Our Policy for ensuring your Privacy when using this website.
GDPR and Brexit - 2021 updated December 2021
On January 1, 2021, the United Kingdom formally and effectively left the European Union.
Although the UK is now “a third country” under the EU’s GDPR (i.e. a country outside of the EU without an adequacy decision), a provision in the agreement signed by the UK and EU in December 2020 secures an interim period of six months of unrestricted data flow between the two blocs.
This GDPR/Brexit interim data transfer agreement means that – even though the UK is no longer part of the EU and therefore not under the EU’s GDPR – personal data is allowed to be transferred between the UK and EU unrestricted as before.
GDPR after Brexit in the UK
The European Withdrawal Agreement signed by the UK and EU includes specific provisions on the processing of personal data and the flow of information between the UK and EU.
In particular, Articles 70-73 of the Agreement state that the UK “shall ensure a level of protection of personal data essentially equivalent to that under [European] Union law.”
Ensuring an EU equivalent level of personal data protection is very important for the UK, as it is the only way to be deemed adequate by the EU and thus ensure the free, uninhibited flow of data between the UK and the EU.
Article 45 of the GDPR rules that “a transfer of personal data to a third country or an international organization may take place where the Commission has decided that the third country (…) ensures an adequate level of protection.”
In December 2020, a provision for an interim six month-period of free personal data flow between the UK and EU was agreed to, which means that for websites, businesses and organisations in the UK, all remains the same as it was before Brexit when it comes to the processing of personal data from inside the EU.
This adequacy decision had to be achieved before the end of the interim period in June 2021. Following this date an additional four year period has been agreed to which ends in June 2025.
The UK is at present forming a new law UK-GDPR. Below is the UK Government white paper on this matter and you can download the articles if you wish.
GDPR & DATA PRIVACY:WHAT YOU NEED TO KNOW AFTER BREXIT
This would mean that personal data transfers are only allowed if the controller or processors has provided safeguards and enforceable data subject rights (GDPR Article 46)
Effectively the only way to ensure that the user has control over their personal data through the use of cookies it to let the user decide prior to browsing any website.
GDPR cookie consent in brief
The General Data Protection Regulation (GDPR) is a European law that governs all collection and processing of personal data from individuals inside the EU.
Under the GDPR, it is the legal responsibility of website owners and operators to make sure that personal data is collected and processed lawfully.
A website outside of the EU is required to comply with the GDPR if it collects data from users inside the EU.
Although cookies are mentioned only once in the GDPR, cookie consent is nonetheless a cornerstone of compliance for websites with EU-located users.
This is because one of the most common ways for personal data to be collected and shared online is through website cookies. The GDPR sets out specific rules for the use of cookies.
That’s why, under the GDPR, cookie consent is the most frequently used legal basis that allows websites to process personal data and use cookies.
GDPR requires a website to only collect personal data from users after they have given their explicit consent to the specific purposes of its use.
Websites must comply with the following GDPR cookie consent requirements:
-
Prior and explicit consent must be obtained before any activation of cookies (apart from whitelisted, necessary cookies).
-
Consents must be granular, i.e. users must be able to activate some cookies rather than others and not be forced to consent to either all or none.
-
Consent must be freely given, i.e. not allowed to be forced.
-
Consents must be as easily withdrawn as they are given.
-
Consents must be securely stored as legal documentation.
-
Consent must be renewed at least once per year. However, some national data protection guidelines recommend more frequent renewal, e.g. 6 months.
Typically, GDPR cookie compliance is achieved on websites through cookie banners that allow users to select and accept certain cookies for activation rather than others, when visiting a site.
Typical banner from Cookiebot.
The above information has been gratefully provided by Cookiebot of Denmark.
DGK Construction Ltd COOKIE POLICY
1. Collected Information
You may visit our site anonymously but please be advised that cookies are used to identify your session. If you have entered this site and feel that you did not understand the cookie notice on the landing page, then please leave the site and re enter, but read the cookie notice carefully. We are only concerned for your privacy.
Contact form data
If you choose to use the enquiry form on our website, basic contact details are collected such as the email and name of the contact person.
Account data
If you register for an account or membership, we collect and store your name, e-mail address and telephone number if freely given. This information is only available to the Directors of DGK Construction Ltd. You will need to be an employee of DGK Construction Ltd to register.
