GDPR Compliance

Our commitment to protecting your data under UK GDPR and the Data Protection Act 2018

Last updated: January 2025

Data Protection by Design

We build privacy into every feature and process from the ground up.

Security First

Enterprise-grade encryption and security measures protect your data.

Transparency

Clear, plain-language explanations of how we use your data.

Your Rights Matter

Easy-to-exercise data rights with prompt responses.

About Amptomic and GDPR

Amptomic is owned and operated by Bearworks LTD, a company registered in England and Wales. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller Details

Bearworks LTD

Williams Yard, Derby Road, Melbourne, Derbyshire DE73 8JR

Email: hello@bearworks.co

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides detailed information about our data practices.

Right of Access

You can request a copy of the personal data we hold about you. We will respond within one month and provide the data in a commonly used format.

Right to Rectification

If your personal data is inaccurate or incomplete, you can request we correct or complete it. You can also update most information directly in your account settings.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary or you withdraw consent.

Right to Restrict Processing

You can ask us to limit how we use your data while we address concerns about accuracy or our legal basis for processing.

Right to Data Portability

You can receive your personal data in a structured, machine-readable format and transfer it to another service provider.

Right to Object

You can object to processing based on legitimate interests, direct marketing, or research purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

How We Protect Your Data

Technical Measures

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication options
  • Intrusion detection and prevention systems
  • Regular automated backups with encryption

Organisational Measures

  • Staff training on data protection and security
  • Access controls based on the principle of least privilege
  • Data protection impact assessments for new features
  • Incident response procedures
  • Regular policy reviews and updates
  • Vendor due diligence for third-party processors

Lawful Basis for Processing

We process personal data under the following legal bases:

Processing ActivityLegal Basis
Providing our servicesContract performance
Account managementContract performance
Customer supportContract / Legitimate interest
Service improvementLegitimate interest
Marketing communicationsConsent
AnalyticsConsent / Legitimate interest
Legal complianceLegal obligation

International Data Transfers

Some of our service providers are located outside the UK. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

  • UK adequacy decisions (for countries deemed to provide adequate protection)
  • International Data Transfer Agreement (UK IDTA) or Addendum
  • Standard Contractual Clauses approved by the ICO
  • Supplementary measures where required

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are based on:

  • Legal requirements (e.g., tax records for 7 years)
  • Contractual obligations
  • Legitimate business needs
  • Your consent and preferences

When data is no longer needed, we securely delete or anonymise it.

Data Breach Procedures

In the unlikely event of a personal data breach, we have procedures in place to:

  • Detect and contain the breach immediately
  • Assess the risk to individuals
  • Notify the ICO within 72 hours if required
  • Communicate with affected individuals without undue delay if there is a high risk
  • Document the breach and our response
  • Take measures to prevent future breaches

Exercising Your Rights

To exercise any of your GDPR rights, you can:

We will respond to your request within one month. In complex cases, we may extend this by two additional months, but we will inform you of any delay.

We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

Supervisory Authority

If you are not satisfied with how we handle your personal data or your rights request, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk

However, we would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

Related Policies

Privacy Policy

Terms of Service

Cookie Policy

Contact Us

For any questions about our GDPR compliance or data protection practices:

Bearworks LTD

Williams Yard, Derby Road, Melbourne, Derbyshire DE73 8JR

Email: hello@bearworks.co

Or use our contact form