On January 1, 2021, the United Kingdom formally and effectively left the European Union.
Although the UK is now “a third country” under the EU’s GDPR (i.e. a country outside of the EU without an adequacy decision), a provision in the agreement signed by the UK and EU in December 2020 secures an interim period of six months of unrestricted data flow between the two blocs.
This GDPR/Brexit interim data transfer agreement means that – even though the UK is no longer part of the EU and therefore not under the EU’s GDPR – personal data is allowed to be transferred between the UK and EU unrestricted as before.
The European Withdrawal Agreement signed by the UK and EU includes specific provisions on the processing of personal data and the flow of information between the UK and EU.
In particular, Articles 70-73 of the Agreement state that the UK “shall ensure a level of protection of personal data essentially equivalent to that under [European] Union law.”
Ensuring an EU equivalent level of personal data protection is very important for the UK, as it is the only way to be deemed adequate by the EU and thus ensure the free, uninhibited flow of data between the two countries.
Article 45 of the GDPR rules that “a transfer of personal data to a third country or an international organization may take place where the Commission has decided that the third country (…) ensures an adequate level of protection.”
In December 2020, a provision for an interim six month-period of free personal data flow between UK and EU was agreed to, which means that for websites, businesses and organisations in the UK, all remains the same as it was before Brexit when it comes to the processing of personal data from inside the EU.
This adequacy decision had to be achieved before the end of the interim period in June 2021. Following this date an additional four year period has been agreed to which ends in June 2025.
The UK is at present forming a new law UK-GDPR. This article will be updated following issue of Government statement.
This would mean that personal data transfers are only allowed if the controller or processors has provided safeguards and enforceable data subject rights (GDPR Article 46)
The General Data Protection Regulation (GDPR) is a European law that governs all collection and processing of personal data from individuals inside the EU.
Under the GDPR, it is the legal responsibility of website owners and operators to make sure that personal data is collected and processed lawfully.
A website outside of the EU is required to comply with the GDPR if it collects data from users inside the EU.
Although cookies are mentioned only once in the GDPR, cookie consent is nonetheless a cornerstone of compliance for websites with EU-located users.
GDPR requires a website to only collect personal data from users after they have given their explicit consent to the specific purposes of its use.
Websites must comply with the following GDPR cookie consent requirements:
Prior and explicit consent must be obtained before any activation of cookies (apart from whitelisted, necessary cookies).
Consents must be granular, i.e. users must be able to activate some cookies rather than others and not be forced to consent to either all or none.
Consent must be freely given, i.e. not allowed to be forced.
Consents must be as easily withdrawn as they are given.
Consents must be securely stored as legal documentation.
Consent must be renewed at least once per year. However, some national data protection guidelines recommend more frequent renewal, e.g. 6 months.
Typically, GDPR cookie compliance is achieved on websites through cookie banners that allow users to select and accept certain cookies for activation rather than others, when visiting a site.
Typical banner from Cookiebot.
The above information has been gratefully provided by Cookiebot of Denmark.
You may visit our site anonymously but please be advised that cookies are used to identify your session. If you have entered this site and feel that you did not understand the cookie notice on the landing page, then please leave the site and re enter, but read the cookie notice carefully. We are only concerned for your privacy.
If you choose to use the enquiry form on our website, basic contact details are collected such as the email and name of the contact person.
If you register for an account or membership, we collect and store your name, e-mail address and telephone number if freely given. This information is only available to the Directors of DGK Construction Ltd. You will need to be an employee of DGK Construction Ltd to register.
In order to issue an invoice for paid services, we also need to collect additional contact details about you or your business, such as full name, email, contact address, business name and business activity. We do not collect or store your credit card information. Any payments are collected using PayPal, therefore we would also store PayPal transaction ID but not passwords.
Any of the information we collect may be used for one or more of the following purposes:
To answer your enquiry;
To contact you regarding our services;
To identify you as a contracting party;
To enable secure login for you in https://tjbphoto.co.uk;
To enable automated subscription handling;
To provide you with automatically generated information on the End User clicks on the Pop-up buttons.
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If you are a resident of the EEA, you have the following data protection rights:
If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing firstname.lastname@example.org
In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing email@example.com
Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
https://tjbphoto.co.uk and all our subsidiary websites are in compliance with the requirements of GDPR 2018. We will not intentionally collect any information from anyone under 13 years of age. Our website and services are directed at people who are at least 13 years old or older.
DGK Ltd do not store any personal identifiable information about you online or using cloud storage unless those organizations comply with GDPR. DigitalOcean, LLC and Amazon Web Services, Inc. are two such organizations.
All data is protected by password access. We do not request or keep financial information such as your bank account details. All personnel and subcontractors are required to sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.
DGK Ltd or their Web Developer will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.
DGK Ltd and their Web Developer uses different internal and external monitoring tools to ensure high system performance and availability.
In the unlikely event that your data is compromised, DGK Ltd and/or their Web Developer will notify you and the ICO within 72 hours or 24 hours after being informed of breach by email with information about the extent of the breach, affected data, any impact on the website and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the service.
DGK Ltds Web Developer may place a "cookie" in the browser files of your computer. This cookie does not collect information that personally identifies you as an individual (other than your Internet protocol address), but merely allows us to recognize your repeated visits to http://dgkltd.co.uk.
We use our cookie collected information to make your visit more enjoyable. Cookies are also used to remember your session and keep you logged into your account. If you want to disable cookies, there is a simple procedure in most Internet browsers that allows you to turn off or delete cookies, but please remember that cookies may be required to allow you to use certain features of any of our websites.
Google Analytics is in use to collect information about how visitors use this site. This provides us with important information that can enable the site to work better. We do not link this information to your name or address.
Similarly we use Quantcast as a second performance indicator.
http://dgkltd.co.uk nor https://tjbphoto.co.uk, nor any of our subsidiary websites, do not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
DGK Ltd through TJB PHOTO will not disclose customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from us, we will strive to limit the disclosure. We will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, DGK Ltd through TJB PHOTO will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
You may access other third-party services through the website, for example by clicking on links to those third-party services from within the website. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies. This is especially relevant to social media websites.
No stored data will be transferred, backed up and/or recovered by us outside of the European Union or UK. We also require all of our subcontractors and subprocessors to either store data in the European Union, or to adhere to the EU-US Privacy Shield. ( This information may change when the UK leaves the European Union. )
Krystal Hosting Services.
Tel: +44 020 8050 1337 Monday–Friday 9am – 8pm
You may at any time obtain rectification of inaccurate personal data about you.
You may at any time request DGK Ltd to restrict the processing of personal data when one of the following applies:
if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
if DGK Ltd no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
You may without undue delay request the erasure of personal data concerning you, and DGK Ltd shall erase the personal data without undue delay when one of the following applies:
if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
if the personal data have been unlawfully processed; or
if the personal data have to be erased for compliance with a legal obligation in EU or UK law.
You can also remove your account data yourself on Account Page. If you have any Membership data associated with your account, it will not be removed automatically when deleting Account data by you.
Membership data will, due to tax regulations, be retained for up to seven fiscal years from your cancellation of any of your accounts.
End User Data and Account data will be erased immediately when you cancel any of your accounts.
You cannot require DGK Ltd to change any of the default retention periods, except for the reasons linked to compliance with specific laws and regulations.
You may at any time lodge a complaint with a supervisory authority regarding my collection and processing of your personal data with State Data Protection Inspectorate https://www.ada.lt