GDPR statement
This statement explains how starry-crest complies with the UK GDPR and Data Protection Act. We aim to be transparent about how we handle personal data.
Lawful basis
We process personal data under the lawful bases of consent, contract, and legitimate interest depending on the context.
For client engagements we rely on contract, while newsletter or workshop updates depend on consent.
Data minimisation
We only request the information needed to deliver services and maintain accurate records.
Your rights under GDPR
Access and portability
You may request a copy of the personal data we hold and ask for it in a portable format.
Rectification and erasure
You can ask us to correct inaccurate data or delete information that is no longer required.
Restriction and objection
We will honour requests to restrict processing when legally required.
Data transfers and security
We store data within the UK and European Economic Area wherever possible.
Security controls include access restrictions, encrypted storage, and limited retention schedules.
Contact for GDPR requests
Email [email protected] to submit a GDPR request.
We aim to respond within one calendar month.