GDPR Compliance

Last updated: May 10, 2026

Our Commitment to GDPR

core-shard is committed to ensuring compliance with the General Data Protection Regulation (GDPR). This page provides information about how we handle your personal data in accordance with GDPR requirements.

Data Controller

For the purposes of GDPR, core-shard is the data controller responsible for your personal data.

Contact details:
Email: [email protected]
Address: 124 Bishopsgate, London EC2M 4HE, United Kingdom

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legal Obligation: Where processing is necessary to comply with legal obligations
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request access to the personal data we hold about you. You can request a copy of your personal data free of charge.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you have the right to request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month of receipt.

Please provide the following information with your request:

  • Your full name
  • Email address associated with your data
  • Specific right you wish to exercise
  • Any additional information relevant to your request

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication measures
  • Staff training on data protection
  • Incident response procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Service delivery and customer relationship management
  • Legal and regulatory compliance
  • Resolution of disputes
  • Enforcement of agreements

When personal data is no longer required, we securely delete or anonymize it.

International Data Transfers

If we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.

Contact the Supervisory Authority

If you have concerns about how we handle your personal data, you can contact the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: core-shard.com
Telephone: 0303 123 1113

Questions and Concerns

If you have any questions or concerns about our GDPR compliance, please contact us at [email protected].