GDPR Compliance Statement

Last updated: May 22, 2026

Our Commitment to GDPR

cyt-gear is committed to full compliance with the General Data Protection Regulation (GDPR) and UK data protection legislation. We recognize the importance of protecting personal data and maintaining transparency about our data processing activities.

Data Controller Information

cyt-gear acts as the data controller for personal information collected through our website and service delivery. Our contact details:

cyt-gear
47 Meridian Gardens
Bristol BS8 2TN
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases as defined by GDPR Article 6:

• Consent (Article 6(1)(a)): When you explicitly agree to processing for specific purposes
• Contract (Article 6(1)(b)): When processing is necessary to fulfill our contractual obligations
• Legal Obligation (Article 6(1)(c)): When required by UK or EU law
• Legitimate Interests (Article 6(1)(f)): For our business operations, provided your rights are not overridden

Your Rights Under GDPR

As a data subject, you have comprehensive rights regarding your personal data:

Right of Access (Article 15)

You can request confirmation of what personal data we hold about you and receive a copy. We will respond within one month of your request.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. We will update records promptly upon verification.

Right to Erasure (Article 17)

Under certain circumstances, you can request deletion of your personal data, including when data is no longer necessary for its original purpose or when you withdraw consent.

Right to Restriction of Processing (Article 18)

You can request temporary suspension of data processing when accuracy is contested, processing is unlawful, or you've objected to processing.

Right to Data Portability (Article 20)

You can request transfer of your data in a structured, commonly used format to another controller where technically feasible.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless compelling legitimate grounds exist.

Rights Related to Automated Decision-Making (Article 22)

We do not currently employ automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any GDPR rights, submit a request to [email protected] including:

• Your full name and contact information
• Description of the right you wish to exercise
• Any relevant details to help us locate your data
• Proof of identity (we may request this to prevent unauthorized access)

We will respond within one month, extendable by two months for complex requests with prior notification.

Data Protection Principles

We adhere to GDPR's core principles (Article 5):

• Lawfulness, Fairness, Transparency: We process data legally, fairly, and transparently
• Purpose Limitation: Data is collected for specified, explicit, legitimate purposes
• Data Minimization: We collect only necessary data for stated purposes
• Accuracy: We maintain accurate and current data
• Storage Limitation: Data is retained only as long as necessary
• Integrity and Confidentiality: Appropriate security measures protect data
• Accountability: We demonstrate compliance with these principles

Data Security Measures

We implement technical and organizational measures to ensure appropriate security levels:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Staff training on data protection obligations
• Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach likely to result in high risk to your rights and freedoms, we will notify you without undue delay as required by Article 34. We will also notify the ICO within 72 hours as mandated by Article 33.

Third-Party Processors

When we engage third-party processors, we ensure:

• Written contracts specifying data processing terms
• Processors provide sufficient guarantees of GDPR compliance
• Appropriate technical and organizational security measures
• Processing only occurs on documented instructions

International Data Transfers

If personal data is transferred outside the UK or European Economic Area, we ensure adequate protection through:

• Transfers to countries with adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable
• Other legally recognized safeguards

Children's Data

Our services target organizations, not individuals under 18. We do not knowingly process children's data without appropriate parental consent as required by Article 8.

Complaints and Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in your habitual residence, workplace, or place of alleged infringement. In the UK, contact:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Updates to This Statement

We review and update this GDPR compliance statement regularly to reflect changes in our practices or legal requirements. Material changes will be communicated through prominent website notices.

Contact for GDPR Matters

For questions about GDPR compliance or data protection practices:

Email: [email protected]