What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. Following Brexit, the UK has implemented its own version (UK GDPR) alongside the Data Protection Act 2018.
GDPR gives individuals (data subjects) more control over their personal data and imposes strict obligations on organizations that process personal data.
Key Principles
GDPR is built on six core principles:
- Lawfulness, fairness, and transparency
- Purpose limitation - data collected for specific purposes
- Data minimization - only collect what's necessary
- Accuracy - keep data accurate and up-to-date
- Storage limitation - don't keep data longer than needed
- Integrity and confidentiality - secure data processing
Our GDPR Compliance Commitment
IMSupporting LTD is fully committed to complying with UK GDPR and the Data Protection Act 2018. Here's how we demonstrate this commitment:
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance
UK Hosting
All data is stored on secure servers located in the United Kingdom (Unless specified for bespoke solutions)
Data Encryption
Bank-level encryption (AES-256) for data at rest and TLS/SSL for data in transit
Multi-Tenant Isolation
Your data is isolated from other customers using accountID-based separation
Your GDPR Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right to Access (Article 15)
You have the right to obtain confirmation that we process your personal data and request a copy of that data. We will provide this information free of charge within one month.
Right to Rectification (Article 16)
You can request correction of inaccurate personal data. You can update most information directly in your account dashboard. For other corrections, contact us.
Right to Erasure / "Right to be Forgotten" (Article 17)
You can request deletion of your personal data in certain circumstances:
- Data no longer necessary for its original purpose
- You withdraw consent (where processing was based on consent)
- You object to processing and there are no overriding legitimate grounds
- Data processed unlawfully
- Erasure required by legal obligation
Note: We may retain data if required by law or for legitimate purposes (e.g., legal claims).
Right to Restriction of Processing (Article 18)
You can request that we limit how we use your data while:
- We verify the accuracy of disputed data
- Processing is unlawful but you oppose erasure
- We no longer need the data but you need it for legal claims
- We verify legitimate grounds following your objection
Right to Data Portability (Article 20)
You can receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and have it transmitted to another service provider.
Available formats: CSV, JSON, XML
Right to Object (Article 21)
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.
Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. Our AI features are designed to assist human operators, not replace them. At no point should an AI make a final decision without human review.
Right to Withdraw Consent (Article 7)
Where processing is based on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.
How to Exercise Your Rights
Submit a Request
Email our Data Protection Officer at support@imsupporting.com with the subject line "GDPR Rights Request"
Verify Your Identity
We'll ask you to confirm your identity to protect your data. This may also include verifying your email address or account details.
We Process Your Request
We aim to respond within one month. Complex requests may take up to three months.
Receive Confirmation
We'll notify you when your request is complete and provide any requested data or confirmations.
What to Include in Your Request
- Your full name
- Email address associated with your account
- Specific right you want to exercise
- Any additional details to help us locate your data
- Preferred format for data export (if requesting data portability)
Our Data Processing Activities
Here's how we process your data under GDPR:
| Processing Activity | Legal Basis | Retention Period |
|---|---|---|
| Account management | Contract performance | Duration of account + 30 days |
| Chat processing | Contract performance | Per plan (0-5 years) |
| Billing & payments | Contract / Legal obligation | 7 years (tax requirements) |
| Analytics & improvements | Legitimate interests | Up to 2 years (anonymized) |
| Marketing communications | Consent | Until consent withdrawn |
| Security & fraud prevention | Legitimate interests | Up to 1 year |
Technical & Organizational Measures
We implement comprehensive security measures to protect your data:
Technical Measures
- AES-256 encryption for data at rest - Where implemented
- TLS 1.3 encryption for data in transit
- Multi-factor authentication (MFA) - Where implemented
- Automated security patching
- Intrusion detection and prevention systems
- DDoS protection and rate limiting
- Regular vulnerability scanning
Organizational Measures
- Data Protection Impact Assessments (DPIAs)
- Privacy by Design and Default principles
- Staff training on data protection
- Access controls based on need-to-know principle
- Data processing agreements with third parties (Where possible)
- Incident response procedures
- Regular privacy and security audits
Contact Our Data Protection Officer
Our Data Protection Officer is available to answer questions about GDPR and your data rights: