GDPR Compliance

Last updated: 8 April 2026

Our Commitment to Data Protection

sturdy-fold Technology Solutions Ltd is committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We have implemented comprehensive policies and procedures to ensure compliance with data protection legislation.

This page provides specific information about our GDPR compliance measures and your rights as a data subject.

Data Controller Information

For the purposes of data protection legislation, sturdy-fold Technology Solutions Ltd is the data controller responsible for your personal information.

Company Name: sturdy-fold Technology Solutions Ltd
Registration Number: 08742651
Registered Address: 42 Queensway, Birmingham, B4 6AT, United Kingdom
Contact Email: [email protected]

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The specific lawful bases we rely on include:

Contractual Necessity

We process personal data to perform contracts with our clients, including delivering technology solutions, providing support services, and processing payments.

Legitimate Interests

We may process data based on our legitimate business interests, such as:

  • Communicating with potential and existing clients
  • Improving our services and website functionality
  • Detecting and preventing fraud
  • Maintaining business records

We always balance these interests against your rights and freedoms.

Legal Obligations

We process data to comply with legal requirements, including tax obligations, financial reporting, and regulatory compliance.

Consent

Where we rely on consent, you have the right to withdraw it at any time. This applies particularly to marketing communications and optional analytics cookies.

Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. We will provide this information within one month of receiving your request.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal information. We will make corrections promptly upon verification.

Right to Erasure

You may request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

This right is not absolute and may be limited by legal obligations to retain certain records.

Right to Restriction of Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of data or object to processing.

Right to Data Portability

For data processed based on consent or contract performance, you can receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant impacts. We do not currently engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us by email at [email protected] or by post at our registered address.

Your request should include:

  • Clear identification of which right you wish to exercise
  • Sufficient information to identify you and verify your identity
  • Specific details about the data or processing in question

We will respond within one month, though complex requests may require up to three months. We will inform you if an extension is necessary.

Exercising your rights is generally free of charge. However, we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Protection Principles

We adhere to the fundamental data protection principles outlined in UK GDPR:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner, providing clear information about our processing activities.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimisation

We only collect and process data that is adequate, relevant, and limited to what is necessary for the intended purposes.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date, correcting or deleting inaccurate information promptly.

Storage Limitation

We retain personal data only for as long as necessary for the purposes it was collected, or as required by law.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Accountability

We demonstrate compliance with these principles through documentation, policies, and regular reviews of our data processing activities.

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within seventy-two hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Document the breach, including facts, effects, and remedial actions taken
  • Take immediate steps to contain and mitigate the breach

International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. If we transfer data to countries outside the UK, we ensure adequate protection through:

  • Transfers to countries with adequacy decisions from the UK government
  • Use of standard contractual clauses approved by the Information Commissioner's Office
  • Other appropriate safeguards recognised under UK data protection law

Third-Party Processors

When we engage third parties to process personal data on our behalf, we:

  • Select processors that provide sufficient guarantees of compliance with data protection legislation
  • Enter into written contracts specifying the subject matter, duration, nature, and purpose of processing
  • Require processors to implement appropriate technical and organisational security measures
  • Ensure processors only act on our documented instructions
  • Prohibit processors from engaging sub-processors without our prior authorisation

Staff Training and Awareness

All team members who handle personal data receive regular training on data protection principles, our policies, and their responsibilities under UK GDPR. We maintain ongoing awareness programmes to ensure compliance throughout the organisation.

Privacy by Design and Default

We implement privacy by design and default principles by:

  • Considering data protection implications from the outset of new projects
  • Implementing appropriate technical and organisational measures
  • Ensuring default settings prioritise privacy protection
  • Minimising data collection to what is strictly necessary
  • Limiting access to personal data to those who need it for their work

Supervisory Authority

The Information Commissioner's Office (ICO) is the UK supervisory authority for data protection. You have the right to lodge a complaint with the ICO if you believe we have not handled your personal data appropriately:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to reflect changes in legislation, guidance from the ICO, and best practices in data protection. Significant updates will be communicated to affected individuals.

Contact Us

For questions about our GDPR compliance or to exercise your data protection rights, please contact us:

Email: [email protected]
Post: 42 Queensway, Birmingham, B4 6AT, United Kingdom