GDPR Compliance

Your Data Protection Rights

Our Commitment to Data Protection

hyper-atoll is committed to protecting your personal data and respecting your privacy. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we handle your data and your rights under these regulations.

Data Controller

hyper-atoll is the data controller responsible for your personal data. Our contact details are:

hyper-atoll
47 Clerkenwell Road
London EC1M 5RS
United Kingdom

Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Contractual Necessity

When you book our services, we process your data to fulfil our contractual obligations. This includes:

  • Processing booking requests and confirmations
  • Communicating about your event or service
  • Processing payments
  • Providing the agreed culinary services

Legitimate Interests

We may process your data for our legitimate business interests, including:

  • Responding to enquiries
  • Improving our services
  • Protecting our business and website security
  • Analysing website usage to enhance user experience

Consent

Where required, we obtain your explicit consent before processing your data, such as for:

  • Sending marketing communications
  • Using non-essential cookies

You may withdraw consent at any time by contacting us or using the unsubscribe mechanism provided.

Legal Obligation

We may process your data to comply with legal requirements, such as tax and accounting obligations.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request correction.

Right to Erasure

You may request deletion of your personal data where:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You may request that we restrict the processing of your data in certain circumstances, such as while we verify accuracy of disputed data.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond within one month. In complex cases, this may be extended by two further months, and we will inform you if this is necessary.

We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest where appropriate
  • Access controls limiting data access to authorised personnel
  • Regular security assessments
  • Staff training on data protection

International Transfers

We primarily store and process your data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in high risk to you, we will also notify you directly.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: ico.org.uk

We encourage you to contact us first so we can address your concerns.

Updates to This Information

We may update this GDPR information from time to time. The latest version will always be available on this page.