GDPR & Compliance
Our Commitment to GDPR
At Pluto, protecting your personal data is a fundamental part of the way we work. We fully comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means we handle all personal information lawfully, fairly, and transparently, whether we are acting as a Controller or a Processor. Our aim is to ensure that you can trust us with your data at every stage of your interaction with our services.
What GDPR Means for You
The GDPR is a legal framework that governs how organisations collect, use, store, and share personal data. It gives you greater control over your information and sets clear rules for organisations like ours. These rules ensure that data is collected for specific purposes, kept secure, and only retained for as long as it is needed.
Our Approach to GDPR Principles
We only collect and use data for clear, specific, and legitimate purposes, and we always use the minimum amount of data necessary to deliver our services. We ensure that information is accurate and kept up to date, and we put security measures in place to protect it from unauthorised access, loss, or misuse. Data is never kept longer than necessary and is disposed of securely when no longer required.
Lawful Bases for Processing
Depending on the nature of the service, we may process your personal data to fulfil a contract with you, because you have given us your consent, to meet a legal obligation, to pursue our legitimate interests in providing and improving our services, or to protect someone’s vital interests in an urgent situation. For example, health data from our monitoring services is processed with explicit consent or for safeguarding purposes where necessary.
How We Keep Your Data Safe
All personal data is stored securely, using encryption, access controls, and secure servers. Our systems are regularly tested, and all staff receive GDPR training so they understand their responsibilities. When data is transferred outside the UK or EEA, we apply legally recognised safeguards such as Standard Contractual Clauses or the UK International Data Transfer Agreement.
Your Rights Under GDPR
You have the right to request a copy of your data, to correct any inaccuracies, to ask us to delete information where there is no lawful reason for us to keep it, to restrict or object to certain types of processing, and to transfer your data to another provider. If processing is based on your consent, you have the right to withdraw that consent at any time.
