Elitedge Logo
  • Home
  • Services
  • Onboarding
  • About
  • Blog
  • Get Started
Legal

GDPR Compliance

Our commitment to data protection and your rights under UK GDPR and the Data Protection Act 2018.

Last Updated: 1 January 2025

Elitedge is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Data protection is not a checkbox for us β€” it is a core part of how we operate.

Our Commitment

As a Birmingham-based business handling data for clients across the UK and internationally, Elitedge takes data protection seriously. We have embedded GDPR principles into our internal processes, service delivery, and supplier relationships.

Our six core GDPR principles guide every decision we make about personal data:

  • Lawfulness, Fairness & Transparency: We always have a lawful basis and are transparent about how we use data.
  • Purpose Limitation: We only use data for the specific purpose it was collected for.
  • Data Minimisation: We only collect data that is necessary.
  • Accuracy: We keep data accurate and up to date.
  • Storage Limitation: We do not retain data longer than necessary.
  • Integrity & Confidentiality: We protect data using appropriate technical and organisational measures.

Our Role Under GDPR

Depending on the nature of our engagement, Elitedge may act as:

  • Data Controller: When we collect and process personal data about website visitors, prospective clients, and newsletter subscribers β€” we determine the purpose and means of processing.
  • Data Processor: When we process personal data on behalf of our clients (e.g. VA services handling client CRM data, document verification) β€” we act strictly on client instructions, governed by a Data Processing Agreement (DPA).

We maintain a Data Processing Agreement (DPA) with all clients where we act as a data processor. Contact us to request a copy.

Data Subject Rights

Under UK GDPR, individuals have the following rights regarding their personal data:

πŸ“‹

Right to Access

Request a copy of the personal data we hold about you (Subject Access Request).

✏️

Right to Rectification

Ask us to correct inaccurate or complete incomplete personal data.

πŸ—‘οΈ

Right to Erasure

Request deletion of your personal data in certain circumstances ("right to be forgotten").

⏸️

Right to Restriction

Ask us to pause processing of your data in certain circumstances.

πŸ“¦

Right to Portability

Receive your data in a structured, machine-readable format to transfer to another provider.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

πŸ”„

Automated Decision Rights

Not be subject to solely automated decisions that significantly affect you.

↩️

Withdraw Consent

Withdraw consent at any time where processing is based on your consent.

To exercise any of these rights, submit a request to hello@elitedge.pro with "Data Subject Request" in the subject line. We will respond within 30 days (extendable to 90 days for complex requests, with notice).

We may need to verify your identity before fulfilling a request.

Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR Article 6:

  • Article 6(1)(a) – Consent: Email marketing newsletters, optional cookies.
  • Article 6(1)(b) – Contract: Processing required to fulfil service agreements.
  • Article 6(1)(c) – Legal Obligation: Financial records, anti-money laundering checks.
  • Article 6(1)(f) – Legitimate Interests: Business development, fraud prevention, website analytics.

International Data Transfers

Some of our third-party service providers operate outside the UK or EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • UK adequacy decisions (countries deemed to provide adequate data protection).
  • Standard Contractual Clauses (SCCs) approved by the ICO.
  • Data Processing Agreements that include international transfer provisions.

Data Security Measures

We implement the following technical and organisational measures to protect personal data:

  • Encrypted credential storage (LastPass enterprise / SharePoint with MFA).
  • Access controls β€” only authorised personnel access personal data on a need-to-know basis.
  • Secure communication channels for transmitting sensitive client data.
  • Regular security reviews and staff data protection training.
  • Data breach response procedures β€” we will notify affected individuals and the ICO within 72 hours of a qualifying breach.

Third-Party Processors

We use carefully selected third-party tools and processors, including:

  • Google Workspace (email, docs) β€” covered by Google's DPA.
  • ClickUp (project management) β€” GDPR-compliant with DPA available.
  • DocuSign (e-signatures) β€” GDPR-compliant.
  • Mailchimp / Klaviyo (email marketing) β€” GDPR-compliant with consent records.
  • Xero (accounting) β€” GDPR-compliant.

All processors are assessed for GDPR compliance and bound by appropriate data processing agreements.

Cookies & Analytics

We use Google Analytics with anonymised IP addresses to analyse website traffic. Analytics cookies are only set with your consent. You can manage your preferences via your browser or our cookie banner.

We do not use cookies for targeted advertising without your explicit consent.

Data Breach Procedure

In the event of a personal data breach:

  • We will assess the breach within 24 hours of discovery.
  • Where required, we will notify the Information Commissioner's Office (ICO) within 72 hours.
  • Affected individuals will be notified without undue delay where the breach poses a high risk to their rights.
  • We maintain a breach register for all incidents, regardless of whether notification is required.

Your Right to Complain

If you believe we have not handled your personal data correctly, you have the right to complain to the UK's data protection regulator:

  • Information Commissioner's Office (ICO)
    Website: ico.org.uk
    Helpline: 0303 123 1113

We encourage you to contact us first β€” most concerns can be resolved quickly and informally.

Contact Our Data Protection Lead

For all data protection enquiries:

  • Email: hello@elitedge.pro (Subject: "Data Protection Enquiry")
  • Post: Elitedge, Birmingham, United Kingdom

Need a Data Processing Agreement?

If you are engaging Elitedge as a data processor, we provide a comprehensive DPA. Request yours today.

Request DPA
Elitedge

Founded in Birmingham, UK. Premium back office support & automation for businesses that demand excellence.

Services

Virtual Assistance Digital Marketing WordPress Dev Software Solutions Staff Augmentation Automation

Company

About Us Onboarding Blog Contact

Legal

Privacy Policy Terms of Service GDPR Compliance

Contact Us

Birmingham, UK

hello@elitedge.pro

+44 771 789 3637

Book Free Consultation

© Elitedge. All Rights Reserved.

Privacy Policy Terms of Service GDPR