GDPR Compliance

Last updated: May 10, 2026

Our Commitment to Data Protection

Rustic Mariner is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR). This page outlines your rights and how we ensure compliance with data protection laws.

Data Controller

Rustic Mariner acts as the data controller for the personal information we collect and process. Our contact details are:

Rustic Mariner
47 Wentworth Street
London E1 7TB
United Kingdom
Email: [email protected]

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract
  • Legal Obligation: When we must process your data to comply with legal requirements
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms

Your Rights Under GDPR

Under the GDPR and UK GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction.

Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restriction of Processing

You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis for processing.

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state or UK region where you live, work, or where an alleged infringement occurred. In the UK, the supervisory authority is the Information Commissioner's Office (ICO).

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months in complex cases.

We may need to verify your identity before processing your request. We will not charge a fee for processing requests unless they are manifestly unfounded, excessive, or repetitive.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Staff training on data protection principles
  • Incident response and breach notification procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.

International Data Transfers

We primarily process data within the United Kingdom and European Economic Area. If we transfer your personal data outside these regions, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you can contact our data protection representative at [email protected].

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.