Home / GDPR

GDPR Compliance

Our commitment to data protection under the UK General Data Protection Regulation.

Last updated: January 2024

imbitanomo Ltd is committed to protecting the personal data of everyone who interacts with our services. This page outlines our approach to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our Role as Data Controller

For most personal data we handle, imbitanomo Ltd acts as the data controller. This means we determine how and why your data is processed. In some circumstances—such as when we work with corporate clients on production projects—we may act as a data processor on behalf of another organisation.

Data Controller: imbitanomo Ltd
Address: Unit 14, Waterside Business Park, Aston, Birmingham B7 4JX
Contact: [email protected]

Lawful Bases for Processing

We only process personal data when we have a valid legal basis. The bases we rely upon include:

Contract Performance

When you rent or purchase equipment, or engage our production services, we process your data as necessary to fulfil our contractual obligations. This includes processing contact details for booking confirmations, addresses for delivery, and payment information for transactions.

Legitimate Interests

We may process data based on our legitimate business interests, provided these do not override your fundamental rights. Examples include maintaining security, preventing fraud, analysing website usage for improvements, and retaining records for potential disputes.

Consent

Where we rely on consent—such as for marketing communications or non-essential cookies—you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal.

Legal Obligation

Certain data processing is required by law, such as maintaining financial records for tax purposes or complying with court orders.

Your Data Rights

The UK GDPR grants you specific rights over your personal data. We are committed to facilitating these rights promptly and free of charge.

Right of Access

You may request a copy of the personal data we hold about you. We will provide this within one month of verifying your identity. If the request is complex, we may extend this period by up to two additional months, notifying you of the reason for the delay.

Right to Rectification

If any data we hold is inaccurate or incomplete, you have the right to request correction. We will update our records promptly and, where appropriate, inform any third parties to whom we have disclosed the data.

Right to Erasure

In certain circumstances, you may request that we delete your personal data. This right applies when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required by law

This right does not apply where we must retain data for legal compliance, public interest tasks, or the establishment or defence of legal claims.

Right to Restrict Processing

You may request that we limit how we use your data in specific situations, such as while we verify the accuracy of disputed information or assess an objection you have raised.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used format. You may also request that we transmit this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing for that purpose immediately. For other objections, we will cease processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects. Should this change, we will update this policy and provide appropriate safeguards.

How to Exercise Your Rights

To submit a data rights request:

  • Email us at [email protected] with "Data Rights Request" in the subject line
  • Specify which right you wish to exercise and provide sufficient information for us to verify your identity

We will acknowledge your request within five business days and respond substantively within one month. For complex requests, we may require additional time and will keep you informed of progress.

Data Protection Measures

We implement technical and organisational measures appropriate to the risks associated with our processing activities:

  • Encryption: Data transmitted via our website is protected by TLS encryption. Sensitive stored data is encrypted at rest.
  • Access controls: Personal data access is limited to staff who require it for their roles. Access is reviewed regularly.
  • Training: Team members receive data protection training as part of their induction and ongoing development.
  • Vendor assessment: Third parties who process data on our behalf are evaluated for their security practices and bound by appropriate contracts.
  • Incident response: We maintain procedures for detecting, reporting, and responding to personal data breaches.

Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in high risk, we will also notify affected individuals without undue delay.

International Data Transfers

Personal data processed by imbitanomo Ltd is stored primarily within the United Kingdom. Where we engage service providers located outside the UK, we ensure adequate protection through:

  • Standard contractual clauses approved by the ICO
  • Adequacy decisions by the UK government
  • Binding corporate rules (where applicable)

Children's Data

Our services are directed at businesses and adult content creators. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected such data, please contact us immediately and we will take steps to delete it.

Policy Updates

This GDPR compliance statement may be updated periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through our website. We encourage you to review this page occasionally.

Supervisory Authority

If you are dissatisfied with how we have handled your data or responded to a request, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: imbitanomo.com

We would appreciate the opportunity to address any concerns directly before you escalate to the ICO. Please contact us at [email protected] with details of your complaint.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing to use our site, you consent to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Required for the website to function. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaigns.