GDPR Compliance

1. Our Commitment to GDPR

Coolmedia Marketing is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of your personal data seriously and have implemented comprehensive measures to ensure your information is processed lawfully, fairly, and transparently.

This page outlines our GDPR compliance practices and explains your rights as a data subject under UK data protection law.

2. Data Controller Information

3. GDPR Principles

We adhere to the seven key principles of GDPR in all our data processing activities:

4. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

Response Time: We will respond to your request within one month of receipt. In complex cases, we may extend this by a further two months and will inform you of any delay.

6. Legal Basis for Processing

We process your personal data based on the following legal grounds:

7. Data Security Measures

We implement robust technical and organizational security measures to protect your personal data:

8. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Provide clear information about the nature of the breach and the measures taken to address it
• Take immediate action to contain and remediate the breach

9. Third-Party Data Processors

We work with carefully selected third-party service providers who process personal data on our behalf. These processors include:

• Email marketing platforms (e.g., Mailchimp)
• Analytics services (e.g., Google Analytics)
• Cloud hosting providers
• CRM systems
• Payment processors

All third-party processors are bound by data processing agreements that ensure they comply with GDPR requirements and implement appropriate security measures.

10. International Data Transfers

Some of our service providers may be located outside the UK. When we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK authorities
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules for multinational organizations

11. Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

12. Complaints and Supervisory Authority

If you believe we have not handled your personal data properly or have concerns about our GDPR compliance, you have the right to lodge a complaint with the UK's supervisory authority:

However, we encourage you to contact us first so we can address your concerns directly.

13. Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated page on our website and updating the "Last Updated" date.

14. Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us: