GDPR Compliance - umber-storm

Our Commitment to Data Protection

umber-storm complies with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. We are committed to protecting your personal data and respecting your privacy rights.

Legal Basis for Processing

We process personal data under the following legal bases:

Contract performance: Processing rental requests and delivering equipment rental services
Legitimate interests: Maintaining business records and improving service quality
Legal obligation: Complying with accounting, tax, and safety regulations
Consent: Sending non-essential communications when you have opted in

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

If personal information we hold is inaccurate or incomplete, you have the right to request correction.

Right to Erasure

You may request deletion of your personal data. This right is subject to legal retention requirements for business records and completed transactions.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of information.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transfer it to another service provider.

Right to Object

You can object to processing of your personal data where we rely on legitimate interests as the legal basis.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected:

Rental transaction records: 7 years (legal requirement)
Marketing consent records: Until consent is withdrawn
Inquiry data (non-converted): 2 years
Technical support logs: Duration of rental plus 1 year

Data Security Measures

We implement appropriate technical and organizational measures to protect personal data:

Encrypted storage of customer information
Access controls limiting data access to authorized personnel only
Regular security assessments and updates
Secure transmission of data using SSL/TLS protocols
Employee training on data protection procedures

International Data Transfers

We do not transfer personal data outside the United Kingdom or European Economic Area. All data processing occurs within UK-based systems.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your GDPR rights, contact us at:

Email: [email protected]
Address: 47 Riverside Industrial Estate, Thornbury Road, Bristol BS12 4NQ, United Kingdom

We will respond to your request within one month. If your request is complex, we may extend this period by two additional months and will inform you of the extension.

Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

Updates to This Statement

We review our GDPR compliance procedures regularly and update this statement as needed to reflect changes in our practices or legal requirements.