GDPR Compliance Statement

Effective Date: October 22, 2025

As a Welsh nonprofit, Safe Online Space Cymru fully complies with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This statement summarizes our data protection practices, integrated with our Privacy Policy, to build trust in our online safety services.

1. Lawful Basis for Processing

We process personal data only on valid grounds:

• Consent (e.g., newsletters).
• Contract (e.g., event registrations).
• Legitimate interests (e.g., site analytics, balanced against your rights).
• Legal obligations (e.g., safeguarding reports).

2. Data Protection Principles

• Fairness: Transparent about data use.
• Purpose Limitation: Data for specified reasons only.
• Minimization: Collect only what’s necessary.
• Accuracy: Keep data up-to-date.
• Storage Limitation: Delete when no longer needed.
• Integrity/Security: Protect against unauthorized access.
• Accountability: Appoint a Data Protection Officer (DPO) at [email protected].

3. Data Subject Rights

Full details in Privacy Policy: access, rectification, erasure, restriction, portability, objection, automated decisions.

4. Data Protection Impact Assessments (DPIAs)

Conducted for high-risk activities (e.g., processing vulnerable users’ data).

5. Breaches and Reporting

Report incidents to the Information Commissioner’s Office (ICO) within 72 hours if required. Users notified promptly.

6. Training and Audits

Staff trained annually; external audits every 2 years.

7. International Compliance

Adheres to UK GDPR adequacy decisions for transfers.

For concerns, contact [email protected].