GDPR Compliance

Last Updated: April 2026

Introduction

The General Data Protection Regulation (GDPR) is a European Union regulation that governs data protection and privacy. domain is committed to full compliance with GDPR requirements regarding the processing of personal data for individuals in the European Economic Area (EEA) and United Kingdom.

Our Commitment to GDPR

We recognise the importance of protecting personal data and respecting individual privacy rights. Our data processing practices adhere to GDPR principles:

• Lawfulness, fairness, and transparency in data processing
• Purpose limitation: collecting data only for specified, legitimate purposes
• Data minimisation: collecting only necessary information
• Accuracy: keeping personal data accurate and up to date
• Storage limitation: retaining data only as long as necessary
• Integrity and confidentiality: maintaining appropriate security measures
• Accountability: demonstrating compliance with data protection principles

Data Controller Information

For the purposes of GDPR, domain acts as the data controller for personal information collected through our website and service delivery.

Data Controller:
domain
142 Kensington High Street
London W8 7RL
United Kingdom
Email: [email protected]

Legal Basis for Processing

We process personal data only when we have a valid legal basis under GDPR:

Consent

We may process your personal data based on consent you have provided for specific purposes. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Contract Performance

We process personal data when necessary to fulfil contractual obligations related to service delivery.

Legitimate Interests

We may process personal data based on legitimate business interests, such as improving services, preventing fraud, or ensuring network security, provided such interests do not override your fundamental rights and freedoms.

Legal Obligations

We process personal data when required to comply with legal obligations under applicable laws.

Your Rights Under GDPR

GDPR grants you specific rights regarding your personal data:

Right to Information

You have the right to be informed about how we collect and use your personal data. This information is provided through our Privacy Policy and this GDPR page.

Right of Access

You have the right to request access to personal data we hold about you. We will provide you with a copy of your personal data in a commonly used electronic format.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will update records promptly upon verification of corrected information.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent on which processing is based
• You object to processing and there are no overriding legitimate grounds
• Personal data has been unlawfully processed
• Erasure is required to comply with legal obligations

This right is not absolute and may be limited by legal obligations to retain certain information.

Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive personal data you provided to us in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease such processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significantly affects you. We do not currently employ automated decision-making systems that would trigger this right.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the details provided in the Data Controller Information section above. We will:

• Respond to requests within one month of receipt
• Extend the response period by up to two additional months for complex requests, with notification
• Verify your identity before processing requests to protect against unauthorised access
• Provide responses free of charge unless requests are manifestly unfounded or excessive

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Access controls limiting data availability to authorised personnel only
• Regular security assessments and penetration testing
• Employee training on data protection obligations
• Confidentiality agreements with all team members and service providers
• Incident response procedures for potential data breaches

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all data breaches, including facts, effects, and remedial actions taken

International Data Transfers

When transferring personal data outside the EEA or UK, we ensure appropriate safeguards are in place, which may include:

• Adequacy decisions recognising equivalent data protection standards
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for intra-group transfers
• Other mechanisms approved under GDPR

Data Protection Officer

For questions specifically related to data protection practices or to exercise your GDPR rights, you may contact our data protection function:

Email: [email protected]

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data violates GDPR.

In the United Kingdom, the supervisory authority is:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Children's Data

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If we become aware we have collected information from a child without appropriate consent, we will delete it promptly.

Updates to GDPR Compliance

We regularly review and update our data protection practices to ensure ongoing GDPR compliance. Material changes to this GDPR compliance page will be communicated through website updates and, where appropriate, direct notification to affected individuals.

Additional Information

For comprehensive information about our data practices, please also review our Privacy Policy and Cookies Policy.