GDPR & Data Protection

Our Commitment

Bugni Labs is committed to protecting personal data and respecting privacy rights. We comply with the UK General Data Protection Regulation (UK GDPR), EU GDPR, and the Data Protection Act 2018.

Data Protection Principles

We process personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimisation: We collect only data that is adequate, relevant, and limited to what is necessary
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We process data securely with appropriate technical and organisational measures
  • Accountability: We demonstrate compliance with data protection principles

Lawful Basis for Processing

We process personal data based on:

  • Contract: Processing necessary for contract performance
  • Legitimate interests: Where we have a legitimate business interest
  • Legal obligation: To comply with legal requirements
  • Consent: Where individuals have given clear consent

Data Subject Rights

Individuals have the following rights under GDPR:

  • Right of access: Request access to personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of personal data
  • Right to restrict processing: Request limitation of processing
  • Right to data portability: Receive data in a structured format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: Not be subject to automated decisions with legal effect

To exercise these rights, see our Privacy Rights page.

Data Protection Officer

Our Data Protection Officer oversees GDPR compliance, handles data subject requests, and serves as the point of contact for supervisory authorities.

Contact: dpo@bugni.io

Security Measures

We implement appropriate technical and organisational security measures including encryption, access controls, security testing, and staff training. See Information Security.

Data Processing Agreements

When processing personal data on behalf of clients, we enter into Data Processing Addenda (DPAs) meeting GDPR requirements. See Data Processing Addendum.

International Transfers

We implement appropriate safeguards for international data transfers including Standard Contractual Clauses and transfer impact assessments. See Data Transfers.

Data Breach Management

We have procedures for detecting, investigating, and responding to data breaches. We notify supervisory authorities and affected individuals as required by GDPR (within 72 hours for reportable breaches).

Privacy by Design and Default

We implement privacy by design and default in our engineering practices, considering data protection from the outset and ensuring appropriate default settings.

Data Protection Impact Assessments

We conduct DPIAs for high-risk processing activities, particularly those involving AI/ML systems, large-scale processing, or sensitive data.

Record Keeping

We maintain records of processing activities as required by GDPR, documenting data categories, purposes, recipients, transfers, and retention periods.

Training and Awareness

All staff receive data protection training appropriate to their roles, ensuring they understand GDPR requirements and our policies.

Supervisory Authority

Our lead supervisory authority is the UK Information Commissioner's Office (ICO). Individuals have the right to lodge complaints with the ICO or their local data protection authority.

Contact

Data Protection Officer: dpo@bugni.io

Privacy enquiries: privacy@bugni.io

General compliance: compliance@bugni.io