GDPR Compliance

Last Updated: June 7, 2026

Our Commitment to Data Protection

crimson-tundra is committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We process personal data lawfully, fairly, and transparently, respecting your privacy rights at all times.

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you voluntarily provide information through contact forms or service requests
• Legitimate Interests: For business operations, service delivery, and communication related to your inquiries
• Legal Obligation: When required to comply with applicable laws and regulations

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

You may request confirmation of whether we process your personal data and obtain a copy of that data. We will provide this information within one month of your request.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion of that information.

Right to Erasure

You may request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restrict Processing

You can request that we limit the processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

Right to Object

You may object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.

Data Protection Principles

We adhere to the following principles when processing personal data:

• Lawfulness, fairness, and transparency in all processing activities
• Purpose limitation, ensuring data is collected for specified, explicit purposes
• Data minimization, collecting only what is necessary
• Accuracy, keeping information up to date
• Storage limitation, retaining data only as long as needed
• Integrity and confidentiality, protecting data with appropriate security measures

International Data Transfers

Personal data is processed and stored within the United Kingdom. If data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

Data Security Measures

We implement technical and organizational security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit and at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and updates
• Staff training on data protection obligations

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Address: 142 Woodland Avenue, Bristol BS8 2UE, United Kingdom

We will respond to your request within one month. In complex cases, this period may be extended by two additional months, and we will inform you of such extension.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

Information Commissioner's Office
Website: www.ico.org.uk
Helpline: 0303 123 1113

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.