Log in

Cart

Your cart is currently empty.

Continue shopping
Total
£0.00

UK GDPR

This statement provides an overview of the applicability, basic principles, user rights, and key compliance requirements under the UK General Data Protection Regulation (UK GDPR), helping users understand how personal data is processed within the current legal framework.

I. Regulatory Background and Purpose

After the UK’s exit from the EU, the original EU GDPR was incorporated into UK law as the UK GDPR and is applied together with the Data Protection Act 2018.

The Information Commissioner’s Office (ICO) in the UK is responsible for relevant regulatory matters.

The main objectives of the UK GDPR include:

Enhancing individuals’ control over their own data;

Improving transparency and security in data processing;

Clarifying responsibilities and compliance obligations in data processing activities.

II. Scope of Application

The UK GDPR primarily applies to the following scenarios:

Entities processing personal data within the UK, regardless of where the data is actually stored or processed;

Entities outside the UK that offer goods or services to individuals in the UK, or monitor or analyze their online behavior, such as via cookies or similar technologies.

Data processing activities conducted solely for personal or household purposes are generally excluded.

III. Basic Principles of Data Processing

Under the UK GDPR framework, personal data processing should adhere to the following principles:

Lawfulness, fairness, and transparency: processing must be based on a valid legal basis and clearly communicated to users;

Purpose limitation: data should be collected only for specific and legitimate purposes;

Data minimization: only process the information necessary to achieve the intended purpose;

Accuracy: ensure information is correct and up to date;

Storage limitation: data should not be kept longer than necessary;

Integrity and confidentiality: implement technical and administrative measures to prevent unauthorized access, disclosure, or loss.

IV. User Rights

Under the UK GDPR, users may exercise the following rights under legal conditions:

Access information about the processing of personal data and review related data;

Correct inaccurate or incomplete personal information;

Request deletion of personal data where applicable;

Restrict data processing in certain circumstances;

Obtain personal data in a structured, commonly used format;

Object to data processing based on legitimate interests.

For individuals under 18 years old, data processing usually requires the involvement or authorization of a legal guardian.

V. Obligations Related to Data Processing

Parties involved in personal data processing must comply with the following requirements:

Process data only based on clear instructions;

Implement appropriate security measures, such as encryption, access control, and system protections;

Respond to user data rights requests within prescribed timelines;

Notify users in case of data security incidents;

Maintain necessary records of data processing activities;

Conduct Data Protection Impact Assessments (DPIA) when legally required;

Appoint a data protection officer when applicable.

VI. Cross-Border Data Transfers

When personal data needs to be transferred outside the UK, compliant safeguards should be implemented, including:

Ensuring that the recipient provides an adequate level of data protection;

Using standard contractual clauses in accordance with UK GDPR requirements;

Employing technical measures such as encryption and access control to reduce risk.

VII. Regulatory Authority and Legal Consequences

The Information Commissioner’s Office (ICO) in the UK has the authority to:

Inspect and supervise data processing activities;

Request suspension or adjustment of non-compliant processing;

Take regulatory actions or impose penalties in case of serious violations.

The exercise of related rights and responsibilities is subject to applicable law.

VIII. Compliance Significance

Compliance with UK GDPR provides the following benefits:

Provides users with clearer information and protections regarding data use;

Reduces operational compliance risks;

Supports the establishment of a trusted digital environment that meets requirements from entities like Google and GMC.

IX. Contact Information

To exercise your rights under UK GDPR or to inquire about personal data processing, you may contact us via:

Email: service@cozyfurnishz.com

Requests will be handled in accordance with applicable laws and specific circumstances.