About This Notice
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) give individuals rights over their personal data and impose obligations on organisations that collect and process it. This notice explains how EOFE Business Champions Ltd fulfils those obligations and how you can exercise your rights.
This notice should be read alongside our Privacy Policy, which provides full detail on our data processing activities.
Our Role as Data Controller
EOFE Business Champions Ltd is the data controller for personal data collected through this website and our email communications. As data controller, we determine the purposes and means of processing personal data and are responsible for ensuring that processing is lawful, fair and transparent.
Legal Bases for Processing
We only process personal data where we have a lawful basis to do so under UK GDPR. The legal bases we rely on are:
Consent (Article 6(1)(a)): We process your email address for newsletter distribution on the basis of your freely given, specific, informed and unambiguous consent, obtained at the point of subscription. You can withdraw consent at any time.
Legitimate Interests (Article 6(1)(f)): We process limited data for analytics purposes and to respond to contact enquiries on the basis of our legitimate interest in operating and improving our website and responding to user communications. We have assessed that these interests do not override your data protection rights.
We do not process personal data on the basis of legal obligation, vital interests, public task, or contractual necessity in the ordinary course of our operations.
Your Rights Under UK GDPR
The UK GDPR grants you the following rights. You may exercise any of these rights by contacting us at [email protected]. We will respond within one calendar month of receipt of your request, or sooner.
Right of Access (Article 15)
You have the right to request confirmation of whether we process personal data about you, and if so, to receive a copy of that data along with supplementary information about how it is processed. This is sometimes called a Subject Access Request (SAR). Requests are free of charge in most circumstances.
Right to Rectification (Article 16)
You have the right to request correction of inaccurate personal data we hold about you. You may also request that incomplete data be completed.
Right to Erasure (Article 17)
You have the right to request that we delete personal data we hold about you, in circumstances where: the data is no longer necessary for the purpose it was collected; you withdraw consent where consent was the legal basis and there is no other lawful basis; you object to processing and we have no overriding legitimate grounds; or the data has been processed unlawfully.
We will action valid erasure requests within 30 days. We will notify you if an exception to the right to erasure applies in your case.
Right to Restrict Processing (Article 18)
In certain circumstances, you have the right to request that we restrict processing of your data — for example, while we investigate an accuracy challenge or an objection to processing.
Right to Data Portability (Article 20)
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to have it transmitted directly to another controller where technically feasible.
Right to Object (Article 21)
You have the right to object to processing based on legitimate interests at any time. On receipt of your objection, we will stop processing unless we can demonstrate compelling legitimate grounds that override your rights, or the processing is for the establishment, exercise, or defence of legal claims.
Rights Related to Automated Decision-Making
We do not use automated decision-making or profiling in our processing of personal data. This right is therefore not currently applicable.
Withdrawal of Consent
Where we process your data on the basis of consent, you can withdraw that consent at any time. The easiest way to withdraw newsletter consent is by using the unsubscribe link included in every email we send. You may also withdraw consent by contacting us directly at [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Data Transfers Outside the UK
Where we use third-party processors based outside the UK, we ensure that appropriate safeguards are in place. This typically means using processors in countries that have received an adequacy decision from the UK government, or ensuring standard contractual clauses are in place. Our current third-party processors are either UK-based or operate in EEA countries covered by UK adequacy decisions.
Supervisory Authority
If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. The ICO can be contacted at:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
We would ask that you contact us directly in the first instance — we take data protection seriously and will work to resolve any concerns before escalation.
Contact Our Privacy Lead
For any questions about this notice, to exercise your rights, or to raise a concern about our data practices:
Email: [email protected]
Post: Privacy Lead, EOFE Business Champions Ltd, 20 Farringdon Street, London, EC4A 4AB