Information on this site is advertising in nature

GDPR Compliance

Your data protection rights under UK GDPR

Last updated: June 2026

1. Our Commitment to Data Protection

leafy-stream is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we ensure compliance and outlines your rights as a data subject.

2. Data Controller Information

For the purposes of data protection legislation, leafy-stream acts as the data controller for personal information collected through this website. Our contact details are:

leafy-stream
47 Greenway Business Centre
Bristol, BS1 4QR
United Kingdom

Email: [email protected]

3. Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so. The lawful bases we rely upon include:

3.1 Consent

Where you have provided clear consent for us to process your personal data for specific purposes. You may withdraw consent at any time by contacting us.

3.2 Contractual Necessity

Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

3.3 Legitimate Interests

Where processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:

  • Responding to enquiries and providing customer service
  • Improving our services and website functionality
  • Ensuring network and information security
  • Preventing fraud

3.4 Legal Obligation

Where processing is necessary to comply with legal or regulatory requirements.

4. Your Rights Under UK GDPR

As a data subject, you have the following rights:

4.1 Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR statement.

4.2 Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to valid requests within one month.

4.3 Right to Rectification

You have the right to request correction of personal data that is inaccurate or incomplete.

4.4 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including:

  • When the data is no longer necessary for the purpose for which it was collected
  • When you withdraw consent (where consent is the lawful basis)
  • When you object to processing and there are no overriding legitimate grounds
  • When the data has been unlawfully processed

4.5 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data or object to processing pending verification of legitimate grounds.

4.6 Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

4.7 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

4.8 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.

5. Exercising Your Rights

To exercise any of these rights, please contact us using the details provided above. We may need to verify your identity before processing your request. We will respond to valid requests within one month, though this period may be extended by up to two months for complex requests.

6. Data Transfers

We primarily process data within the United Kingdom. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

7. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit
  • Regular security assessments
  • Access controls and authentication measures
  • Staff training on data protection

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

9. Complaints

If you are not satisfied with how we handle your personal data or respond to your rights requests, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF

Website: ico.org.uk

10. Updates to This Statement

We may update this GDPR statement periodically. Any changes will be posted on this page with an updated revision date.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing to use this site, you consent to our use of cookies. Learn more