GDPR Compliance
Last updated: September 18, 2025
Our Commitment to Data Protection
BAM ENGINEERING LTD, trading as TraceID, is committed to protecting the privacy and personal data of our users in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our comprehensive approach to GDPR compliance and your rights as a data subject.
Key Compliance Principles
- Lawfulness, fairness, and transparency
- Purpose limitation and data minimization
- Accuracy and storage limitation
- Integrity and confidentiality
- Accountability and governance
Data Controller Information
BAM ENGINEERING LTD, trading as TraceID
Company Number: 14078681
Data Protection Officer: [email protected]
Address: San Francisco, CA
Phone: +1 (555) 123-4567
Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access (Article 15)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that data.
How to exercise: Contact us at [email protected] with "Data Access Request" in the subject line.
Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete personal data completed.
How to exercise: Update your account information or contact us for assistance.
Right to Erasure (Article 17)
You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary.
How to exercise: Submit a deletion request through your account settings or contact us directly.
Right to Restrict Processing (Article 18)
You have the right to request that we limit the processing of your personal data in certain circumstances.
How to exercise: Contact us to discuss restricting specific types of processing.
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.
How to exercise: Request your data export through your account or contact us.
Right to Object (Article 21)
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
How to exercise: Use the unsubscribe links in our emails or contact us directly.
Data Processing Activities
Legitimate Business Purposes
We process personal data for the following legitimate purposes:
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Service Delivery | Contract Performance | Contact, Account, Usage Data |
| Customer Support | Legitimate Interest | Contact, Communication Data |
| Marketing | Consent | Contact, Preference Data |
| Analytics | Legitimate Interest | Usage, Technical Data |
| Legal Compliance | Legal Obligation | All Relevant Data |
Data Security Measures
We implement comprehensive security measures to protect your personal data:
Technical Safeguards
- End-to-end encryption (AES-256)
- Secure data transmission (TLS 1.3)
- Multi-factor authentication
- Regular security audits
- Intrusion detection systems
- Automated backup systems
Organizational Safeguards
- Staff training on data protection
- Access controls and permissions
- Data protection impact assessments
- Incident response procedures
- Regular compliance reviews
- Vendor security assessments
Data Breach Response
In the event of a personal data breach, we have established procedures to:
- Detect and assess the breach within 24 hours
- Notify the Information Commissioner's Office (ICO) within 72 hours if required
- Inform affected individuals without undue delay if high risk
- Document all breach incidents and remedial actions
- Implement measures to prevent similar breaches
Data Transfers
When we transfer personal data outside the UK, we ensure appropriate safeguards:
Adequacy Decisions
We prioritize transfers to countries with adequacy decisions from the UK government.
Standard Contractual Clauses
For transfers to countries without adequacy decisions, we use UK-approved standard contractual clauses.
Binding Corporate Rules
We maintain binding corporate rules for intra-group transfers to ensure consistent data protection standards.
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:
- Systematic monitoring of individuals
- Processing of special categories of data
- Large-scale processing operations
- Automated decision-making with legal effects
- New technology implementations
Third-Party Processors
We work with trusted third-party processors who meet our data protection standards:
Key Processors
- Cloud Infrastructure: AWS (EU/UK regions)
- Analytics: Google Analytics (with IP anonymization)
- Customer Support: Intercom (GDPR compliant)
- Email Marketing: HubSpot (GDPR compliant)
- Payment Processing: Stripe (PCI DSS compliant)
All processors are bound by data processing agreements that ensure GDPR compliance.
Exercising Your Rights
To exercise any of your data protection rights:
Contact Information
Company: BAM ENGINEERING LTD, trading as TraceID
Company Number: 14078681
Email: [email protected]
Phone: +1 (555) 123-4567
Response Time: We will respond to your request within 30 days
Verification: We may need to verify your identity before processing your request
Complaints and Supervisory Authority
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Updates to This Information
We regularly review and update our GDPR compliance practices. This page will be updated to reflect any changes in our data protection approach or applicable regulations.
For the most current information about our data protection practices, please refer to our Privacy Policy.