GDPR & Data Protection
Wellspring Scheduling is committed to GDPR compliance and protecting your data.
1. Our Commitment
We are fully compliant with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018.
2. Legal Basis for Processing
We process data based on:
• Contractual necessity
• Legitimate interests
• Legal obligations
• Your consent (where required)
3. Data Protection Principles
We ensure data is:
• Processed lawfully and fairly
• Collected for specific purposes
• Adequate and relevant
• Accurate and up-to-date
• Kept no longer than necessary
• Processed securely
4. Your GDPR Rights
Right to Access
• Request a copy of your data
• Understand how we use it
Right to Rectification
• Correct inaccurate data
• Complete incomplete data
Right to Erasure
• Request data deletion
• 'Right to be forgotten'
Right to Restrict Processing
• Limit how we use your data
Right to Data Portability
• Receive your data in a common format
• Transfer to another service
Right to Object
• Object to certain processing
• Opt-out of marketing
5. Data Security Measures
• End-to-end encryption (AES-256)
• Secure data centers (ISO 27001 certified)
• Regular security audits
• Staff training on data protection
• Incident response procedures
• Regular backups
6. Data Breach Notification
We will notify you within 72 hours of discovering a breach affecting your data.
7. International Data Transfers
Data is stored in EU/UK data centers. Any transfers outside the EU use appropriate safeguards.
8. Data Protection Officer
Contact our DPO: dpo@wellspringscheduling.com
9. Supervisory Authority
You can lodge complaints with the Information Commissioner's Office (ICO).
10. Regular Audits
We conduct annual GDPR compliance audits.
11. Exercising Your Rights
To exercise your rights, contact: privacy@wellspringscheduling.com
We will respond within 30 days.
