GDPR Compliance

Last updated: May 29, 2026

Overview

Fjord Thicket Limited is committed to compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union and United Kingdom. This page outlines how we comply with GDPR requirements.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual Necessity: To fulfill our rental agreement and provide services you've requested
• Legitimate Interests: To improve our services, prevent fraud, and maintain business operations
• Legal Obligations: To comply with tax, accounting, and legal requirements
• Consent: For marketing communications and non-essential cookies (where required)

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. We will provide this information within one month of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected, or you withdraw consent.

Right to Restriction of Processing

You can request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not currently use automated decision-making in our operations.

Data Protection Officer

We have appointed a Data Protection Officer to oversee our GDPR compliance:

Data Protection Officer
Fjord Thicket Limited
42 Curzon Street
Mayfair, London W1J 7UL
United Kingdom
Email: [email protected]

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Incident response and breach notification procedures
• Regular backups and disaster recovery planning

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

International Data Transfers

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection standards
• Binding Corporate Rules for transfers within corporate groups

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Rental Records: 7 years (for tax and legal compliance)
• Marketing Consent: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: 26 months
• Customer Support Communications: 3 years

Third-Party Processors

We work with carefully selected third-party processors who are also GDPR compliant. We maintain data processing agreements with all processors that access personal data on our behalf.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

• Email: [email protected]
• Post: Data Protection Officer, Fjord Thicket Limited, 42 Curzon Street, Mayfair, London W1J 7UL

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority:

UK: Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

Children's Data

We do not knowingly process personal data of individuals under 18 years of age. Our services are designed for adults only.

Updates to This Page

We may update this GDPR compliance page to reflect changes in our practices or legal requirements. Material changes will be communicated through our website and, where appropriate, via email.

Contact Information

For questions about GDPR compliance or data protection practices:

Fjord Thicket Limited
42 Curzon Street
Mayfair, London W1J 7UL
United Kingdom
Email: [email protected]