GDPR Compliance

Last updated: June 7, 2026

Our Commitment to Data Protection

sapphire-crater is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights as a data subject.

Data Controller Information

For the purposes of GDPR, the data controller is:

sapphire-crater
47 Millbrook Lane
Bristol BS3 4QR
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Consent: When you voluntarily submit information through our contact forms or subscribe to communications
• Contract: When processing is necessary to fulfill our contractual obligations to provide services
• Legitimate Interests: For business operations, website improvement, and customer service, where our interests do not override your rights
• Legal Obligation: When we must process data to comply with legal requirements

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You can request that we limit the processing of your personal data in certain situations, such as when you contest its accuracy or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Address: 47 Millbrook Lane, Bristol BS3 4QR, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of such extension.

Data Protection Principles

We adhere to the following GDPR data protection principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully and transparently
• Purpose Limitation: We collect data for specific, explicit, and legitimate purposes
• Data Minimization: We only collect data that is necessary for our purposes
• Accuracy: We keep personal data accurate and up to date
• Storage Limitation: We retain data only as long as necessary
• Integrity and Confidentiality: We implement appropriate security measures
• Accountability: We take responsibility for our data processing activities

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Staff training on data protection
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer your data outside the UK or European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Contact for Data Protection Matters

For any questions or concerns about data protection or GDPR compliance, please contact us at [email protected].