GDPR Compliance Statement

Last Updated: May 17, 2026

Our Commitment to GDPR

nano-spark is fully committed to compliance with the General Data Protection Regulation (GDPR). We take our responsibilities seriously and have implemented comprehensive measures to protect your personal data and respect your privacy rights.

Data Controller Information

nano-spark
45 Whitfield Street
London W1T 4HB
United Kingdom
Email: [email protected]

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.

Right to Rectification

You have the right to request correction of any information you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data under certain conditions, including when:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain conditions.

Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis, or where we use your data for direct marketing.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with:

• Your full name and contact details
• Description of your request
• Any relevant reference numbers or account information

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Lawful Basis for Processing

We process personal data only when we have a lawful basis:

• Consent: You have given clear consent for us to process your data for specific purposes
• Contract: Processing is necessary to fulfill a contract with you
• Legal obligation: Processing is necessary to comply with legal requirements
• Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

Data Protection Principles

We adhere to GDPR's core principles:

• Lawfulness, fairness, transparency: We process data lawfully and transparently
• Purpose limitation: We collect data for specified, explicit purposes
• Data minimization: We collect only necessary data
• Accuracy: We keep data accurate and up to date
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We protect data with appropriate security measures
• Accountability: We demonstrate compliance with these principles

Data Security Measures

We implement appropriate technical and organizational measures including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours and inform affected individuals without undue delay.

Third-Party Processors

When we engage third-party processors, we ensure they:

• Provide sufficient guarantees of GDPR compliance
• Process data only on our documented instructions
• Maintain appropriate security measures
• Have data processing agreements in place

International Data Transfers

When we transfer data outside the European Economic Area, we ensure appropriate safeguards are in place through:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions for certain countries
• Binding corporate rules where applicable

Children's Data

We do not knowingly collect or process personal data from children under 16 without parental consent. If we become aware of such collection, we will delete the data immediately.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, place of work, or place of alleged infringement.

UK supervisory authority:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. We will post any updates on this page with a revised date.

Contact Us

For questions about GDPR compliance or to exercise your rights, contact us at:

Email: [email protected]
Address: 45 Whitfield Street, London W1T 4HB, United Kingdom