Membership data
In order to issue an invoice for paid services, we also need to collect additional contact details about you or your business, such as full name, email, contact address, business name and business activity. We do not collect or store your credit card information. Any payments are collected using PayPal, therefore we would also store PayPal transaction ID but not passwords.
What do we use your information for?
Any of the information we collect may be used for one or more of the following purposes:
-
To answer your enquiry;
-
To contact you regarding our services;
-
To identify you as a contracting party;
-
To enable secure login for you in https://tjbphoto.co.uk;
-
To enable automated subscription handling;
-
To provide you with automatically generated information on the End User clicks on the Pop-up buttons.
2. Legal basis
EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If you are a resident of the EEA, you have the following data protection rights:
-
If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing admin@tjbphoto.co.uk
-
In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing admin@tjbphoto.co.uk
-
Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
-
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Children’s Online Privacy Protection Act Compliance
https://tjbphoto.co.uk and all our subsidiary websites are in compliance with the requirements of GDPR 2018. We will not intentionally collect any information from anyone under 13 years of age. Our website and services are directed at people who are at least 13 years old or older.
3. Data storage.
How do we protect your information?
DGK Ltd do not store any personal identifiable information about you online or using cloud storage unless those organizations comply with GDPR. DigitalOcean, LLC and Amazon Web Services, Inc. are two such organizations.
Confidentiality
All data is protected by password access. We do not request or keep financial information such as your bank account details. All personnel and subcontractors are required to sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.
4. Transparency
DGK Ltd or their Web Developer will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.
5. Monitoring
DGK Ltd and their Web Developer uses different internal and external monitoring tools to ensure high system performance and availability.
6. Personal Data breach notification
In the unlikely event that your data is compromised, DGK Ltd and/or their Web Developer will notify you and the ICO within 72 hours or 24 hours after being informed of breach by email with information about the extent of the breach, affected data, any impact on the website and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the service.
7. How we use cookies
DGK Ltds Web Developer may place a "cookie" in the browser files of your computer. This cookie does not collect information that personally identifies you as an individual (other than your Internet protocol address), but merely allows us to recognize your repeated visits to http://dgkltd.co.uk.
We use our cookie collected information to make your visit more enjoyable. Cookies are also used to remember your session and keep you logged into your account. If you want to disable cookies, there is a simple procedure in most Internet browsers that allows you to turn off or delete cookies, but please remember that cookies may be required to allow you to use certain features of any of our websites.
Measuring Website Usage
Google Analytics is in use to collect information about how visitors use this site. This provides us with important information that can enable the site to work better. We do not link this information to your name or address.
Similarly we use Quantcast as a second performance indicator.
8. Disclosure policy
Do we disclose any information to outside parties?
http://dgkltd.co.uk nor https://tjbphoto.co.uk, nor any of our subsidiary websites, do not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
Legally required disclosure
DGK Ltd through TJB PHOTO will not disclose customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from us, we will strive to limit the disclosure. We will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, DGK Ltd through TJB PHOTO will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
9. Third party services
You may access other third-party services through the website, for example by clicking on links to those third-party services from within the website. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies. This is especially relevant to social media websites.
10. ​Where do we store the information?
No stored data will be transferred, backed up and/or recovered by us outside of the European Union or UK. We also require all of our subcontractors and subprocessors to either store data in the European Union, or to adhere to the EU-US Privacy Shield. ( This information may change when the UK leaves the European Union. )
Personal data location
Krystal Hosting Services.
Tel: +44 020 8050 1337 Monday–Friday 9am – 8pm
Email: contact@krystal.co.uk
You may at any time obtain rectification of inaccurate personal data about you.
11. Restriction of processing personal data
You may at any time request DGK Ltd to restrict the processing of personal data when one of the following applies:
-
if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
-
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
-
if DGK Ltd no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
Erasure
You may without undue delay request the erasure of personal data concerning you, and DGK Ltd shall erase the personal data without undue delay when one of the following applies:
-
if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
-
if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
-
if the personal data have been unlawfully processed; or
-
if the personal data have to be erased for compliance with a legal obligation in EU or UK law.