GDPR Compliance

Your data protection rights and our compliance commitment

Last updated: 1 January 2026

Our Commitment to Data Protection

silicon-drone takes the protection of your personal data seriously. We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides additional information about how we meet our data protection obligations and how you can exercise your rights.

Data Controller Information

silicon-drone is the data controller for personal information collected through our website and services. Our contact details are:

silicon-drone
47 Grey Street
Newcastle upon Tyne
NE1 6EE
United Kingdom

Email: [email protected]
ICO Registration Number: ZA234567

Lawful Bases for Processing

Under UK GDPR, we must have a valid legal basis for processing your personal data. Depending on the nature of our relationship with you, we rely on the following lawful bases:

Performance of a Contract

When you engage our consulting services, we process your personal and financial information to fulfil our contractual obligations. This includes creating financial analyses, preparing recommendations, and maintaining service records.

Legitimate Interests

We may process certain data based on our legitimate business interests, provided these do not override your fundamental rights. Examples include maintaining business records, improving our services, and protecting against fraud.

Legal Obligation

In some cases, we must process data to comply with legal requirements, such as anti-money laundering regulations, tax obligations, or responding to valid legal requests.

Consent

For certain activities, such as sending marketing communications or placing non-essential cookies, we will seek your explicit consent. You may withdraw this consent at any time.

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right to Be Informed

You have the right to clear, transparent information about how we use your data. Our Privacy Policy and this GDPR page fulfil this obligation.

Right of Access

You may request a copy of the personal data we hold about you. We will respond to such requests within one month and provide the information free of charge, unless the request is manifestly unfounded or excessive.

Right to Rectification

If any personal information we hold is inaccurate or incomplete, you have the right to request its correction. We will make corrections within one month of your request.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.

Right to Restrict Processing

You may request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data or object to processing while we verify legitimate grounds.

Right to Data Portability

Where technically feasible, you may request your personal data in a structured, commonly used, machine-readable format, and have it transferred to another organisation.

Right to Object

You have the right to object to processing based on legitimate interests or direct marketing at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making in our services.

How to Exercise Your Rights

To make a request regarding any of your data protection rights, please contact us at:

Email: [email protected]
Subject line: Data Protection Request

Please provide sufficient information to verify your identity and specify which right you wish to exercise. We may request additional information to confirm your identity before processing your request.

We will acknowledge your request within 72 hours and provide a substantive response within one month. If your request is complex or we receive multiple requests, we may extend this period by up to two months, but we will inform you of any delay within the initial one-month period.

Data Protection Principles

We adhere to the seven key principles of UK GDPR:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimisation: We ensure data collected is adequate, relevant, and limited to what is necessary
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We ensure appropriate security of personal data
  • Accountability: We demonstrate compliance with these principles

Data Breach Procedures

In the unlikely event of a personal data breach, we have procedures in place to:

  • Detect, investigate, and report breaches promptly
  • Notify the Information Commissioner's Office within 72 hours where required
  • Inform affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms
  • Document all breaches and actions taken

Data Protection Impact Assessments

For processing activities that present high risks to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs). These assessments help us identify and mitigate data protection risks before they materialise.

Staff Training and Awareness

All silicon-drone staff receive comprehensive data protection training as part of their induction and ongoing professional development. This ensures everyone handling personal data understands their responsibilities under UK GDPR.

Third-Party Processors

Where we engage third parties to process personal data on our behalf, we ensure:

  • Written contracts are in place with all processors
  • Processors provide sufficient guarantees regarding technical and organisational measures
  • Processing is carried out only on our documented instructions
  • Processors maintain confidentiality and implement appropriate security measures

Complaints

If you are dissatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: ico.org.uk
Helpline: 0303 123 1113

However, we would appreciate the opportunity to address your concerns directly before you approach the ICO, so please contact us first.

Updates to This Information

We review and update our GDPR compliance documentation regularly to ensure it remains accurate and reflects current practices. Significant changes will be communicated through our website.