GDPR Compliance Statement

Last Updated: 23 June 2026

Our Commitment to Data Protection

We are committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals whose personal data we process. This statement outlines how we fulfill our obligations under GDPR.

Data Controller Information

For the purposes of GDPR, the data controller is:

hawk-saga
127 Kensington Gardens
London, W2 4RH
United Kingdom

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. Our processing activities rely on the following legal grounds:

Contractual Performance

Processing is necessary to perform our contractual obligations when providing cleaning services to clients.

Legitimate Interests

We process data where necessary for our legitimate business interests, including:

• Responding to enquiries and service requests
• Maintaining business records and accounting
• Improving service quality and customer satisfaction
• Protecting our business from fraud and security risks

Legal Obligations

We process data to comply with legal requirements, including tax, employment, and health and safety regulations.

Consent

In certain circumstances, we may request your explicit consent for specific processing activities, such as marketing communications.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

In certain circumstances, you can request deletion of your personal data, unless we have a legal obligation to retain it.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format and have it transferred to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]

We will respond to your request within one month, though this may be extended in complex cases. We will inform you if an extension is necessary.

Data Security Measures

We implement appropriate technical and organizational security measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Staff training on data protection practices
• Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to individuals' rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk to their rights
• Document all breaches and our response measures

International Data Transfers

We primarily process data within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding corporate rules for intra-group transfers

Data Protection Officer

For questions about our data protection practices or to exercise your rights, please contact us at [email protected]

Supervisory Authority

You have the right to lodge a complaint with the relevant data protection supervisory authority if you believe we have not handled your personal data properly. In the United Kingdom, this is the Information Commissioner's Office (ICO).

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised date.