GDPR Compliance
Data minimalism, just like our cleaning philosophy. Raxvino is committed to protecting your personal data. We collect only what we need, store it securely, and never keep it longer than necessary. This page outlines our compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Our Commitment to GDPR
Raxvino Eco-Friendly Cleaning Solutions is committed to full compliance with the UK GDPR and the Data Protection Act 2018. We recognise that protecting your personal data is not just a legal obligation but a fundamental part of the trust you place in us.
As a data controller, we are responsible for determining how and why your personal data is processed. We take this responsibility seriously and have implemented comprehensive measures to ensure your data is handled lawfully, fairly, and transparently.
2. The Seven GDPR Principles
Our data processing activities adhere to the seven key principles of UK GDPR:
3. Lawful Bases for Processing
We process personal data under the following lawful bases, depending on the nature of the processing activity:
| Processing Activity | Lawful Basis | Data Types |
|---|---|---|
| Booking & delivering cleaning services | Contractual necessity | Name, address, contact details, service preferences |
| Responding to enquiries | Legitimate interest | Name, email, phone, message content |
| Sending marketing communications | Consent | Name, email address |
| Managing allergy/health information | Explicit consent | Health-related preferences |
| Website analytics | Consent (via cookies) | IP address, browsing behaviour |
| Financial records & invoicing | Legal obligation (HMRC) | Name, address, payment details |
| Staff employment records | Contractual necessity / Legal obligation | Employee personal data |
4. Your Data Rights
Under UK GDPR, you have the following rights regarding your personal data. We are committed to facilitating these rights promptly and free of charge.
Right of Access (Article 15)
You can request a copy of all personal data we hold about you. We will provide this within 30 days in a clear, accessible format.
Right to Rectification (Article 16)
If any data we hold is inaccurate or incomplete, you have the right to have it corrected without undue delay.
Right to Erasure (Article 17)
You can request that we delete your personal data where there is no compelling reason for its continued processing. This right does not apply where we have a legal obligation to retain data (e.g., financial records for HMRC).
Right to Restrict Processing (Article 18)
You can request that we limit how we process your data in certain circumstances, such as while we verify accuracy or assess an objection.
Right to Data Portability (Article 20)
Where processing is based on consent or contract, you can request your data in a structured, commonly used, machine-readable format (such as CSV or JSON).
Right to Object (Article 21)
You can object to processing based on legitimate interest or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
Right Not to Be Subject to Automated Decision-Making (Article 22)
Raxvino does not use automated decision-making or profiling that produces legal or similarly significant effects.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of prior processing.
5. How to Exercise Your Rights
To exercise any of your data rights, contact us using any of the following methods:
- Email: support@raxvino.com (subject line: "GDPR Request")
- Post: Data Protection, Raxvino, ul. MarszaĆkowska 28, 00-576 Warszawa
- Phone: 0117 403 0586
We will verify your identity before processing any request. We aim to respond within 30 days. In exceptional circumstances, we may extend this by a further 60 days, in which case we will inform you and explain the reason for the delay.
6. Data Security Measures
We have implemented the following technical and organisational measures to protect personal data:
- Encryption: All data transmitted via our website is encrypted using TLS 1.3
- Access control: Staff access to personal data is restricted on a need-to-know basis with individual credentials
- Device security: All company devices are password-protected with encryption enabled
- Staff training: All team members receive data protection training upon joining and annual refresher training
- Data backup: Regular secure backups with encrypted storage
- Incident response: Documented breach response procedure with 72-hour ICO notification capability
- Supplier vetting: All third-party processors are assessed for GDPR compliance before engagement
7. Data Breach Procedures
In the event of a personal data breach, we will:
- Assess the nature and severity of the breach immediately
- Notify the Information Commissioner's Office (ICO) within 72 hours if the breach is likely to result in a risk to individuals' rights and freedoms
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
- Document the breach, our response, and any remedial actions taken
- Review and update our security measures to prevent recurrence
8. International Data Transfers
Your personal data is primarily processed within the United Kingdom. Where any data is transferred to countries outside the UK, we ensure appropriate safeguards are in place, including:
- UK adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the ICO
- Binding Corporate Rules where applicable
9. Data Protection Impact Assessments
Where new processing activities are likely to result in high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate potential risks before processing begins.
10. Third-Party Processors
We use a limited number of third-party processors to help deliver our services. Each processor is bound by a data processing agreement that requires them to:
- Process data only on our documented instructions
- Implement appropriate security measures
- Assist us in fulfilling data subject requests
- Delete or return all data upon termination of the agreement
- Submit to audits and inspections
11. Children's Data
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
12. Record of Processing Activities
In accordance with Article 30 of UK GDPR, we maintain a comprehensive Record of Processing Activities (ROPA) that documents all personal data processing, including purposes, categories of data, recipients, retention periods, and security measures.
13. Supervisory Authority
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
We encourage you to contact us first so we have the opportunity to address your concern directly.
14. Policy Review
This GDPR compliance statement is reviewed annually or whenever there are significant changes to our data processing activities. The "last updated" date at the top of this page reflects the most recent review.
15. Contact Our Data Protection Lead
For any GDPR-related questions, concerns, or requests:
Raxvino Eco-Friendly Cleaning Solutions
Data Protection Lead
ul. MarszaĆkowska 28, 00-576 Warszawa
Email: support@raxvino.com
Phone: 0117 403 0586