GDPR Compliance

Last updated: April 21, 2026

Our Commitment to GDPR

domain is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines our GDPR compliance measures and your rights under this regulation.

Data Controller

For the purposes of GDPR, domain acts as the data controller for the personal information we collect and process.

Contact details:
Email: [email protected]
Address: 127 Creative Quarter, Shoreditch, London EC2A 4NX, United Kingdom

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a commonly used electronic format.

2. Right to Rectification

If you believe any of your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.

3. Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data under certain circumstances, such as when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

4. Right to Restrict Processing

You can request that we limit the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6. Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests, for direct marketing purposes, or for research purposes.

7. Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

8. Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two months for complex requests.

When making a request, please provide sufficient information to allow us to verify your identity and locate your data.

Data Protection Principles

We process personal data in accordance with the following GDPR principles:

• Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes
• Data minimization: We ensure data is adequate, relevant, and limited to what is necessary
• Accuracy: We keep personal data accurate and up to date
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We process data securely with appropriate safeguards
• Accountability: We take responsibility for compliance and can demonstrate it

Lawful Basis for Processing

We process your personal data under one or more of the following lawful bases:

• Consent: You have given clear consent for us to process your data for a specific purpose
• Contract: Processing is necessary to fulfill a contract with you
• Legal obligation: Processing is necessary to comply with the law
• Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests

Data Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication procedures
• Regular security assessments and audits
• Staff training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

If we transfer your personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions confirming adequate protection in the recipient country
• Binding corporate rules for intra-group transfers

Data Protection Officer

While we are not required to appoint a Data Protection Officer under GDPR, we have designated a data protection contact who oversees our compliance efforts. You can reach them at [email protected].

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Please check this page periodically for updates.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at [email protected].