GDPR - meadow-dolphin

Last updated: June 10, 2026

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. At meadow-dolphin, we take our obligations under GDPR seriously and are committed to protecting your personal data and respecting your privacy rights.

Our Role Under GDPR

For the purposes of GDPR, meadow-dolphin acts as the data controller. This means we determine the purposes and means of processing your personal data. We are responsible for ensuring that all processing activities comply with GDPR requirements.

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The legal bases we rely on include:

Performance of a Contract: When processing is necessary to provide the services you have requested
Legitimate Interests: When we have a legitimate business interest that does not override your rights
Consent: When you have given clear and affirmative consent for specific processing activities
Legal Obligation: When we must process data to comply with the law

Your Rights Under GDPR

GDPR grants you specific rights regarding your personal data. We are committed to facilitating the exercise of these rights:

Right to Be Informed

You have the right to clear and transparent information about how we collect and use your personal data. This information is provided through our Privacy Policy and this GDPR page.

Right of Access

You can request confirmation of whether we are processing your personal data and obtain a copy of that data. We will provide this information within one month of your request, free of charge for the first copy.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed. We will respond to rectification requests within one month.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances, including when:

The data is no longer necessary for the purpose it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transmit this data directly to another controller where technically feasible.

Right to Object

You can object to processing of your personal data when it is based on legitimate interests or performed for direct marketing purposes. We must stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects. We do not currently engage in automated decision-making of this nature.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Data Protection Principles

We adhere to the core principles of data protection established by GDPR:

Lawfulness, Fairness, and Transparency: Processing is lawful, fair, and transparent to you
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes
Data Minimisation: We collect only data that is adequate, relevant, and necessary
Accuracy: Personal data is kept accurate and up to date
Storage Limitation: Data is retained only as long as necessary
Integrity and Confidentiality: Appropriate security measures protect your data
Accountability: We can demonstrate compliance with these principles

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data during transmission and storage
Regular security assessments and vulnerability testing
Access controls limiting data access to authorized personnel only
Employee training on data protection and security practices
Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

International Data Transfers

When we transfer your personal data outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by the European Commission
Transfers to countries with an adequacy decision
Binding corporate rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our standard retention period for service-related data is three years, after which data is securely deleted or anonymised.

Children's Data

Our services are not directed at children under the age of sixteen. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In the United Kingdom, the relevant authority is the Information Commissioner's Office (ICO).

Updates to This Page

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised effective date.

Contact Information

For any questions, concerns, or requests related to GDPR compliance or your data protection rights, please contact us at:

Email: [email protected]
Address: 142 Victoria Street, London, SW1E 5LB, United Kingdom

GDPR Compliance