GDPR Compliance Statement

Last updated: May 10, 2026

Our Commitment to Data Protection

solar-flutter is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibility to protect your personal data seriously and have implemented comprehensive measures to ensure compliance.

Data Controller Information

Data Controller: solar-flutter
Registered Address: 47 Kensington Gardens, London W2 4DT, United Kingdom
Contact Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis under UK GDPR. Our processing activities are based on:

Consent (Article 6(1)(a))

We obtain explicit consent for marketing communications and certain data processing activities. You may withdraw consent at any time.

Contract (Article 6(1)(b))

Processing necessary to fulfill our contractual obligations when you engage our consulting services.

Legal Obligation (Article 6(1)(c))

Processing required to comply with legal requirements, including tax, accounting, and regulatory obligations.

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests, including:

• Website analytics and improvement
• Fraud prevention and security
• Business development and research
• Internal administrative purposes

Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you, along with information about how we use it.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent and no other legal basis exists
• You object to processing and no overriding legitimate grounds exist
• The data has been unlawfully processed
• Legal obligations require erasure

Right to Restriction (Article 18)

You can request limitation of processing in specific circumstances.

Right to Data Portability (Article 20)

You can request transfer of your data in a structured, commonly used format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

• Email: [email protected]
• Subject line: "GDPR Data Subject Request"
• Include: Your name, contact details, and specific request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you accordingly.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Staff training on data protection principles
• Incident response and breach notification procedures
• Regular backups and disaster recovery planning

Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all breaches and remedial actions taken

Third-Party Data Processors

We carefully select third-party service providers and ensure they:

• Provide sufficient guarantees of data protection compliance
• Process data only on our documented instructions
• Maintain appropriate security measures
• Comply with UK GDPR requirements

We maintain written contracts with all data processors.

Data Retention

We retain personal data only as long as necessary for its purpose:

• Inquiry Data: 3 years from last contact
• Client Records: 7 years after service completion (legal requirement)
• Financial Records: 7 years (legal requirement)
• Marketing Consent: Until consent is withdrawn
• Website Analytics: 26 months

International Data Transfers

If we transfer your data outside the UK, we ensure adequate protection through:

• UK adequacy decisions
• Standard contractual clauses approved by the ICO
• Binding corporate rules
• Other appropriate safeguards as recognized under UK GDPR

Children's Data

We do not knowingly process personal data of individuals under 18 years of age. Our services are designed for business professionals and organizations.

Privacy by Design and Default

We implement data protection principles into all our systems and processes:

• Data minimization - collecting only necessary information
• Purpose limitation - using data only for specified purposes
• Storage limitation - retaining data only as long as necessary
• Integrity and confidentiality - ensuring appropriate security

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website.

Complaints and Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the UK Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Tel: 0303 123 1113
Website: solar-flutter.com

Contact Our Data Protection Officer

For questions about data protection or to exercise your rights:

Email: [email protected]
Subject: GDPR Inquiry