GDPR - What is it?

The General Data Protection Regulation 2016 ('GDPR') comes into full effect on 25 May 2018. Its purpose is to protect the "rights and freedoms" of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge and, wherever possible, that it is processed with their consent.

The GDPR applies to the processing of personal data wholly or partly by automated means (i.e. by computer) AND to the processing other than by automated means of personal data (i.e. paper records) that form part of a filing system or are intended to form part of a filing system.

Our commitment

Here at, we are absolutely committed to your privacy. We care deeply about privacy on a very personal level and we handle your information with the same care that we take for ourselves, our family and our friends.

We acknowledge that the website and its services will constantly evolve and new features will be added. However, our privacy principles will remain unchanged. We will always adhere to any laws that govern our user's rights when it comes to their personal information.

Therefore, we are fully committed to compliance with all relevant EU and Member State laws in respect of the personal data of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR).

As a result of our own assessment we are confident that our systems and operations are fully compliant with current Data Protection Act legislation and that we are already compliant with the GDPR. We also have all required policies, processes and procedures in place.

Ensuring compliance

To ensure that we are fully GDPR compliant we undertook a comprehensive, structured audit which included:

  • Naming a data protection officer
  • Keeping a record of consents
  • Minimise the data we collect
  • Created a data map so we know what data our business collects and where it is stored
  • Implemented a system to identify and handle any data subject access requests
  • Implemented a system to identify and handle any data erasure or corrections
  • Created a retention schedule for data. We destroy data when it has reached the end of its retention period
  • Made all staff aware of GDPR regulations
  • Created a breach response policy
  • Updated our website's privacy policy (to include identity of the controller, purpose of the processing and the legal basis, the legitimate interest, any recipient or categories of recipients of the personal data, the right to withdraw consent at any time, and the data retention period)

Got any questions?

If you have any queries on any aspect of our GDPR compliance or Privacy Policy, please contact us by email at