GDPR Compliance

Last Updated: June 18, 2026

Our Commitment to Data Protection

atoll-jaguar is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we implement GDPR principles in our data processing activities.

Data Controller Information

atoll-jaguar acts as the data controller for personal information collected through our website and service provision.

Contact: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis, including:

• Consent: You have given clear consent for us to process your personal data for a specific purpose
• Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• Legal obligation: Processing is necessary for us to comply with the law
• Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This information is provided through our Privacy Policy and this GDPR page.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, including processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling in our data processing activities.

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. Please provide:

• Your full name
• Contact details
• Description of the right you wish to exercise
• Any relevant details to help us locate your data

We will respond to your request within one month. In complex cases, this may be extended by two additional months, and we will inform you of any extension.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit
• Regular security assessments
• Access controls and authentication
• Regular backup procedures
• Staff training on data protection

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. If such transfers become necessary, we will ensure appropriate safeguards are in place as required by UK GDPR.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods are detailed in our Privacy Policy.

Children's Data

We do not knowingly collect or process personal data from individuals under 18 years of age.

Supervisory Authority

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

Updates to This Page

We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Updates will be posted with a new revision date.

Contact Us

For questions about GDPR compliance or to exercise your data protection rights:

atoll-jaguar
Email: [email protected]