GDPR – Amptomic

GDPR Compliance

Our commitment to protecting your data under UK GDPR and the Data Protection Act 2018

Last updated: January 2025

Data Protection by Design

We build privacy into every feature and process from the ground up.

Security First

Enterprise-grade encryption and security measures protect your data.

Transparency

Clear, plain-language explanations of how we use your data.

Your Rights Matter

Easy-to-exercise data rights with prompt responses.

About Amptomic and GDPR

Amptomic is owned and operated by Bearworks LTD, a company registered in England and Wales. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller Details

Bearworks LTD

Williams Yard, Derby Road, Melbourne, Derbyshire DE73 8JR

Email: hello@bearworks.co

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides detailed information about our data practices.

Right of Access

You can request a copy of the personal data we hold about you. We will respond within one month and provide the data in a commonly used format.

Right to Rectification

If your personal data is inaccurate or incomplete, you can request we correct or complete it. You can also update most information directly in your account settings.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary or you withdraw consent.

Right to Restrict Processing

You can ask us to limit how we use your data while we address concerns about accuracy or our legal basis for processing.

Right to Data Portability

You can receive your personal data in a structured, machine-readable format and transfer it to another service provider.

Right to Object

You can object to processing based on legitimate interests, direct marketing, or research purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

How We Protect Your Data

Technical Measures

TLS/SSL encryption for all data in transit
AES-256 encryption for data at rest
Regular security audits and vulnerability assessments
Multi-factor authentication options
Intrusion detection and prevention systems
Regular automated backups with encryption

Organisational Measures

Staff training on data protection and security
Access controls based on the principle of least privilege
Data protection impact assessments for new features
Incident response procedures
Regular policy reviews and updates
Vendor due diligence for third-party processors

Lawful Basis for Processing

We process personal data under the following legal bases:

Processing Activity	Legal Basis
Providing our services	Contract performance
Account management	Contract performance
Customer support	Contract / Legitimate interest
Service improvement	Legitimate interest
Marketing communications	Consent
Analytics	Consent / Legitimate interest
Legal compliance	Legal obligation

International Data Transfers

Some of our service providers are located outside the UK. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

UK adequacy decisions (for countries deemed to provide adequate protection)
International Data Transfer Agreement (UK IDTA) or Addendum
Standard Contractual Clauses approved by the ICO
Supplementary measures where required

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are based on:

Legal requirements (e.g., tax records for 7 years)
Contractual obligations
Legitimate business needs
Your consent and preferences

When data is no longer needed, we securely delete or anonymise it.

Data Breach Procedures

In the unlikely event of a personal data breach, we have procedures in place to:

Detect and contain the breach immediately
Assess the risk to individuals
Notify the ICO within 72 hours if required
Communicate with affected individuals without undue delay if there is a high risk
Document the breach and our response
Take measures to prevent future breaches

Exercising Your Rights

To exercise any of your GDPR rights, you can:

Email us at hello@bearworks.co
Use our contact form
Write to us at the address below

We will respond to your request within one month. In complex cases, we may extend this by two additional months, but we will inform you of any delay.

We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

Supervisory Authority

If you are not satisfied with how we handle your personal data or your rights request, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk

However, we would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

Related Policies

Privacy Policy

Terms of Service

Cookie Policy

Contact Us

For any questions about our GDPR compliance or data protection practices: