GDPR Compliance

Desir Filon is committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page provides detailed information about how we handle personal data and your rights as a data subject.

Data Controller

Desir Filon acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact details:
Desir Filon
14 Finsbury Square
London EC2A 1BR
United Kingdom
Email: [email protected]

Lawful Bases for Processing

Under GDPR, we must have a valid lawful basis to process your personal data. We rely on the following bases:

Consent (Article 6(1)(a))

Where you have given clear consent for us to process your personal data for a specific purpose, such as:

• Subscribing to our newsletter or research updates
• Opting in to receive marketing communications
• Providing additional information about your interests

You may withdraw consent at any time by contacting us or using the unsubscribe link in our communications.

Contract (Article 6(1)(b))

Processing necessary for the performance of a contract or to take steps prior to entering into a contract, such as:

• Processing enquiries about our services
• Delivering consulting services you have engaged
• Managing client relationships and communications

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests, provided these do not override your fundamental rights and freedoms:

• Improving our website and services based on usage patterns
• Ensuring network and information security
• Administering and protecting our business

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data along with information about how we process it.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing (Article 18)

You may request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects. We do not currently engage in such automated decision-making.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by a further two months, but we will inform you within one month if this is necessary.

We may need to verify your identity before processing your request. There is generally no charge for exercising your rights, though we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Data Transfers

When we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Transfers to countries with an adequacy decision
• Binding corporate rules (where applicable)

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Retention periods vary based on:

• The nature of the data and our relationship with you
• Legal requirements and statutory limitations
• Business needs and legitimate interests

Enquiry data is typically retained for 24 months after our last interaction. Client engagement data may be retained longer to comply with legal and professional obligations.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Access controls and authentication procedures
• Regular security assessments and audits
• Staff training on data protection
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Complaints

If you are not satisfied with how we have handled your personal data or responded to your requests, you have the right to lodge a complaint with a supervisory authority. In the UK, this is:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.