GDPR Compliance

Last updated: June 5, 2026

Our Commitment to Data Protection

beige-birch is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we ensure compliance with these regulations.

Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you voluntarily provide information through our contact forms
• Legitimate interests: For business operations, service improvement, and maintaining client relationships
• Legal obligation: When required to comply with UK law
• Contractual necessity: To fulfill service agreements and project delivery

Data Controller Information

beige-birch acts as the data controller for personal information collected through this website and during service provision. We determine the purposes and means of processing your personal data.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access: Obtain confirmation of whether we process your data and receive a copy
• Right to rectification: Correct inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data under certain circumstances
• Right to restrict processing: Limit how we use your data in specific situations
• Right to data portability: Receive your data in a structured, commonly used format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making: Not be subject to decisions based solely on automated processing

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

Data Security Measures

We implement appropriate technical and organizational security measures including:

• Encryption of data in transit and at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and updates
• Staff training on data protection principles
• Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also inform affected individuals without undue delay.

International Data Transfers

We primarily store and process data within the United Kingdom. If data is transferred internationally, we ensure appropriate safeguards are in place as required by UK GDPR.

Children's Privacy

Our services are directed at businesses and organizations. We do not knowingly collect personal data from individuals under 16 years of age without parental consent.

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters, if you believe we have not handled your personal data appropriately.

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: www.ico.org.uk

Updates to This Information

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Material changes will be communicated through our website.

Contact Information

For questions about our data protection practices or to exercise your rights, contact us at [email protected].