Kensingtons Bedding is committed to protecting the privacy and security of our customer's personal data. This GDPR Compliance Policy outlines the principles and measures we have implemented to ensure the protection of personal data, under the General Data Protection Regulation (GDPR).

Scope

This policy applies to all personal data processed by Kensingtons Bedding, including data collected on our website, in-store, through customer service interactions, and from third-party sources.

Principles of Data Processing

Kensingtons Bedding adheres to the following principles when processing personal data:

• Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.
• Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data Minimization: Only data that is necessary for the purposes for which it is processed will be collected and processed.
• Accuracy: Personal data will be accurate and, where necessary, kept up to date.
• Storage Limitation: Personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
• Integrity and Confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage

Rights of Data Subjects

• Individuals have the following rights concerning their personal data:
• Right to Information: The right to be informed about how their personal data is being used.
• Right to Access: The right to access their personal data.
• Right to Rectification: The right to correct inaccurate or incomplete data.
• Right to Erasure: The right to request the deletion of their personal data.
• Right to Restrict Processing: The right to request the restriction of processing of their personal data
• Right to Data Portability: The right to obtain and reuse personal data for their own purposes.
• Right to Object: The right to object to the processing of their personal data.

Data Protection Measures

Kensingtons Bedding has implemented the following measures to protect personal data:

• Data Protection Impact Assessments (DPIAs) to identify and mitigate risks related to personal data processing activities.
• Data Encryption to ensure the confidentiality of personal data during transmission and storage.
• Access Controls to limit access to personal data to authorised personnel only.
• Regular Security Audits to assess and improve our data protection measures.

Data Breach Response

In the event of a data breach, Kensingtons Bedding will promptly notify the relevant supervisory authority and affected data subjects under GDPR requirements.

Compliance and Monitoring

Kensingtons Bedding has appointed a Data Protection Officer (DPO) responsible for monitoring compliance with this policy and the GDPR. Employees and contractors are trained on GDPR requirements and this policy.

Contact Information

For questions regarding this GDPR Compliance Policy or the handling of personal data, please contact our Data Protection Officer at

Email: info@kensingtonsbedding.co.uk
Phone: 0161 723 4977