GDPR Compliance

Last updated: 25 June 2026

Our Commitment to Data Protection

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations.

Data Controller

For the purposes of GDPR, the data controller is:

feral-dune
47 Whitfield Street
London, W1T 4HB
United Kingdom

Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual necessity: To fulfill service agreements and deliver requested services
• Legitimate interests: To operate our business, improve our services, and communicate with clients
• Consent: For marketing communications and non-essential cookies
• Legal obligation: To comply with applicable laws and regulations

Your Rights Under GDPR

Under GDPR, you have the following rights:

Right to Access

You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, access to the personal data.

Right to Rectification

You have the right to obtain rectification of inaccurate personal data and to have incomplete personal data completed.

Right to Erasure

You have the right to request the deletion of your personal data under certain circumstances.

Right to Restriction of Processing

You have the right to restrict processing of your personal data under specific conditions.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. When data is no longer needed, we securely delete or anonymize it.

International Data Transfers

We process personal data within the United Kingdom and European Economic Area. If we need to transfer data outside these regions, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at:

[email protected]

We will respond to your request within one month of receipt.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.