Geyser Data GDPR Privacy Information (UK Version)
This page explains how Geyser Data processes personal data for individuals located in the United Kingdom, the European Union, and the wider European Economic Area. It is written in UK English and designed to meet the requirements of the UK and EU GDPRs.
 
Data Controller
Geyser Data is the data controller for the personal data collected through our website, products, and services. If you wish to contact us, please email:
[email protected]
 
Legal Bases for Processing
Geyser Data processes personal data under the lawful bases set out in the UK GDPR, which include:

• Consent for optional activities such as marketing communications and non-essential cookies

• Performance of a contract where data is required to deliver services that you have requested

• Compliance with legal obligations relevant to areas such as business records, finance, tax, and regulatory requirements

• Vital interests if processing is required to protect your safety or the safety of others

• Legitimate interests such as improving our website, maintaining security, understanding service usage, or communicating with you about our products, provided that such interests are not overridden by your rights and freedoms.

 

Where processing is based on consent, including the use of non-essential cookies and similar technologies, consent is obtained through our cookie consent banner in accordance with applicable data protection law. You may manage or withdraw your consent at any time using the cookie settings available on our website.

 
Your Rights Under the UK GDPR
If you are located in the United Kingdom or the European Union, you have the following rights in respect of your personal data:

• Right of access to the personal data we hold about you

• Right to rectification of inaccurate or incomplete data

• Right to erasure in certain circumstances

• Right to restrict processing of your personal data

• Right to data portability allowing you to obtain and reuse your data across services

• Right to object to processing based on legitimate interests or for direct marketing

• Right to withdraw consent at any time when processing is based on consent

• Right not to be subject to automated decision-making that produces legal or significant effects

 

To exercise any of these rights, please email: [email protected]
 
International Data Transfers
Geyser Data is based in the United States. Personal data collected from individuals in the UK or EU may therefore be transferred to and processed in countries outside the UK or European Economic Area.

Where such transfers occur, we apply appropriate safeguards, which may include:

• UK-approved Standard Contractual Clauses

• Data Processing Agreements with our service providers

• Encryption, access controls, and security measures

• Reviews to ensure that third parties handle data responsibly

These steps help ensure that your data is protected to standards comparable with UK and EU data protection law.
 
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy. Retention periods are determined by:

• Legal obligations

• Operational requirements

• Security and fraud prevention considerations

• Contractual commitments

 

Personal data that is no longer needed will be deleted, anonymised, or securely archived.
 
Data Protection Impact Assessments
For activities that may pose a higher risk to individuals, Geyser Data conducts Data Protection Impact Assessments to evaluate the nature of processing, potential risks, and the measures required to mitigate them. These assessments are completed in line with the requirements set out in the UK GDPR.
 
Your Right to Complain
If you believe that your rights under data protection law have been infringed, you may raise a complaint with the relevant supervisory authority.
For UK residents, the supervisory authority is:

• The Information Commissioner’s Office (ICO)

  • https://ico.org.uk

• For EU residents, a list of supervisory authorities is available at:

  • https://edpb.europa.eu/about-edpb/board/members

 
Automated Decision Making and Profiling
Geyser Data does not rely on automated decision-making that produces legal or significant effects on individuals. Any profiling that does occur is limited to service improvement, analytics, or consent-based marketing activity and does not override your individual rights.

 

Contact Details

To request further information about this policy or to exercise your rights under the UK GDPR, please contact:
[email protected]

​

Data Protection Officer
Geyser Data is not required to appoint a Data Protection Officer under the UK GDPR or EU GDPR. Our internal team handles privacy and data protection matters. You may contact us at [email protected] with any questions or concerns.