Contractual necessity
Processing required to deliver agreed consulting services.
GDPR statement
sparkwing-kite complies with UK GDPR and the Data Protection Act 2018 when processing personal data.
Data controller
sparkwing-kite Ltd, Birmingham, United Kingdom.
Lawful basis for processing
We rely on the lawful bases most appropriate to the engagement.
Legitimate interest
Operational communication and service improvement within reasonable expectations.
Legal obligation
Retention of records required under financial or regulatory obligations.
Data security
We apply technical and organisational safeguards to protect information.
Access controls
Only authorised consultants can access client data, supported by role-based permissions.
Secure storage
Project data is stored using encrypted systems approved for business use.
Ongoing review
We regularly review our data handling practices and update controls as needed.
Individual rights
Individuals can exercise their GDPR rights at any time.
Rights include access, rectification, erasure, restriction, and data portability where applicable. Requests should be sent to [email protected].
Data transfers
We keep data in the UK or EEA, and only use approved processors when necessary.
If any transfer outside the UK or EEA is required, we ensure appropriate safeguards, such as Standard Contractual Clauses.