1. Introduction

1.1 Important Information and Who We Are

Welcome to Down4 Limited’s Privacy and Data Protection Policy (“Privacy Policy”). At Down4 Limited (“we”, “us”, or “our”), we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable laws and regulations.

This Privacy Policy explains how we collect, process, and protect your data, outlines your privacy rights, and explains how the law protects you.

This policy applies to all employees, staff members, and all Personal Data processed by us at any time.

1.2 Your Data Controller

Down4 Limited is the Data Controller responsible for your Personal Data. We are not required to appoint a Data Protection Officer under the GDPR and have not done so. Any enquiries regarding your data should be sent to us by email or by post at the address above.

You have the right to make a complaint to the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would appreciate the opportunity to address your concerns first.

1.3 Processing Data on Behalf of a Controller

Our employees may process data on our behalf as authorised processors. We ensure that:

• All processing is governed by a lawful basis under the GDPR
• Processors are bound by confidentiality obligations
• Appropriate security measures are implemented
• Processors assist with data subject rights requests
• Personal Data breaches are reported without undue delay

2. Legal Basis for Data Collection

2.1 Types of Data

Personal Data means any information that identifies an individual. We do not collect Special Categories of Personal Data or information about criminal convictions.

2.2 Lawful Bases for Processing

• Consent – where you opt in to receive communications
• Contractual Obligations – where data is needed to provide services
• Legal Compliance – where required by law
• Legitimate Interests – for reasonable business operations

3. How We Use Your Personal Data

3.1 Data Usage

We only use your Personal Data where permitted by law.

3.2 Change of Purpose

We will only use your data for the purpose it was collected unless a compatible lawful reason applies. Where required, we will notify you.

4. Your Rights

4.1 Legal Rights

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to object
• Right to restrict processing
• Right to data portability

4.2 Data Security

We take appropriate technical and organisational measures to secure your Personal Data. However, no internet transmission is completely secure and data is transmitted at your own risk.

4.3 Access Requests

You will not be charged for accessing your Personal Data unless requests are unfounded or excessive. We may request verification of identity.

5. Sharing Your Data

We may share Personal Data in the event of a business transfer, sale, or legal obligation. Your data will remain protected under this Privacy Policy.

6. Data Retention

We retain Personal Data only for as long as necessary for its intended purpose or legal requirements.

7. International Data Transfers

Your data may be transferred and processed outside the UK, including the United States. By using our services, you consent to such transfers.

8. Policy Updates

We may update this Privacy Policy from time to time. Continued use of our services constitutes acceptance of any changes.

9. Interpretation

The term “including” means “including but not limited to”. Any unauthorised or unrelated correspondence may not receive a response.

Our staff are not authorised to contract on behalf of Down4 Limited unless explicitly stated.