GDPR Privacy Policy
1. Introduction
Rendkup ("we", "us", "our") operates the website rendkup.com. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable data protection legislation.
By using our website, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please discontinue use of our services.
2. Data Controller
Rendkup is the data controller responsible for your personal data. For any data protection enquiries, please contact us at:
- Website: rendkup.com
- Email: [email protected]
3. Legal Basis for Processing
We process your personal data only when we have a lawful basis to do so. The legal bases we rely upon include:
- Consent (Article 6(1)(a)): You have given clear consent for us to process your personal data for a specific purpose, such as subscribing to a newsletter or accepting non-essential cookies.
- Contract (Article 6(1)(b)): Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
- Legal Obligation (Article 6(1)(c)): Processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests (Article 6(1)(f)): Processing is necessary for the purposes of our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include operating and improving our website, ensuring security, and communicating relevant updates to users.
4. Personal Data We Collect
We may collect and process the following categories of personal data:
4.1 Data You Provide Directly
- Name and email address when you contact us or subscribe to communications
- Message content and correspondence when you use our contact form or email us directly
- Any other information you voluntarily submit to us
4.2 Data Collected Automatically
- IP address and approximate geographic location
- Browser type, version, and operating system
- Pages visited, time spent on pages, and referring URLs
- Date and time of access
- Device identifiers and technical information about your device
4.3 Data Collected via Cookies and Tracking Technologies
We use cookies and similar technologies to operate our website. Please refer to Section 10 for detailed information on our cookie practices.
5. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- To operate, maintain, and improve our website and services
- To respond to your enquiries and provide customer support
- To send you communications you have subscribed to or requested
- To analyse website usage and understand how visitors interact with our content
- To detect, prevent, and address technical issues, fraud, or security incidents
- To comply with legal obligations and enforce our terms and policies
- To carry out any other purpose for which you provided the data, with your knowledge
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Contact form submissions | Up to 24 months from last contact | Legitimate interests |
| Newsletter subscriptions | Until unsubscribe request or withdrawal of consent | Consent |
| Website analytics data | Up to 26 months | Legitimate interests |
| Server and access logs | Up to 12 months | Legal obligation / security |
| Data subject requests | Up to 36 months | Legal obligation |
When your data is no longer required, we will securely delete or anonymise it in a manner that prevents its recovery or reconstruction.
7. Sharing and Disclosure of Personal Data
We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients only where necessary:
7.1 Service Providers and Data Processors
We engage trusted third-party service providers who process personal data on our behalf and under our instruction. These include hosting providers, analytics services, and email delivery platforms. All processors are bound by data processing agreements that require them to protect your data in line with GDPR requirements.
7.2 Legal and Regulatory Requirements
We may disclose your data when required by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
7.3 Business Transfers
In the event of a merger, acquisition, or transfer of all or a portion of our assets, your personal data may be transferred to the relevant third party. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
8. International Data Transfers
Where we transfer personal data outside the European Economic Area (EEA), we ensure that adequate safeguards are in place as required by Chapter V of the GDPR. Such safeguards may include:
- Transfers to countries with an adequacy decision issued by the European Commission
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
- Other approved transfer mechanisms as recognised under applicable law
You may request further information about specific international transfers and the safeguards applied by contacting us at [email protected].
9. Your Rights Under GDPR
As a data subject, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain limitations under applicable law.
9.1 Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is used.
9.2 Right to Rectification (Article 16)
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
9.3 Right to Erasure (Article 17)
You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to applicable legal obligations.
9.4 Right to Restriction of Processing (Article 18)
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or have objected to processing.
9.5 Right to Data Portability (Article 20)
Where processing is based on your consent or a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
9.6 Right to Object (Article 21)
You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis. You also have the right to object to processing for direct marketing purposes at any time.
9.7 Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, where that decision produces legal or similarly significant effects on you. We do not currently engage in such automated decision-making.
9.8 Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
9.9 How to Exercise Your Rights
To exercise any of the above rights, please contact us at [email protected]. We will respond to your request within 30 days. In complex or multiple requests, we may extend this period by a further two months and will notify you accordingly. We may request verification of your identity before processing your request.
9.10 Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence or place of work.
10. Cookies and Tracking Technologies
10.1 What Are Cookies
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function properly, improve user experience, and provide information to website operators.
10.2 Types of Cookies We Use
| Cookie Type | Purpose | Legal Basis |
|---|---|---|
| Strictly Necessary | Essential for the website to function correctly. Cannot be disabled. | Legitimate interests |
| Analytical / Performance | Help us understand how visitors use our website by collecting anonymous data. | Consent |
| Functional | Remember your preferences and settings to improve your experience. | Consent |
| Marketing / Targeting | Used to deliver relevant content and measure campaign effectiveness. | Consent |
10.3 Managing Cookies
You can control and manage cookies in several ways. Most browsers allow you to refuse, accept, or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. You may also manage your consent preferences through our cookie consent tool, where applicable.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
- Encryption of data in transit using TLS/SSL protocols
- Access controls and authentication requirements for internal systems
- Regular security assessments and vulnerability monitoring
- Staff awareness and data protection training
- Procedures for detecting, reporting, and investigating personal data breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware and, where required, will also notify you directly without undue delay.
12. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data without appropriate parental consent, please contact us at [email protected] and we will take prompt steps to delete such information.
13. Third-Party Links
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website.
Your continued use of our website following the posting of an updated Privacy Policy constitutes your acknowledgement of the changes. We encourage you to review this page periodically to stay informed about how we protect your personal data.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
- Email: [email protected]
- Website: rendkup.com
We are committed to working with you to resolve any concerns about your privacy in a fair and transparent manner.