GDPR Compliance

Our commitment to data protection under the General Data Protection Regulation

Our Commitment to GDPR

We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities, such as marketing communications
  • Contract: When processing is necessary to fulfill our contractual obligations to you, such as delivering booked services
  • Legitimate Interests: When we have legitimate business interests that do not override your rights and freedoms
  • Legal Obligation: When we must process data to comply with legal requirements

Your Rights Under GDPR

Right to Access

You have the right to request access to the personal data we hold about you. We will provide a copy of your data in a commonly used electronic format.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request correction or completion of that information.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required for compliance with legal obligations

Right to Restriction of Processing

You can request that we limit the processing of your personal data in certain circumstances, such as while we verify the accuracy of disputed data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

Data Protection Officer

For GDPR-related enquiries, you may contact our Data Protection Officer:

Email: [email protected]
Address: 127 Upper Street, Islington, London N1 1QP, United Kingdom

How to Exercise Your Rights

To exercise any of your GDPR rights, please:

  • Send an email to [email protected] with "GDPR Request" in the subject line
  • Clearly state which right you wish to exercise
  • Provide sufficient information to verify your identity

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions for certain countries
  • Binding corporate rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Client records: 7 years after last interaction (for tax and accounting purposes)
  • Marketing consent: Until consent is withdrawn
  • Website analytics: 26 months
  • Email correspondence: 3 years

Third-Party Processors

We work with carefully selected third-party processors who handle data on our behalf. All processors are contractually bound to GDPR compliance and may only process data according to our instructions.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

In the United Kingdom, the relevant authority is:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

Updates to GDPR Compliance

We regularly review and update our GDPR compliance procedures to ensure we meet current requirements and best practices.

Contact Us

For any questions about our GDPR compliance or data protection practices:

Email: [email protected]
Address: 127 Upper Street, Islington, London N1 1QP, United Kingdom