GDPR Compliance

Last updated: 25 June 2026

1. Our Commitment to GDPR

keen-stone is committed to ensuring that your privacy is protected and that we handle your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our GDPR compliance practices and your rights as a data subject.

2. Data Controller

For the purposes of data protection legislation, keen-stone is the data controller responsible for processing your personal data. Our contact details are:

keen-stone
47 Marchmont Street
London WC1N 1AP
United Kingdom

Email: [email protected]

3. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate personal data we hold about you, and to complete any incomplete data.

Right to Erasure (Article 17)

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

4. How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with your request. We will respond to your request within one month of receipt. If we need to extend this period due to the complexity of your request, we will inform you within the initial one-month period.

To help us process your request efficiently, please provide:

• Your full name and contact information
• A description of the right you wish to exercise
• Any information that may help us identify and locate your data

5. Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: Where you have explicitly agreed to our processing of your data for specific purposes. You may withdraw consent at any time.
• Contract: Where processing is necessary to perform our contract with you or to take pre-contractual steps at your request.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services, provided this does not override your fundamental rights.
• Legal Obligation: Where processing is necessary to comply with legal requirements.

6. Data Protection Measures

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and testing
• Access controls and authentication measures
• Staff training on data protection
• Incident response procedures

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

8. International Data Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner, or transfers to countries with adequacy decisions.

9. Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

10. Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.