DocLibrary

GDPR Compliance

Last updated: January 2025

1. Our Commitment to Data Protection

DocLibrary Limited is committed to protecting your personal data and respecting your privacy rights. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring the highest standards of data protection.

This page outlines our GDPR compliance measures and explains your rights as a data subject.

2. Data Controller Information

Data Controller: DocLibrary Limited

Company Registration: 16609983

ICO Registration: C1811408

Address: Minsmere, Mill Lane, Hook End, Brentwood, Essex CM15 0NZ, United Kingdom

Data Protection Officer: [email protected]

3. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Information

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.

Right of Access

You can request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

In certain circumstances, you can request that we delete your personal data.

Right to Restrict Processing

You can ask us to limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format to transfer to another service provider.

Right to Object

You can object to certain types of processing, including direct marketing and processing based on legitimate interests.

Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling that significantly affects you.

4. How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the details below. We will respond to your request within one month, though this may be extended in complex cases.

Contact Methods:

  • Email: [email protected]
  • Subject Line: "Data Protection Request - [Your Request Type]"
  • Include: Your full name, email address, and specific request details

Identity Verification: To protect your privacy, we may need to verify your identity before processing your request. This helps ensure that personal data is not disclosed to unauthorized individuals.

5. Data Processing Principles

We adhere to the six key principles of UK GDPR:

  • Lawfulness, fairness and transparency: We process data lawfully and transparently
  • Purpose limitation: We collect data for specific, legitimate purposes
  • Data minimisation: We only collect data that is necessary
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We don't keep data longer than necessary
  • Integrity and confidentiality: We protect data with appropriate security measures

6. Data Security Measures

We implement comprehensive technical and organisational measures to protect your personal data:

  • End-to-end encryption for data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication
  • Staff training on data protection and security
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery planning

7. Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if there is a high risk
  • Take immediate steps to contain and remedy the breach
  • Conduct a thorough investigation and implement preventive measures

8. International Data Transfers

Your personal data is primarily processed within the UK. Any international transfers are conducted with appropriate safeguards:

  • Adequacy decisions from the UK government
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules where applicable
  • Certification schemes and codes of conduct

9. Complaints and Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

10. Regular Reviews and Updates

We regularly review our data protection practices and update our policies to ensure continued compliance with UK GDPR. This page will be updated to reflect any changes in our compliance measures or legal requirements.