GDPR Compliance

Rushax is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and your rights as a data subject.

1. Who We Are

Rushax acts as a data controller for personal data collected through our website and during the delivery of our services. Our contact details are:

• Email: info@rushax.com
• Phone: 0203 879 4230
• Address: Welling, Kent, DA16, England

2. Data We Process

As a data controller, we process personal data for the following purposes:

• Providing web design, SEO, and digital marketing services to clients.
• Managing client accounts and project communications.
• Responding to enquiries from prospective clients.
• Marketing communications to subscribers who have given consent.
• Website analytics to improve our services.

3. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

• Consent (Art. 6(1)(a)), where you have opted in, e.g. to receive our newsletter.
• Contract (Art. 6(1)(b)), where processing is necessary to fulfil a contract with you.
• Legal obligation (Art. 6(1)(c)), where we must comply with a legal requirement.
• Legitimate interests (Art. 6(1)(f)), for analytics, fraud prevention, and business development.

4. Data Subject Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access, you may request a copy of the personal data we hold about you.
• Right to rectification, you may request correction of inaccurate or incomplete data.
• Right to erasure, you may request deletion of your data where there is no legitimate reason for us to continue processing it.
• Right to restrict processing, you may request that we limit how we use your data.
• Right to data portability, you may request your data in a structured, machine-readable format.
• Right to object, you may object to processing based on legitimate interests or for direct marketing.
• Rights related to automated decision-making, you have the right not to be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, email us at info@rushax.com. We will respond within 30 days. There is no charge for making a request.

5. Data Transfers

Some of our third-party service providers (e.g. Google, Meta) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

6. Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, and affected individuals without undue delay where required.

7. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the ICO, the UK's data protection supervisory authority:

• Website: ico.org.uk
• Phone: 0303 123 1113

8. Policy Review

We review our GDPR compliance and this statement at least annually, or whenever there is a significant change to our data processing activities or applicable law.