GDPR

Your Data Protection Rights – GDPR Statement

At Truvva, we take your privacy seriously. We are committed to protecting your personal data in
accordance with the UK General Data Protection Regulation (UK GDPR) and the Data
Protection Act 2018.

We want you to feel confident about how your data is collected, used, and protected — and to know your rights as
a data subject.

1. Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. These include:

  • Consent – When you have given clear permission (e.g. for marketing communications).
  • Contract – When processing is necessary to provide you with a service or product.
  • Legal Obligation – When required by law, such as for pharmacy regulation or record
    keeping.
  • Legitimate Interest – When processing is needed for our business operations and does
    not
    override your rights.
  • Vital Interests – When necessary to protect your health or life.

2. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

✅ Right to Access

You can request a copy of the data we hold about you.

✅ Right to Rectification

You can ask us to correct inaccurate or incomplete data.

✅ Right to Erasure

You can request the deletion of your data in certain circumstances — for example, if it’s no longer
needed
for
the purpose it was collected. This does not apply to medical records that we are legally required to
retain.

✅ Right to Restrict Processing

You can ask us to pause the use of your data under specific conditions (e.g. if you contest its
accuracy).

✅ Right to Object

You can object to data processing based on legitimate interests or direct marketing.

✅ Right to Data Portability

You can ask us to transfer your data to another service provider, where processing is based on consent
or
contract and carried out by automated means.

✅ Right to Withdraw Consent

Where processing is based on consent (e.g. marketing emails), you have the right to withdraw it at any
time.

3. Exercising Your Rights

To exercise any of your rights, please email our Data Protection Officer at:

📧 info@truvva.codebuddys.in

We aim to respond to all requests within one month. If your request is complex or numerous, we
may extend this period by a further two months and will let you know why.

4. Right to Lodge a Complaint

If you believe we’ve failed to comply with your data protection rights, you have the right to lodge a complaint
with the Information Commissioner’s Office (ICO):

📍 https://ico.org.uk/make-a-complaint

📞 0303 123 1113

✉️ ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

5. How We Keep Your Data Secure

We apply technical and organisational measures to protect your data, including:

  • SSL encryption for all sensitive communications
  • Role-based access controls
  • Regular security reviews and audits
  • Staff confidentiality agreements and training