This content is advertising in nature

GDPR Compliance

Your data protection rights explained

Our Commitment to Data Protection

We take our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 seriously. This page explains how we comply with data protection law and outlines your rights.

Data Controller

spire-finch is the data controller for personal information processed through this website. This means we determine how and why your personal data is processed.

Your Rights Under GDPR

Data protection law provides you with the following rights:

Right to Be Informed

You have the right to know how we collect and use your personal data. Our privacy policy provides this information in clear, accessible language.

Right of Access

You can request a copy of the personal data we hold about you. We will respond to access requests within one month of receiving them.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will address rectification requests promptly.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This right applies when the data is no longer necessary for its original purpose, you withdraw consent, or processing is unlawful.

Right to Restrict Processing

You can request that we limit how we use your data in certain situations, for example while we verify its accuracy or consider an objection you have raised.

Right to Data Portability

Where we process data based on consent or contract, you can request that we provide your data in a structured, commonly used format that can be transferred to another organisation.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before processing your request. We will respond within one month, though complex requests may take longer.

Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

ICO website: ico.org.uk

Data Protection Principles

We adhere to the data protection principles set out in law:

  • Processing personal data lawfully, fairly, and transparently
  • Collecting data for specified, explicit, and legitimate purposes
  • Ensuring data is adequate, relevant, and limited to what is necessary
  • Keeping data accurate and up to date
  • Retaining data only as long as necessary
  • Processing data securely with appropriate technical measures

Updates

This page was last updated in June 2026. We review our data protection practices regularly and will update this information as needed.