through updates to our privacy documentation and, where appropriate, direct notification to affected individuals.

Contact and Complaints

If you have questions about our GDPR compliance, wish to exercise your rights, or have concerns about how we handle personal data, please contact us:

Email: [email protected]
Post: Dreamy Crypt Ltd, 47 Redland Grove, Bristol, BS6 6PG, United Kingdom

We aim to resolve any concerns directly. However, you also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk