Last updated: 14 July 2026
spry-cove is committed to protecting your personal data in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we fulfill our obligations as a data controller and the rights available to you as a data subject.
For the purposes of UK GDPR, the data controller is:
spry-cove
42 Wellington Street
Edinburgh, EH7 4GB
United Kingdom
Email: [email protected]
Under UK GDPR, you have the following rights regarding your personal data:
You have the right to clear, transparent information about how we collect and use your personal data. This information is provided through our Privacy Policy and this GDPR statement.
You can request a copy of all personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information within one month of your request, free of charge, unless the request is manifestly unfounded or excessive.
If your personal data is inaccurate or incomplete, you have the right to have it corrected or updated. We will respond to your rectification request within one month.
Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances, including:
Please note that this right is not absolute, and we may need to retain certain information for legal or operational reasons.
You can request that we limit how we use your personal data while a dispute is being resolved or while we verify the accuracy of your data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.
You can object to processing of your personal data where we rely on legitimate interests as the legal basis. You also have an absolute right to object to processing for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making.
To exercise any of your data protection rights, please contact us at [email protected] with the following information:
We will respond to your request within one month. In complex cases, we may extend this period by an additional two months, but we will inform you of any such extension.
We process your personal data under the following lawful bases as defined by UK GDPR:
We ensure that all personal data is:
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. Where the breach poses a high risk, we will inform you within 72 hours. We will also report qualifying breaches to the Information Commissioner's Office as required by law.
If we transfer your data outside the United Kingdom, we ensure appropriate safeguards are in place, such as:
When we engage third-party service providers to process data on our behalf, we ensure they are bound by data processing agreements that meet UK GDPR requirements, including obligations regarding security, confidentiality, and data protection principles.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Any material changes will be communicated through our website and, where appropriate, via email.
For any questions about our GDPR compliance or to exercise your data protection rights, please contact us at [email protected].