This site contains promotional content

GDPR Compliance

Last updated: April 21, 2026

Our Commitment to GDPR

We are committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals within the European Economic Area and the United Kingdom.

This page outlines how we fulfill our obligations under GDPR and how you can exercise your data protection rights.

Data Controller Information

For the purposes of GDPR, the data controller is:

domain
47 Whitfield Street
Fitzrovia
London W1T 4HB
United Kingdom

Contact email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent (Article 6(1)(a))

We process data based on your explicit consent for:

  • Marketing communications
  • Non-essential cookies
  • Optional data collection for service improvement

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Contract Performance (Article 6(1)(b))

We process data necessary to:

  • Fulfill service contracts
  • Deliver purchased services
  • Process payments

Legal Obligation (Article 6(1)(c))

We process data to comply with legal requirements including:

  • Tax and accounting obligations
  • Regulatory reporting
  • Responses to lawful requests from authorities

Legitimate Interests (Article 6(1)(f))

We process data for legitimate business interests:

  • Website analytics and improvement
  • Fraud prevention and security
  • Business development and research

We balance these interests against your rights and will not process data in ways that override your fundamental rights and freedoms.

Your Data Protection Rights

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data and information about how it is processed.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Legal obligations require erasure

Right to Restriction of Processing (Article 18)

You have the right to restrict processing when:

  • You contest the accuracy of personal data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification of legitimate grounds

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller when processing is based on consent or contract and carried out by automated means.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significant effects. We do not engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected] with:

  • Your full name and contact information
  • Description of your request
  • Proof of identity (to prevent unauthorized access)

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

We do not charge a fee for processing rights requests unless the request is manifestly unfounded or excessive.

Data Protection Measures

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Staff training on data protection
  • Incident response procedures
  • Secure data disposal processes

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, in accordance with Article 33 and 34 of GDPR.

Third-Party Processing

When we engage third-party processors, we:

  • Enter into data processing agreements compliant with Article 28
  • Ensure processors provide sufficient guarantees of data protection
  • Monitor processor compliance with our instructions
  • Maintain records of processing activities

International Data Transfers

When transferring data outside the EEA or UK, we ensure appropriate safeguards through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions under Article 45
  • Other lawful transfer mechanisms under Chapter V of GDPR

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account:

  • Legal retention requirements
  • Limitation periods for legal claims
  • Operational necessity
  • Your preferences regarding retention

See our Privacy Policy for specific retention periods by data category.

Children's Data

We do not knowingly process personal data of children under the age of sixteen without parental consent, in compliance with Article 8 of GDPR.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been infringed.

For the United Kingdom, the supervisory authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or directly to affected individuals.

Contact for Data Protection Matters

For questions about our GDPR compliance or to exercise your data protection rights:

Email: [email protected]