GDPR Compliance Statement

Last updated: May 22, 2026

Our Commitment to GDPR

sly-wind is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the United Kingdom and European Economic Area.

This statement outlines our approach to data protection and your rights under GDPR.

Data Controller Information

Data Controller: sly-wind
Address: 127 Oakfield Road, Clifton, Bristol BS8 2AT, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests

Your Rights Under GDPR

1. Right to be Informed

You have the right to know how we collect, use, and store your personal data. This information is provided in our Privacy Policy and this GDPR statement.

2. Right of Access

You can request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

4. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to the processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

5. Right to Restrict Processing

You can request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

7. Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8. Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: [email protected]
  • Write to: 127 Oakfield Road, Clifton, Bristol BS8 2AT, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this by two additional months, and we will inform you if this is necessary.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Staff training on data protection and security
  • Secure backup procedures
  • Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights
  • Document all data breaches, regardless of whether notification is required

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK or EEA, we ensure adequate safeguards are in place, such as:

  • Standard contractual clauses approved by the relevant authorities
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding corporate rules for intra-organizational transfers

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risks to individuals' rights and freedoms.

Third-Party Processors

When we engage third-party processors, we ensure:

  • Written contracts are in place with clear data protection obligations
  • Processors provide sufficient guarantees of technical and organizational security measures
  • We conduct due diligence on processor compliance with GDPR

Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children without parental consent. If you believe we have collected data from a child without proper consent, please contact us immediately.

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: sly-wind.com

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or prominent notice on our website.

Contact Us

For any questions about our GDPR compliance or data protection practices:

Email: [email protected]
Address: 127 Oakfield Road, Clifton, Bristol BS8 2AT, United Kingdom