GDPR Compliance Information

Last Updated: May 11, 2026

Our Commitment to GDPR Compliance

zenith-ledge is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page provides information about how we fulfill our obligations under GDPR and how you can exercise your data protection rights.

Data Controller Information

Data Controller: zenith-ledge
Registered Address: 47 Whitfield Street, London W1T 4HB, United Kingdom
Contact Email: [email protected]

What Personal Data We Collect

We collect and process the following categories of personal data:

Identity data: Name, job title, company name
Contact data: Email address, postal address
Technical data: IP address, browser type, device information
Usage data: How you interact with our website
Communications data: Your inquiries, requests, and any correspondence with us
Professional data: Business information relevant to our consulting services

Legal Basis for Processing

We only process your personal data when we have a legal basis to do so. Our legal bases include:

Consent

When you provide explicit consent for us to process your data for specific purposes, such as:

Subscribing to marketing communications
Accepting cookies beyond strictly necessary ones
Participating in surveys or feedback requests

You can withdraw consent at any time by contacting us or using the unsubscribe mechanism in our communications.

Contractual Necessity

Processing your data is necessary to:

Respond to service inquiries
Deliver consulting services you've engaged us for
Fulfill our contractual obligations

Legal Obligation

We process data to comply with legal requirements, such as:

Financial record-keeping and tax obligations
Responding to lawful requests from authorities
Complying with applicable regulations

Legitimate Interests

We may process data based on our legitimate business interests, provided these do not override your rights:

Improving our website and services
Detecting and preventing fraud
Ensuring network and information security
Business development and strategic planning

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access (Article 15)

You have the right to request confirmation of whether we process your personal data and obtain a copy of your data. We will provide this information in a commonly used electronic format.

2. Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. We will update your information within one month of verification.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

The data is no longer necessary for the purposes it was collected
You withdraw consent and there's no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data was unlawfully processed
Deletion is required to comply with a legal obligation

Note: We may retain certain data when required by law or for legitimate business purposes (e.g., financial records).

4. Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data in certain circumstances:

You contest the accuracy of the data
Processing is unlawful but you don't want the data erased
We no longer need the data but you need it for legal claims
You've objected to processing while we verify legitimate grounds

5. Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller when:

Processing is based on consent or contract
Processing is carried out by automated means

6. Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not currently engage in automated decision-making of this nature.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected] with "GDPR Request" in the subject line
Post: 47 Whitfield Street, London W1T 4HB, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

Verification Process

To protect your privacy, we may request additional information to verify your identity before processing requests related to personal data.

No Fee

You will not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

Encryption of data in transit (TLS/SSL) and at rest
Regular security assessments and vulnerability testing
Access controls and authentication requirements
Staff training on data protection and security
Incident response and breach notification procedures
Regular backups with secure storage

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware
Notify affected individuals without undue delay if the breach poses a high risk
Document all data breaches, including facts, effects, and remedial action

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Transfer to countries with an adequacy decision
Other approved transfer mechanisms under GDPR

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

Inquiry data: 24 months from last contact
Client data: 7 years after engagement completion (legal requirement)
Marketing data: Until consent is withdrawn
Website analytics: 26 months

Data Protection by Design and Default

We implement data protection principles into our systems and processes:

Minimizing data collection to what is necessary
Implementing privacy-friendly default settings
Conducting Data Protection Impact Assessments (DPIAs) when required
Regular reviews of data processing activities

Third-Party Processors

We work with carefully selected third-party processors who assist in delivering our services. All processors:

Are bound by data processing agreements compliant with GDPR
Provide appropriate security measures
Only process data according to our documented instructions
Assist with data subject requests when required

Children's Data

Our services are not directed at children under 16. We do not knowingly collect or process data from children. If you believe we have inadvertently collected such data, please contact us immediately.

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

UK Supervisory Authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: https://zenith-ledge.com

Updates to This Information

We may update this GDPR information to reflect changes in our practices or legal requirements. Material changes will be communicated through our website and, where appropriate, via email.

Questions and Contact

If you have questions about our GDPR compliance or how we process your data, please contact us:

Email: [email protected]
Subject Line: GDPR Inquiry
Address: 47 Whitfield Street, London W1T 4HB, United Kingdom