GDPR Compliance Notice
Last updated: May 2025
Iterize Ltd is committed to processing personal data lawfully, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This notice supplements our Privacy Policy and provides additional detail on our data protection practices.
1. Data Controller
Name: Iterize Ltd
Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
Contact: iterizec@iterize.co.uk
Iterize Ltd is registered with the Information Commissioner's Office (ICO) as a data controller.
2. Principles We Follow
All personal data processing at Iterize is conducted in accordance with the UK GDPR data protection principles:
- Lawfulness, fairness, and transparency: We process data lawfully and transparently, with a valid legal basis for each processing activity.
- Purpose limitation: Data is collected for specified, explicit purposes and not processed incompatibly with those purposes.
- Data minimisation: We collect only the data necessary for the stated purpose.
- Accuracy: We take reasonable steps to ensure data is accurate and kept up to date.
- Storage limitation: Data is retained only as long as necessary for the stated purpose.
- Integrity and confidentiality: Data is processed securely, with appropriate technical and organisational measures in place.
- Accountability: We maintain records of processing activities and can demonstrate compliance.
3. Legal Bases for Processing
We rely on the following lawful bases for processing personal data:
Consent (Article 6(1)(a))
For marketing communications and contact form submissions where you have provided clear affirmative consent.
Contract (Article 6(1)(b))
For processing necessary to perform or prepare to perform a contract with you.
Legal Obligation (Article 6(1)(c))
For processing required to comply with applicable law (e.g., accounting records).
Legitimate Interests (Article 6(1)(f))
For processing where we have a legitimate business interest, balanced against your rights and interests (e.g., B2B marketing, network security).
4. Data Subject Rights
Under UK GDPR, you have the following rights:
Right of Access (Article 15)
Request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification (Article 16)
Request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17)
Request deletion of your personal data where there is no overriding reason for its continued processing ('right to be forgotten').
Right to Restriction (Article 18)
Request that we limit processing of your personal data in certain circumstances.
Right to Data Portability (Article 20)
Receive your data in a structured, machine-readable format and transfer it to another controller.
Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making (Article 22)
Not to be subject to solely automated decisions that produce significant legal or similar effects.
To exercise any of these rights, please submit a written request to iterizec@iterize.co.uk. We will respond within 30 calendar days. We may need to verify your identity before processing your request.
5. Data Security Measures
We implement appropriate technical and organisational security measures to protect personal data, including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Access controls and role-based permissions
- Regular security assessments and penetration testing
- Staff data protection training and awareness programmes
- Incident response and breach notification procedures
6. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33.
Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.
7. International Data Transfers
Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:
- UK International Data Transfer Agreements (IDTAs)
- EU Standard Contractual Clauses (SCCs) as adopted for UK transfers
- Transfers to countries with UK adequacy decisions
8. Data Protection Officer
While Iterize Ltd is not legally required to appoint a Data Protection Officer under current thresholds, we have designated a responsible individual for data protection matters. Data protection enquiries should be directed to: iterizec@iterize.co.uk
9. Supervisory Authority
You have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113