GDPR Compliance

Last updated: June 15, 2024

Our Commitment to GDPR

At Amply.Rocks, a trading name of Tech Studio Limited (registered in England and Wales under registration number 08135359, with our registered address at 12 North Street, Barming, ME16 9HF), we are committed to protecting the privacy and security of your personal data.

This page outlines how we comply with the General Data Protection Regulation (GDPR) and your rights under this regulation. It should be read in conjunction with our Privacy Policy, which provides detailed information about how we collect, use, and protect your personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. Following Brexit, the UK has incorporated the GDPR into UK data protection law as the UK GDPR.

The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It enhances individuals' rights and places increased responsibilities on organizations handling personal data.

Our Data Processing Activities

We process personal data for the following purposes:

  • To provide our music gear search and recommendation services
  • To process transactions and manage customer accounts
  • To personalize user experiences
  • To improve our products and services
  • To communicate with users about our products and services
  • To comply with legal obligations

For each of these processing activities, we have identified a lawful basis for processing as required by Article 6 of the GDPR. Depending on the specific activity, we rely on the following lawful bases:

  • Performance of a contract (e.g., when providing our services to users)
  • Consent (e.g., for marketing communications)
  • Legitimate interests (e.g., for improving our services)
  • Legal obligation (e.g., for tax purposes)

Data Sharing and Third Parties

We process, store, and share data with third parties to provide our services. This includes:

  • Cloud service providers for hosting our platform
  • Payment processors for handling transactions
  • Analytics services to improve our website and services
  • Retail partners to facilitate product searches and purchases
  • Marketing partners for promotional activities (with consent)

When we share data with third parties, we ensure that appropriate data processing agreements are in place that require these parties to adhere to data protection regulations and protect your personal data.

Some of our third-party service providers may be located outside the UK or European Economic Area (EEA). When transferring personal data to these providers, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data that we hold.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
  • Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests, but we will keep you informed.

Data Security

We are committed to ensuring the security of your personal data. We have put in place appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of personal data where appropriate
  • Regular security assessments and testing
  • Restricted access to personal data
  • Staff training on data protection
  • Data protection impact assessments for new processing activities

In the event of a data breach that risks your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • The applicable legal requirements

Data Protection Officer

While not legally required for our organization size and processing activities, we have voluntarily appointed a Data Protection Officer to oversee our data protection strategy and implementation to ensure compliance with GDPR requirements. You can contact our Data Protection Officer through our contact page with any queries related to our data protection practices or to exercise your rights under the GDPR.

Updates to This Policy

We may update this GDPR Compliance statement from time to time in response to changing legal, technical, or business developments. When we update our policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise any of your rights under the GDPR, please contact us at:

Data Protection Officer
Tech Studio Limited
12 North Street
Barming
ME16 9HF
United Kingdom

To contact our Data Protection Officer or to exercise your GDPR rights, please visit our Contact page.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.