Privacy Policy

Introduction

The European Union General Data Protection Regulation (GDPR) has been in effect across the EU since 25th May 2018, representing a significant overhaul of data protection legislation. Designed with a focus on privacy by design and a risk-based approach, the GDPR responds to the diverse privacy challenges posed by the digital age. With the proliferation of technology, evolving definitions of personal data, and increased cross-border data processing activities, the Regulation aims to standardize data protection laws and practices across the EU. Its objective is to empower individuals with stronger and more consistent rights to access and control their personal information, ensuring a harmonized approach to data privacy and security.

 

Our Commitment

Incr-edibles.co.uk (referred to as “we,” “us,” or “our”) is dedicated to ensuring the security and protection of the personal information we process, and to maintaining a compliant and uniform approach to data protection. Our existing data protection program aligns with current laws and adheres to data protection principles. As we acknowledge our responsibilities to comply with the GDPR and the United Kingdom’s Data Protection Bill/United Kingdom’s DP law, we have expanded and updated our program to meet the requirements of these regulations. Incr-edibles.co.uk is committed to safeguarding the personal information under our control and to developing a robust and purpose-driven data protection framework that reflects an understanding of and respect for the GDPR. Our readiness and objectives for GDPR compliance are outlined in this statement, encompassing the establishment and implementation of new data protection roles, policies, procedures, controls, and measures to ensure ongoing compliance.

Incr-edibles.co.uk already upholds a consistent level of data protection and security throughout our organization. However, our goal is to achieve full compliance with the GDPR by 25th May 2018. Our preparation encompasses various aspects, such as revising or implementing:

  • Policies & Procedures: Data protection policies and procedures are being revised to align with the GDPR and relevant data protection laws, including measures related to cookies and tracking for purposes such as Google Analytics.

  • Data Protection: Our primary policy and procedure document for data protection has been updated to meet the GDPR’s standards and requirements.

  • Accountability and Governance: Measures are in place to ensure our understanding and effective dissemination of our obligations and responsibilities, particularly on privacy by design and individual rights.

  • Data Retention & Erasure: Our retention policy and schedule have been reviewed to comply with data minimization and storage limitation principles, along with establishing procedures for erasure and a dedicated focus on the “Right to Erasure” obligation.

  • Data Breaches: We have robust breach procedures in place, including safeguards to identify, assess, investigate, and report any personal data breaches promptly.

  • Subject Access Request (SAR): Our SAR procedures have been revised to align with the GDPR’s updated timeframe for providing requested information and ensuring it is provided free of charge, along with specific processes for processing access requests and managing exemptions.

  • Privacy Notice/Policy: Our Privacy Notices have been updated to comply with the GDPR, ensuring individuals are informed about the purpose of data processing, their rights, disclosure of information, and safeguarding measures.

  • Consent: We have revised our consent mechanisms to ensure individuals understand the purpose and use of their data, providing clear ways to consent, record, and withdraw consent.

  • Direct Marketing: Our direct marketing processes include clear opt-in mechanisms, opt-out provisions, and unsubscribe features on marketing materials.

Data Subject Rights

In addition to our revised policies and procedures, we provide easy access to information about individuals’ rights regarding their personal data processed by Incr-edibles.co.uk. This includes the right to access, rectify, erase, restrict processing, object to direct marketing, and seek automated decision-making details, as well as the right to lodge complaints or seek judicial remedy.

Information Security & Technical and Organizational Measures

We take the privacy and security of personal information seriously, implementing robust information security policies, and technical and organizational measures to protect personal data from unauthorized access or misuse, including employing SSL, access controls, encryption, and other security protocols.

GDPR Roles and Employees

Incr-edibles.co.uk has designated Gordon Stark as our Appointed Person and established a data privacy team to drive and monitor our GDPR compliance efforts. We recognize the importance of maintaining employee awareness and understanding of the GDPR, and as such, a dedicated training program has been implemented to ensure all employees are well-informed and compliant.

For any inquiries regarding our GDPR preparations, please contact Gordon Stark