GDPR Compliance

Last updated:

Tasrie IT Services is committed to full compliance with the General Data Protection Regulation (GDPR) and protecting the rights of individuals whose personal data we process.

Our GDPR Commitment

We process personal data lawfully, fairly, and transparently in accordance with GDPR principles and individual rights. This page outlines our GDPR compliance measures and your rights under the regulation.

Data Protection Principles

We ensure that personal data is:

  • Processed lawfully, fairly, and transparently: We have clear legal bases for processing and are transparent about our practices
  • Collected for specified, explicit purposes: Data is only collected for legitimate business purposes
  • Adequate, relevant, and limited: We collect only what is necessary (data minimization)
  • Accurate and up-to-date: We maintain accurate records and correct inaccuracies promptly
  • Stored no longer than necessary: We have clear retention periods and delete data when no longer needed
  • Processed securely: We implement appropriate technical and organizational security measures

Legal Basis for Processing

We process personal data under the following legal bases:

Contractual Necessity

Processing necessary to perform our contractual obligations to clients, including service delivery, billing, and customer support.

Legitimate Interests

Processing necessary for our legitimate business interests, such as:

  • Improving our services and operations
  • Detecting and preventing fraud or security threats
  • Network and information security
  • Internal administration

Legal Obligations

Processing required to comply with legal obligations, such as tax and accounting requirements.

Consent

In some cases, we process data based on your explicit consent (e.g., marketing communications). You can withdraw consent at any time.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear information about how we collect and use your personal data (provided in our Privacy Policy).

Right of Access

You can request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling. We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Data Protection Measures

Technical Measures

  • Encryption of data in transit and at rest
  • Multi-factor authentication for system access
  • Regular security testing and vulnerability assessments
  • Secure backup and disaster recovery procedures
  • Network security controls and monitoring

Organizational Measures

  • ISO 27001 certified information security management system
  • Data Protection Impact Assessments (DPIAs) for high-risk processing
  • Staff training on data protection and GDPR
  • Confidentiality agreements with all staff and contractors
  • Vendor management and due diligence for data processors
  • Incident response and breach notification procedures

Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Additional security measures to protect transferred data

Data Processors

We carefully select and manage third-party data processors. All processors are required to:

  • Process data only on our documented instructions
  • Maintain appropriate security measures
  • Assist with GDPR compliance obligations
  • Delete or return data at the end of processing
  • Sign data processing agreements compliant with GDPR Article 28

Data Breach Procedures

In the event of a personal data breach, we have procedures to:

  • Detect and assess the breach within 24 hours
  • Notify the relevant supervisory authority within 72 hours when required
  • Notify affected individuals without undue delay when required
  • Document the breach and our response
  • Take steps to mitigate and prevent future breaches

Exercising Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

Email: [email protected]
Phone: +44 204 587 6321
Address: Data Protection Officer, Tasrie IT Services, Inc., 71-75 Shelton St, London WC2H 9JQ, United Kingdom

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two months and will inform you of the extension.

Right to Complain

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

Questions

For any questions about our GDPR compliance, please contact us at [email protected].