GuardianHub is fully committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We process personal data lawfully, fairly, and transparently.
We process personal data based on: (a) performance of a contract, (b) compliance with legal obligations, (c) legitimate interests, and (d) consent where required. The specific basis depends on the nature of the data and processing activity.
For enterprise clients, we provide a Data Processing Agreement (DPA) that covers roles and responsibilities, subprocessor management, security measures, breach notification, and data subject request handling procedures.
GuardianHub stores and processes data within the UK and European Economic Area (EEA). Where international transfers are necessary, we rely on Standard Contractual Clauses (SCCs) and adequacy decisions to ensure compliant data flows.
You have the right to: access your data, request correction, request erasure ("right to be forgotten"), restrict processing, object to processing, data portability, and not be subject to automated decision-making. Submit requests to dpo@guardianhub.com.
In the unlikely event of a personal data breach, we will notify affected users and relevant supervisory authorities within 72 hours as required by GDPR Article 33.