GDPR Compliance

Last updated: May 19, 2026

Ancient Breeze is committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data of our clients and website visitors.

Data Controller

Ancient Breeze acts as the data controller for personal information collected through our website and business operations.

Contact details:
Ancient Breeze
42 Merchant Street
Bristol BS1 3DX
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract: When processing is necessary to fulfill our contractual obligations
• Legitimate interests: When we have a legitimate business reason that doesn't override your rights
• Legal obligation: When required by law

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format.

Right to Object

You can object to processing based on legitimate interests or direct marketing.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Secure data backup procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Typical retention periods include:

• Client project data: 7 years after project completion
• Marketing communications: Until consent is withdrawn
• Website enquiries: 2 years from last contact

International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement from time to time. Please check this page regularly for updates.