1. Introduction
Aim Digital Limited (“we,” “us,” or “our”) is committed to complying with the General Data Protection Regulation (GDPR) (EU 2016/679) and the UK GDPR (as incorporated into UK law post-Brexit). This GDPR Compliance Statement outlines how we collect, process, and protect personal data of individuals (“data subjects”) in the UK and European Economic Area (EEA).
By using our website (www.aimdigitallimited.co.uk) or services, you acknowledge that we process your data in accordance with GDPR requirements.
2. Our GDPR Principles
We adhere to the following GDPR principles:
✅ Lawfulness, Fairness & Transparency – We process data legally, fairly, and with clear communication.
✅ Purpose Limitation – Data is collected only for specified, legitimate purposes.
✅ Data Minimization – We collect only necessary data.
✅ Accuracy – We keep data updated and correct inaccuracies.
✅ Storage Limitation – Data is retained only as long as necessary.
✅ Integrity & Confidentiality – We implement strong security measures.
✅ Accountability – We document compliance and can demonstrate it upon request.
3. Lawful Basis for Processing
Under GDPR, we process personal data based on one or more of the following lawful grounds:
🔹 Contractual Necessity – To fulfill agreements with clients.
🔹 Legitimate Interest – For business operations, fraud prevention, and service improvements.
🔹 Consent – Where required (e.g., marketing emails), we obtain explicit opt-in consent.
🔹 Legal Obligation – To comply with UK/EU laws (e.g., tax records).
4. Data Subject Rights (Your Rights Under GDPR)
As an individual in the UK/EEA, you have the following rights regarding your personal data:
🔸 Right to Access – Request a copy of your stored data.
🔸 Right to Rectification – Correct inaccurate or incomplete data.
🔸 Right to Erasure (“Right to Be Forgotten”) – Request deletion under certain conditions.
🔸 Right to Restrict Processing – Limit how we use your data.
🔸 Right to Data Portability – Receive your data in a structured, machine-readable format.
🔸 Right to Object – Opt out of processing for direct marketing or legitimate interests.
🔸 Rights Related to Automated Decision-Making – Request human intervention if automated decisions significantly affect you.
To exercise these rights, contact us at:
📧 Email: [Your GDPR Contact Email]
📍 Address: [Your Business Address]
We will respond within 30 days (or sooner if required by law).
5. Data Transfers Outside the UK/EEA
If we transfer data outside the UK/EEA (e.g., to US-based cloud services), we ensure safeguards such as:
✔ Standard Contractual Clauses (SCCs)
✔ Adequacy Decisions (for approved countries like Japan & Canada)
✔ Binding Corporate Rules (BCRs) (if applicable)
6. Data Security Measures
We implement technical and organizational measures to protect personal data, including:
🔐 Encryption (SSL/TLS) for data in transit and at rest
🔐 Access controls (role-based permissions)
🔐 Regular security audits & staff training
🔐 Incident response plan for data breaches
7. Data Breach Notification
In case of a personal data breach, we will:
1️⃣ Assess the risk to data subjects.
2️⃣ Notify the UK ICO (Information Commissioner’s Office) within 72 hours (if required).
3️⃣ Inform affected individuals if the breach poses a high risk to their rights.
8. Updates to This Statement
We may update this GDPR Compliance Statement to reflect legal changes. The latest version will always be available on our website.
9. Contact Us
For GDPR-related inquiries or to exercise your rights:
Aim Digital UK Limited