GDPR Compliance

Last updated: 7 June 2026

Our Commitment to Data Protection

fjord-spark is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines how we comply with data protection legislation and what rights you have regarding your personal information.

Data Controller Information

For the purposes of data protection legislation, fjord-spark is the data controller responsible for your personal data.

Contact details:
Email: info at fjord-spark.com
Address: 42 Clerkenwell Road, London EC1M 5PD, United Kingdom

Your Rights Under GDPR

Under the GDPR, you have the following rights concerning your personal data:

Right to Access

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about how we use it.

Right to Rectification

You can request that we correct any inaccurate personal data we hold about you or complete incomplete data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected, or when you withdraw consent.

Right to Restriction of Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

Right to Object

You can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of these rights, please contact us at: info at fjord-spark.com

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

When submitting a request, please provide sufficient information to enable us to verify your identity and locate your data.

Lawful Basis for Processing

We process personal data only when we have a lawful basis, including:

• Consent: You have given clear consent for us to process your personal data for a specific purpose
• Contract: Processing is necessary to fulfil a contract with you or to take steps at your request before entering into a contract
• Legal obligation: Processing is necessary to comply with legal requirements
• Legitimate interests: Processing is necessary for our legitimate business interests, except where overridden by your rights and interests

Data Protection Principles

We adhere to the following GDPR data protection principles:

• Lawfulness, fairness, and transparency
• Purpose limitation—we collect data for specified, explicit, and legitimate purposes
• Data minimisation—we collect only what is necessary
• Accuracy—we keep data accurate and up to date
• Storage limitation—we retain data only as long as necessary
• Integrity and confidentiality—we protect data through appropriate security measures
• Accountability—we can demonstrate compliance with these principles

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls limiting data access to authorised personnel
• Staff training on data protection requirements
• Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also report the breach to the relevant supervisory authority within 72 hours of becoming aware of it, where required by law.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Third-Party Processors

Where we engage third-party service providers to process personal data on our behalf, we ensure they:

• Process data only on our documented instructions
• Implement appropriate security measures
• Enter into data processing agreements that meet GDPR requirements

Children's Data

We do not knowingly collect or process personal data from individuals under 18 years of age. Our services are intended for adults.

Updates to This Information

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Complaints

If you believe we have not complied with data protection law, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Contact Us

For questions about our GDPR compliance or to exercise your data protection rights, please contact:

Email: info at fjord-spark.com
Address: 42 Clerkenwell Road, London EC1M 5PD, United Kingdom