GDPR & PECR Compliance

At Uplift, we are dedicated to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). This page outlines our approach to data protection and electronic communications.

1. Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.
  
  

• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.
  
  

• Data Minimization: We collect only the data necessary for our purposes.
  
  

• Accuracy: We keep personal data accurate and up to date.
  
  

• Storage Limitation: We retain data only as long as necessary.
  
  

• Integrity and Confidentiality: We ensure appropriate security of personal data.
  
  

2. Lawful Basis for Processing

Our processing activities are based on lawful grounds, including:

• Legitimate Interests: For business-to-business marketing and service provision.
  
  

• Consent: Obtained for specific processing activities where required.
  
  

• Contractual Necessity: To fulfill contractual obligations.
  
  

• Legal Obligations: To comply with legal requirements.
  
  

3. Electronic Marketing Communications

Under PECR, we ensure that:

• Consent: We obtain prior consent for electronic marketing communications where required.
  
  

• Opt-Out: All marketing communications include an option to unsubscribe.
  
  

• B2B Communications: We may send marketing emails to corporate subscribers without prior consent, provided they are relevant to the recipient’s role and include an opt-out option.
  
  

4. Cookies and Similar Technologies

We use cookies to enhance website functionality and user experience. In compliance with PECR:

• Consent: We obtain user consent for non-essential cookies.
  
  

• Transparency: We provide clear information about the cookies used.
  
  

• Control: Users can manage cookie preferences through their browser settings.
  
  

For more details, please refer to our Cookie Policy.

5. Data Subject Rights

We respect and facilitate the rights of individuals under the UK GDPR, including:

• Access: Right to access personal data.
  
  

• Rectification: Right to correct inaccurate data.
  
  

• Erasure: Right to request deletion of data.
  
  

• Restriction: Right to restrict processing.
  
  

• Objection: Right to object to processing.
  
  

• Data Portability: Right to receive data in a structured, commonly used format.
  
  

To exercise your rights, please contact us at info@uplift-outreach.com.

6. Data Security Measures

We implement robust security measures to protect personal data, including:

• Technical Measures: Encryption, firewalls, and secure servers.
  
  

• Organizational Measures: Access controls, staff training, and data protection policies.
  
  

• Regular Assessments: Ongoing monitoring and evaluation of security practices.
  
  

7. Data Breach Response

In the event of a data breach:

• Notification: We will notify the Information Commissioner’s Office (ICO) within 72 hours, if required.
  
  

• Communication: We will inform affected individuals when there is a high risk to their rights and freedoms.
  
  

• Investigation: We will investigate the breach and implement measures to prevent recurrence.
  
  

8. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and compliance.

Contact: Reece Morris

Email: reece.morris@uplift-outreach.co.uk

9. Updates to This Compliance Statement

We may update this GDPR & PECR Compliance Statement to reflect changes in our practices or legal requirements. We encourage you to review this page periodically.

10. Contact Information

For any questions or concerns regarding our data protection practices, please contact:

Uplift Outreach

Email: info@uplift-outreach.co.uk