GDPR Compliance Statement

Last updated: June 1, 2026

Flexorin CapitalTech is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we uphold your data protection rights and our obligations as a data controller.

Our Commitment to Data Protection

We process personal data lawfully, fairly, and transparently. We collect only the data necessary for specified, explicit, and legitimate purposes, and we keep it accurate, secure, and no longer than necessary.

Data Controller Information

Data Controller: Flexorin CapitalTech
Registered Address: 47 Whitehall Gardens, London, W1K 3BD, United Kingdom
Contact Email: [email protected]

Your Rights Under UK GDPR

As a data subject in the United Kingdom, you have the following rights:

1. Right to Be Informed

You have the right to know how your personal data is being collected and used. We provide this information through our Privacy Policy and this GDPR compliance statement.

2. Right of Access

You can request access to the personal data we hold about you. We will provide this information free of charge within one month of your request.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

4. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances, such as when:

The data is no longer necessary for the purpose it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is required for compliance with a legal obligation

5. Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

7. Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

8. Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Write to: Flexorin CapitalTech, 47 Whitehall Gardens, London, W1K 3BD, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this by two additional months, and we will inform you of the extension and the reasons.

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so:

Consent: You have given clear consent for us to process your personal data for a specific purpose
Contract: Processing is necessary for a contract we have with you
Legal Obligation: Processing is necessary to comply with the law
Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and rights do not override those interests

Data Processing Principles

We adhere to the UK GDPR data processing principles:

Lawfulness, fairness, and transparency: We process data legally, fairly, and in a transparent manner
Purpose limitation: We collect data for specified, explicit, and legitimate purposes only
Data minimization: We collect only data that is adequate, relevant, and limited to what is necessary
Accuracy: We keep personal data accurate and up to date
Storage limitation: We retain data only as long as necessary
Integrity and confidentiality: We process data securely with appropriate safeguards
Accountability: We can demonstrate compliance with all principles

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication requirements
Staff training on data protection
Incident response and breach notification procedures
Regular backups and disaster recovery planning

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
Provide information about the nature of the breach, likely consequences, and measures taken or proposed

Third-Party Data Processing

When we engage third-party processors, we ensure:

Only processors providing sufficient guarantees of GDPR compliance are used
Written contracts are in place specifying processor obligations
Processors only process data on our documented instructions
Appropriate security measures are implemented
Processors assist with fulfilling data subject rights requests

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

Adequacy decisions by the UK government
Standard contractual clauses approved by the ICO
Binding corporate rules
Other approved transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Service delivery and client relationship management
Legal, accounting, or reporting requirements
Dispute resolution

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policy.

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. We will post the updated version on this page with a revised date.

Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

However, we encourage you to contact us first so we can address your concerns directly.

Questions or Concerns

If you have any questions about our GDPR compliance or data protection practices, please contact us at [email protected].