UK GDPR Compliance

Heath Hayes Heritage is committed to respecting your data protection rights under the UK General Data Protection Regulation (UK GDPR). This page explains how we comply with the law, the rights you hold, and how to exercise them.

Scope and Applicability

The UK GDPR applies to the processing of personal data of individuals in the United Kingdom. While Heath Hayes Heritage does not collect personal information through registration or user accounts, we may process limited personal data automatically through website analytics, server logs, and cookies used to improve user experience.

Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights:

• Right of access – You may request confirmation of whether we process any of your personal data.
• Right to rectification – You may request correction of any inaccurate personal data we hold.
• Right to erasure – You may request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to restriction of processing – You may request we limit how we use your data under certain conditions.
• Right to data portability – Where technically feasible, you may request a copy of your data in a structured, machine-readable format.
• Right to object – You may object to our processing of your data based on legitimate interests, including profiling or analytics.

How We Comply

Heath Hayes Heritage does not maintain a database of personal information. We use only essential, non-intrusive analytics tools (such as Google Analytics with IP anonymisation) and cookies strictly for improving site functionality and user experience. All data collected is aggregated and anonymised where possible. We do not sell, share, or disclose personal data to third parties for commercial purposes.

Data We Process

The only personal data we may process includes:

• IP addresses (anonymised)
• Browser type and device information
• Pages visited and time spent on site
• Cookie identifiers (for session management only)

This data is not linked to any individual’s name, email, or contact details.

Legal Basis for Processing

Our processing of personal data is based on legitimate interest under Article 6(1)(f) of the UK GDPR. This includes improving website performance, ensuring accessibility, and understanding how visitors interact with our historical content. We balance this interest against your privacy rights and minimise data collection to what is strictly necessary.

How to Exercise Your Rights

To exercise any of your rights under UK GDPR, please contact us by email at [email protected]. Include your full name, the right you wish to exercise, and any relevant details (e.g., IP address or date of visit if known). We will respond without undue delay.

Response Timeframes

We aim to respond to all requests within one month of receipt. In complex cases, we may extend this period by two further months, and we will notify you within one month if this is necessary.

No Discrimination Policy

You will not be denied access to our content, services, or features for exercising your rights under UK GDPR. We do not penalise, discriminate against, or offer different pricing or service levels based on whether you exercise your data protection rights.

Updates and Changes

We may update this page from time to time to reflect changes in law or our practices. Any material changes will be posted here with an updated effective date. We recommend checking this page periodically.

Contact Information

If you have any questions, concerns, or wish to lodge a complaint regarding our data practices, please contact:

Caden Hartley
Ipswich Hospital
Heath Road
IPSWICH
IP4 5PD
United Kingdom
[email protected]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent supervisory authority for data protection. Visit ico.org.uk for more information.