GDPR - General Data Protection Regulation

At Chicken Road UK, we are committed to protecting your personal data and respecting your privacy. This page explains how the General Data Protection Regulation (GDPR) applies to your use of this website, what rights you have as a data subject, and how we process and safeguard your personal information in accordance with the UK GDPR and the Data Protection Act 2018.

What Is the GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection framework that was originally enacted by the European Union and came into effect on 25 May 2018. Following the United Kingdom's departure from the EU, the regulation was retained in UK domestic law as the UK GDPR, supplemented by the Data Protection Act 2018.

The UK GDPR sets out strict rules for how organisations collect, store, use, and share personal data. It gives individuals greater control over their personal information and imposes significant obligations on data controllers and processors. The regulation applies to all organisations operating in the UK that process personal data, regardless of where the data processing takes place.

Personal data is defined as any information that relates to an identified or identifiable living individual. This includes, but is not limited to, names, email addresses, IP addresses, location data, and online identifiers such as cookies.

Your Rights as a Data Subject

Under the UK GDPR, you have a number of rights in relation to your personal data. We are committed to facilitating the exercise of these rights:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how and why it is being processed. This is commonly known as a Subject Access Request (SAR).
• Right to Rectification (Article 16): If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected or completed without undue delay.
• Right to Erasure (Article 17): Also known as the "right to be forgotten," this allows you to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw your consent.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
• Right to Object (Article 21): You have the right to object to the processing of your personal data where that processing is based on legitimate interests or is carried out for direct marketing purposes. Where you object, we must cease processing unless we can demonstrate compelling legitimate grounds.
• Right to Restriction of Processing (Article 18): In certain circumstances, you have the right to request that we restrict the processing of your personal data. This means we may store your data but not actively use it.
• Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided at the bottom of this page. We will respond to your request within one calendar month, as required by the UK GDPR.

Legal Basis for Processing

We only process your personal data when we have a lawful basis for doing so. The UK GDPR sets out six legal bases for processing. The bases most relevant to our activities are:

• Consent: Where you have given clear, affirmative consent for us to process your personal data for a specific purpose, such as subscribing to a newsletter or accepting non-essential cookies.
• Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party), provided that those interests are not overridden by your rights and freedoms. For example, we may process data for website analytics, fraud prevention, or improving our services.
• Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject, such as responding to a lawful request from a regulatory authority.

Where we rely on consent as the legal basis, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Data Controller, Retention Periods, and International Transfers

Chicken Road UK acts as the data controller for personal data collected through this website. As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with the UK GDPR.

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods vary depending on the type of data and the purpose of processing:

• Contact form submissions: retained for up to 12 months
• Analytics data (anonymised): retained for up to 26 months
• Cookie consent records: retained for up to 12 months
• Legal and regulatory records: retained as required by applicable law

Once the retention period has expired, personal data is securely deleted or anonymised so that it can no longer be associated with you.

In some cases, your personal data may be transferred to, stored, or processed in countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your data, in accordance with the UK GDPR. These safeguards may include Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, adequacy decisions, or other legally recognised mechanisms.

Data Protection Officer and Contact Information

If you have any questions, concerns, or requests regarding the processing of your personal data or this GDPR notice, you may contact us through our Contact page.

We take all data protection enquiries seriously and will endeavour to respond promptly and thoroughly. If you are not satisfied with our response, or if you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the supervisory authority.

Information Commissioner's Office (ICO)

The Information Commissioner's Office (ICO) is the UK's independent supervisory authority for data protection. The ICO is responsible for upholding information rights in the public interest and enforcing the UK GDPR and the Data Protection Act 2018.

If you are dissatisfied with how we have handled your personal data or responded to your data protection request, you have the right to complain to the ICO:

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first so that we have the opportunity to address your concerns directly before you escalate the matter to the ICO.

Last updated: 12 February 2026