GDPR Compliance Statement

Last updated: November 1, 2025

Introduction

UK Tier Sponsors List ("we", "our", or "us") is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the UK General Data Protection Regulation (UK GDPR), which came into effect on 25 May 2018 and 1 January 2021 respectively.

This GDPR Compliance Statement explains how we comply with these regulations and outlines your rights as a data subject. This statement should be read in conjunction with our Privacy Policy.

Legal Basis for Processing Personal Data

Under GDPR, we must have a lawful basis for processing your personal data. We process your personal data based on the following legal bases:

1. Consent

We process your personal data when you have given clear consent for us to process it for specific purposes, such as:

  • Email newsletter subscriptions
  • Marketing communications
  • Non-essential cookies and tracking technologies

You can withdraw your consent at any time by contacting us or using the opt-out mechanisms we provide.

2. Contract

We process your personal data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract. This includes:

  • Creating and managing your user account
  • Providing access to account features and services
  • Saving and managing your favourite sponsors

3. Legal Obligation

We process your personal data when it is necessary for compliance with a legal obligation to which we are subject, such as:

  • Maintaining records for tax and accounting purposes
  • Responding to legal requests or court orders
  • Compliance with data protection regulations

4. Legitimate Interests

We process your personal data when it is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This includes:

  • Website security and fraud prevention
  • Improving our services and user experience
  • Analysing website usage and performance
  • Network and information security

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

1. Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access that personal data. You can access most of your personal data directly through your account settings, or request a complete copy by contacting us.

2. Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update your personal information at any time through your account settings.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request the deletion of your personal data when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

You can delete your account and all associated data at any time through your account settings.

4. Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to the processing.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. To request your data in a portable format, please contact us.

6. Right to Object (Article 21)

You have the right to object to the processing of your personal data when it is based on legitimate interests or for direct marketing purposes. You can object by contacting us or using opt-out mechanisms we provide.

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not currently use automated decision-making that produces legal effects.

8. Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Exercising Your Rights

To exercise any of your GDPR rights, you can:

  • Use your account settings: Most rights can be exercised directly through your account settings page, where you can view, update, or delete your personal information
  • Contact us directly: Email us at info@uktiersponsorslist.co.uk with your request
  • Use our contact form: Submit a request through our Contact Form

We will respond to your request within one month (30 days) of receiving it. In some cases, we may need additional time to verify your identity or process complex requests, and we will inform you of any extension.

Identity Verification: For security purposes, we may need to verify your identity before processing your request, especially for sensitive requests such as data deletion or portability.

International Data Transfers

Some of our service providers may be located outside the UK and European Economic Area (EEA). When we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission or UK Government
  • Other appropriate safeguards as required by GDPR

Our main service providers include:

  • Cloud hosting providers - For website hosting and data storage
  • Email service providers - For sending transactional and marketing emails
  • Analytics providers - For website analytics (subject to appropriate safeguards)

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

We have implemented appropriate technical and organizational measures to prevent and respond to data breaches, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Incident response procedures

Data Protection Officer

While UK Tier Sponsors List is not currently required to appoint a Data Protection Officer (DPO) under GDPR, we take data protection seriously. For any data protection queries or concerns, please contact us using the details provided below.

Right to Lodge a Complaint

If you are not satisfied with how we have handled your personal data or a request to exercise your rights, you have the right to lodge a complaint with a supervisory authority:

UK Residents

Information Commissioner's Office (ICO)

Website: https://ico.org.uk

Phone: 0303 123 1113

EU Residents

You can find your local supervisory authority at: European Data Protection Board

Contact Us

For any questions about GDPR compliance or to exercise your data protection rights, please contact us:

Email: info@uktiersponsorslist.co.uk

Or through our Contact Form

For more information about how we process your personal data, please see our Privacy Policy.