Advanced UK – GDPR Compliance Statement 

  1. Home
  2. chevron_right
  3. Advanced UK – GDPR Compliance Statement 

Who we Are

Advanced UK, the trading name of Advanced Business Equipment, whose registered office is

Tavistock House, 5 Rockingham Road, Uxbridge, UB8 2UB

Our Data Protection Processes

In preparing for GDPR, Advanced UK conducted a 12-month cycle of GDPR readiness. Steps taken included the following:

  • The appointment of an in-house DPO, with many years of experience;
  • The completion of multiple GDPR Readiness Assessments;
  • The preparation of a bespoke Process Register, Risk Register, and PIMS (Personal Information Management System) modelled on BS 1012:2017;
  • Cyber security and privacy awareness training for all staff;
  • Re-configurations and updates of servers, workstations, and related networking systems to enhance our total network security;
  • The adoption of data sharing agreements as required, and appropriate safeguards where required for the transfer of personal data to Third Countries.


We are committed to the principles inherent in the GDPR and particularly to the concepts of privacy by design, the right to be forgotten, consent and a risk-based approach. In addition, we aim to ensure:

  • transparency with regard to the use of data
  • that any processing is lawful, fair, transparent and necessary for a specific purpose
  • that data is accurate, kept up to date and removed when no longer necessary
  • that data is kept safely and securely.


Our Data Protection Officer (DPO) works to promote awareness of the GDPR and oversees our commitment to best practice, and informs and advises the management team, and monitors compliance.


Our privacy policy is available on our website and a copy has been made available to all employees and to contractors and suppliers associated with this organisation. It forms part of the induction training of all new staff and follow-up sessions will be put in place if the legislation changes or further guidance is available.

Right to be forgotten

We recognise the right to erasure as set forth in the GDPR. Individuals should contact with requests for the deletion or removal of personal data. These will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply. These exemptions include where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation.

Subject access requests 

We recognise that individuals have the right to access their personal data and supplementary information and will comply with the one month timeframe for responses set down in the GDPR. As a general rule, a copy of the requested information will be provided free of charge although we reserve the right to charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the data subject will be informed of their right to contest our decision with the supervisory authority (the Information Commissioner’s Office (ICO)).

As set out in the GDPR, any fee will be notified in advance and will be based on the administrative cost of providing the information.


We implement data protection “by design and by default”, as required by the GDPR. Safeguards are built into products and services from the earliest stage of development and privacy-friendly default settings will be the norm.

Our privacy notice is publicly available, and it explains our approach to privacy. It makes clear that individuals have a right to complain to the ICO. We have conducted a privacy impact assessment (PIA) to ensure that privacy risks have been properly considered and addressed.

Data transfers outside the EU

We have put recognised procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of any personal data that is transferred to countries outside the EU.

Diligence checks are carried out to ensure that such countries have the necessary safeguards in place, provide enforceable data subject rights and offer effective legal remedies for data subjects where applicable.

Data loss

If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the people affected will be informed as soon as possible and the ICO will be notified within 72 hours.

GDPR contact

Any questions related to GDPR or to issues concerning data protection generally should initially be addressed to