GDPR Compliance Statement

Last updated: May 10, 2026

1. Our Commitment to GDPR

stormbringer-route is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA) and United Kingdom.

2. Data Controller

For the purposes of GDPR, stormbringer-route is the data controller responsible for your personal data.

Contact details:
Email: [email protected]
Address: Riverside House, 42 Cannon Street, London EC4N 6JJ, United Kingdom

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

3.1 Right to Access

You have the right to request access to your personal data and receive information about how we process it.

3.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

3.3 Right to Erasure (Right to be Forgotten)

In certain circumstances, you have the right to request that we delete your personal data.

3.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

3.6 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

3.7 Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

3.8 Right to Withdraw Consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time.

4. How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months where necessary.

When submitting a request, please provide sufficient information to allow us to verify your identity and locate your data.

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: Where you have given us explicit consent to process your data
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legal Obligation: Where we are required to process your data to comply with the law
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights

6. Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection and security
  • Incident response procedures

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. Where required, we will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

8. International Data Transfers

We primarily process data within the United Kingdom and EEA. If we transfer your personal data outside these regions, we will ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses
  • Binding corporate rules

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Financial services regulations may require us to retain certain information for specific periods.

10. Third-Party Processing

Where we engage third-party service providers to process personal data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance through written contracts.

11. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

In the UK, the relevant authority is the Information Commissioner's Office (ICO):
Website: stormbringer-route.com
Phone: 0303 123 1113

12. Updates to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes.

13. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us:

Email: [email protected]
Address: Riverside House, 42 Cannon Street, London EC4N 6JJ, United Kingdom