Data Compliance and GDPR Statement

As a data controller and/or data processor under the GDPR, we ensure the following:

• Lawful Basis for Processing: All personal data is processed in a lawfu, fair, and transparent manner. We rely on appropriate legal grounds for processing such as consent, contract, legal obligation, or legitimate interests.
• Data Minimisation: We only collect and retain data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes.
• Accuracy and Integrity: We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date.
• Storage Limitation: Data is stored in a format that permits the identification of data subjects for no longer than necessary.
• Security Measures: Appropriate technical and organisational measures are in place to ensure a level of security appropriate to the risk, including data encryption, secure storage, access controls, and regular risk assessments.
• Data Subject Rights: We uphold all rights of data subjects, including the right to access, rectify, erase, restrict processing, object, and data portability. We also ensure the right to withdraw consent at any time where applicable.
• International Transfers: Where personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, such as Standard Contractual Clauses or transfers to countries with an adequacy decision from the European Commission.