Data Protection & GDPR Compliance
Last updated: January 2025
1. Our Commitment to Data Protection
HMCBP LTD is committed to complying with the UK General Data Protection Regulation (UK GDPR) and all applicable UK data protection laws. We take your privacy seriously and implement robust measures to protect your personal data from unauthorised access, processing, and loss.
This Data Protection Statement provides detailed information about how we comply with UK GDPR and other data protection regulations.
2. UK GDPR Overview
The UK General Data Protection Regulation (UK GDPR) is the UK's principal data protection law that governs how organisations process personal data. As a UK company, HMCBP LTD is subject to UK GDPR and the Data Protection Act 2018 (as amended).
Key principles of UK GDPR that we follow:
- •Lawfulness, fairness, transparency: We process data lawfully and transparently
- •Purpose limitation: Data is collected only for specified, explicit purposes
- •Data minimisation: We collect only the data necessary for our purposes
- •Accuracy: We maintain accurate and up-to-date personal data
- •Storage limitation: Data is retained only as long as necessary
- •Integrity and confidentiality: We maintain secure processing of data
3. Data Controller Information
HMCBP LTD is the data controller for all personal data collected through this website.
Data Controller: HMCBP LTD
Director: Óscar Contreras Bárcena
Registered in England & Wales
Company Number: [TO BE INSERTED]
Registered Office: [TO BE INSERTED]
Email: [TO BE INSERTED]
4. Data Processing Activities
We process personal data in the following contexts:
Website Contact Forms
Data Collected: Name, email address, company name, enquiry type, message
Purpose: To respond to enquiries and maintain business records
Retention: Up to 3 years
Legal Basis: Consent and legitimate interest
Website Analytics
Data Collected: IP address, device type, pages visited, referral source
Purpose: To understand website usage and improve user experience
Retention: Up to 26 months
Legal Basis: Legitimate interest
Cookie-Based Tracking
Data Collected: Cookie identifiers, browsing behaviour
Purpose: To remember preferences and track analytics
Retention: As per Cookie Policy
Legal Basis: Consent for non-essential cookies
5. Data Subject Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access (Subject Access Request)
You can request a copy of all personal data we hold about you. We will provide this within 30 days of receiving a valid request.
Right to Rectification
You can request that we correct inaccurate or incomplete personal data about you.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data, subject to certain legal exceptions (e.g., legal retention requirements).
Right to Restrict Processing
You can request that we limit how we process your personal data in certain circumstances.
Right to Data Portability
You can request your personal data in a structured, commonly-used format that can be transferred to another service provider.
Right to Object
You can object to processing of your personal data for marketing purposes and in certain other circumstances.
Right Not to be Subject to Automated Decision Making
You have the right not to be subject to decisions made solely by automated means that produce legal or similarly significant effects.
6. How to Exercise Your Rights
To exercise any of the rights listed above, please submit a written request to:
HMCBP LTD - Data Subject Rights
Email: [TO BE INSERTED]
Please provide sufficient information to identify you (e.g., name, email address used for contact). We will verify your identity before responding. You are not required to pay a fee, unless your request is manifestly unfounded or excessive. We will respond within 30 days (extendable to 60 days for complex requests).
7. Data Breach Notification
In the event of a confirmed data breach affecting your personal data, we will notify you and the Information Commissioner's Office (ICO) without undue delay, as required by UK GDPR. We maintain a data breach log and will provide all necessary details about the breach, its impact, and remedial measures taken.
8. Data Protection Impact Assessment
We carry out Data Protection Impact Assessments (DPIA) for high-risk processing activities to identify and mitigate risks to your data. Our website and contact form processing is low-risk, but we remain vigilant about data protection.
9. International Data Transfers
HMCBP LTD transfers personal data to Spain for the coordination and promotion of the Salo Orgullo Festival in Salobreña, Granada. Such transfers are made:
- •In compliance with UK GDPR Chapter 5 (International Transfers)
- •With appropriate safeguards, such as Standard Contractual Clauses
- •Only to recipients with adequate data protection standards
10. Data Retention Schedule
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact Form Submissions | 3 years | Business records |
| Analytics Data | 26 months | Website improvement |
| Email Communications | 3 years | Business records & evidence |
| Tax/Legal Records | 6 years | UK tax law requirements |
11. Information Commissioner's Office (ICO)
If you have concerns about our data protection practices or believe your rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection.
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Email: casework@ico.org.uk
Website: www.ico.org.uk
12. Contact Us
If you have questions about our data protection practices, please contact:
HMCBP LTD - Data Protection
Director: Óscar Contreras Bárcena
Email: [TO BE INSERTED]
Registered Office: [TO BE INSERTED]
HMCBP LTD. Registered in England & Wales. Company Number: [TO BE INSERTED].
Registered Office: [TO BE INSERTED].