1. Home
  2. Legal & Compliance
  3. Understanding GDPR Compliance
Searching...

Understanding GDPR Compliance

At Leito Ltd, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page is designed to help you understand your rights and our responsibilities under this important law.

What Is GDPR?

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a European Union regulation that governs how personal data must be collected, used, and protected. It also applies to companies outside the EU/EEA if they offer goods or services to individuals in those regions — including Leito Ltd.

Key GDPR Principles

The GDPR is based on seven core principles:

  1. Lawfulness, Fairness and Transparency
  2. Purpose Limitation
  3. Data Minimisation
  4. Accuracy
  5. Storage Limitation
  6. Integrity and Confidentiality (Security)
  7. Accountability

We apply each of these principles in how we design our services and handle data.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access – Request access to the personal data we hold about you.
  • Right to Rectification – Request corrections to inaccurate or incomplete data.
  • Right to Erasure – Request deletion of your data where applicable.
  • Right to Restrict Processing – Request restriction of processing in certain situations.
  • Right to Data Portability – Receive your data in a commonly used format or ask for it to be transferred.
  • Right to Object – Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent – Withdraw your consent at any time, where processing is based on consent.
  • Right to Lodge a Complaint – Contact your local data protection authority if you believe your data rights have been violated.

To exercise any of these rights, contact us at: dpo@leito.org

What Is Our Role?

  • In most cases, we act as a data processor, handling personal data on behalf of our business customers.
  • In some cases — for example, when handling employee data, recruitment applications, or marketing — we act as the data controller.

More details are available in our Privacy Policy.

International Data Transfers

We may transfer data outside the UK or EEA. When we do, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO) or the European Commission. We also perform data transfer risk assessments as required.

How We Keep Your Data Safe

We employ a range of technical and organisational measures to ensure your personal data is protected. These include:

  • Encryption of data in transit and at rest
  • Secure cloud infrastructure
  • Access controls and authentication measures
  • Regular security audits and monitoring

Want to Know More?

If you have any questions about GDPR or how your data is handled, you can contact us by email or post:

Email: dpo@leito.org
Post: Leito Ltd
45a Station Road
Willington
Bedford
MK44 3QL
United Kingdom

We are happy to provide further detail or address any specific concerns you may have.

ticket system