GDPR Compliance Policy
Introduction
Stallions Technologies is committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data of individuals in the European Union (EU) and European Economic Area (EEA). This policy outlines our approach to GDPR compliance and explains your rights under this regulation.
Our GDPR Commitment
As a global IT services company operating in the UK and serving clients across the EU, we are committed to transparency, accountability, privacy by design, data minimization, and continuous compliance. We ensure clear communication about data processing, take responsibility for our protection practices, integrate privacy into our systems, collect only necessary data, and regularly review our policies.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive EU data protection law that came into effect on May 25, 2018. It applies to organizations processing personal data of EU/EEA residents, provides enhanced rights to individuals, requires strong data protection measures, and imposes significant penalties for non-compliance of up to 4% of global turnover.
Legal Basis for Data Processing
Under GDPR Article 6, we process personal data based on lawful grounds including consent, contract performance, legitimate interest, legal obligation, vital interest, and public task.
Consent (Article 6(1)(a))
We rely on consent for marketing communications, optional website features such as non-essential cookies, research participation, and event marketing. Consent is freely given, specific, informed, unambiguous, withdrawable at any time, and properly documented.
Contract Performance (Article 6(1)(b))
We process personal data to deliver IT services, manage client accounts, process payments, and communicate on projects where such processing is necessary to fulfill contractual obligations.
Legitimate Interest (Article 6(1)(f))
We process data for internal administration, security monitoring, service improvement, and professional networking, ensuring our legitimate interests are balanced against individual privacy rights.
Legal Obligation (Article 6(1)(c))
Processing is required for regulatory compliance, tax and accounting obligations, employment law requirements, and mandatory data retention periods.
Vital Interest (Article 6(1)(d))
In emergency situations, such as health and safety risks or urgent technical failures, we may process personal data to protect vital interests.
Public Task (Article 6(1)(e))
For government contracts or regulatory reporting obligations, we process personal data in the public interest where required.
Your Rights Under GDPR
As a data subject, you have several important rights regarding your personal data.
Right of Access (Article 15)
You may request confirmation of whether we process your data, what categories we process, the purposes, legal basis, recipients, and retention periods. We respond within one month.
Right to Rectification (Article 16)
You may request correction of inaccurate or incomplete personal data without undue delay.
Right to Erasure (Article 17)
You may request deletion of your data when it is no longer necessary, consent is withdrawn, processing is unlawful, or legal compliance requires erasure, subject to certain limitations.
Right to Restrict Processing (Article 18)
You may request restriction of processing when accuracy is contested, processing is unlawful, or data is required for legal claims.
Right to Data Portability (Article 20)
You may request your data in a structured, machine-readable format such as JSON, CSV, or XML when processing is based on consent or contract and carried out by automated means.
Right to Object (Article 21)
You may object to processing based on legitimate interests or direct marketing. We will stop direct marketing immediately upon objection.
Rights Related to Automated Decision-Making (Article 22)
You have protection against decisions based solely on automated processing that significantly affect you. We do not engage in significant automated decision-making.
Special Categories of Personal Data
We do not routinely collect special category data such as racial origin, political opinions, religious beliefs, biometric data, or health information. Where required, explicit consent and enhanced security measures apply.
Data Protection Principles
We follow GDPR’s principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and integrity and confidentiality.
Data Protection by Design and Default
We implement technical measures such as encryption, access controls, pseudonymization, and network security. Organizational measures include staff training, vendor compliance checks, privacy policies, and structured incident response procedures.
International Data Transfers
When transferring personal data outside the EU/EEA, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), binding corporate rules, certification mechanisms, or explicit consent.
Data Breach Response
We monitor systems for incidents, classify risks, contain breaches promptly, and notify supervisory authorities within 72 hours where required. A dedicated response team manages investigation and compliance.
Data Protection Officer (DPO)
You may contact our Data Protection Officer regarding GDPR matters.
Email: support@stallions.tech
Phone: +44 20 7193 8222
Address: Stallions Technologies, 124 City Road, London EC1V 2NX, United Kingdom
Exercising Your Rights
You may submit requests via email, postal mail, or phone. We require identity verification and respond within one month, generally free of charge.
Complaints and Supervisory Authorities
If unsatisfied with our response, you may contact the Information Commissioner’s Office (ICO) in the UK or your local EU data protection authority.
Regular Reviews and Updates
We conduct annual policy reviews, risk assessments, staff training updates, vendor compliance checks, and continuous monitoring to ensure ongoing GDPR compliance.
Contact Information
Stallions Technologies
Email: support@stallions.tech
Phone: +44 20 7193 8222
Additional Resources
Privacy Policy
Cookie Policy
Data Subject Request Form
Terms of Service
Security Information
If you want, I can now:
• Format this as collapsible accordions (better UX)
• Convert into structured FAQ schema for SEO
• Create a shorter website-friendly version (less legal-heavy)
• Or prepare a downloadable PDF-ready version
Just tell me what you prefer.