Our commitment to data protection standards
cobalt-hollow is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and your rights under these regulations.
For the purposes of data protection legislation, cobalt-hollow is the data controller for personal data collected through our website and services.
Contact details:
cobalt-hollow
47 Bedford Square
London WC1B 3DP
United Kingdom
Email: [email protected]
We process personal data under the following lawful bases as defined by GDPR:
Processing is necessary to perform our contract with you when you engage our services. This includes collecting career information, conducting consultations, and delivering completed documents.
We process certain data based on legitimate business interests, including:
Where required, we obtain explicit consent for specific processing activities, such as marketing communications. Consent can be withdrawn at any time.
You have the right to request copies of your personal data. We will provide this information in a commonly used electronic format.
You have the right to request correction of inaccurate or incomplete personal data.
You have the right to request deletion of your personal data in certain circumstances, including when data is no longer necessary for the purpose it was collected or when you withdraw consent.
You have the right to request limitation of processing in specific situations, such as when you contest the accuracy of data or object to processing.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
To exercise any of these rights, contact us at [email protected]. We will respond to requests within one month. In complex cases, this may be extended by two additional months, and we will inform you of any extension.
We may require proof of identity before processing requests to ensure data security.
We implement appropriate technical and organizational measures to ensure data security, including:
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
We maintain records of processing activities as required by GDPR, including:
When we engage third-party service providers who process personal data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance through written contracts that specify processing requirements and security obligations.
We process and store data within the United Kingdom. If data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by regulatory authorities.
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.
If you have concerns about our data processing practices or believe your rights have been violated, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk
We review our data protection practices regularly and update this compliance statement as necessary. The last update date appears at the top of this page.