GDPR Compliance

Last updated: 9 April 2026

Our Commitment to Data Protection

Binary Spark Ltd takes data protection seriously and operates in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains our approach to GDPR compliance and your rights as a data subject.

Data Controller Details

Binary Spark Ltd acts as the data controller for personal information collected through our website and business activities.

  • Company Name: Binary Spark Ltd
  • Registration Number: 09124567
  • Registered Address: 42 Culinary Lane, Manchester M1 4ET, United Kingdom
  • Contact Email: [email protected]

Principles of Data Processing

We adhere to the core principles outlined in GDPR when handling personal data:

Lawfulness, Fairness, and Transparency

Personal data is processed lawfully and transparently. We clearly communicate why we collect information and how it will be used.

Purpose Limitation

Information is collected for specific, explicit purposes and not used in ways incompatible with those purposes.

Data Minimization

We collect only the personal data necessary for our stated purposes, avoiding excessive or irrelevant information gathering.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is corrected or deleted promptly.

Storage Limitation

Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorized access, accidental loss, destruction, or damage.

Accountability

We maintain documentation demonstrating our compliance with GDPR requirements and take responsibility for data protection.

Your Rights Under GDPR

As a data subject, you have specific rights regarding your personal information:

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This is provided through our privacy policy and communications.

Right of Access

You can request access to the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide this information within one month of receiving your request.

Right to Rectification

If personal information we hold is inaccurate or incomplete, you have the right to have it corrected. We will update our records promptly upon notification.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in specific circumstances, such as when it is no longer needed for its original purpose or when you withdraw consent.

Right to Restrict Processing

You can ask us to limit how we use your personal data in certain situations, such as when you contest data accuracy or object to processing.

Right to Data Portability

You can request your personal data in a structured, commonly used format that can be transferred to another organization.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. Should this change, we will inform you and provide appropriate safeguards.

Exercising Your Rights

To exercise any of your GDPR rights, contact us at [email protected] with your request. Please include:

  • Your full name and contact details
  • Specific details of your request
  • Proof of identity if requested (to prevent unauthorized disclosure)

We will respond to your request within one month. In complex cases, this may be extended by up to two additional months, and we will inform you of any delay.

Lawful Basis for Processing

We process personal data under various lawful bases depending on the context:

Consent

Where you have explicitly agreed to our processing of your personal data for specific purposes, such as receiving marketing communications.

Contract Performance

Processing necessary to fulfill contractual obligations when delivering our culinary consulting services.

Legal Obligation

Processing required to comply with legal requirements, including accounting and tax regulations.

Legitimate Interests

Processing necessary for our legitimate business interests, such as maintaining client relationships and improving our services, provided this does not override your fundamental rights.

Data Security

We have implemented technical and organizational security measures to protect personal data:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorized personnel only
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and security best practices
  • Incident response procedures for potential data breaches

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach poses a high risk to your rights, we will also inform you directly without undue delay.

Third-Party Data Processing

When we engage third parties to process personal data on our behalf, we ensure they:

  • Process data only according to our documented instructions
  • Maintain appropriate security measures
  • Comply with GDPR requirements
  • Have data processing agreements in place

International Data Transfers

Personal data is primarily stored and processed within the United Kingdom. If we transfer data to countries outside the UK, we ensure adequate safeguards are in place, such as:

  • Standard contractual clauses approved by the ICO
  • Adequacy decisions recognizing equivalent data protection
  • Appropriate certification mechanisms

Children's Data

Our services are not intended for individuals under 16 years of age. We do not knowingly process children's personal data. If we become aware that we have collected information from a child, we will delete it promptly.

Complaints and Supervisory Authority

If you believe we have not handled your personal data appropriately or complied with GDPR requirements, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

However, we encourage you to contact us first so we can address your concerns directly.

Updates to This Statement

We review our GDPR compliance regularly and may update this statement to reflect changes in our practices or legal requirements. The most current version will always be available on this page.