GDPR Compliance Statement

Last Updated: 18 June 2026

echo-volt is committed to complying with the General Data Protection Regulation (GDPR) and UK data protection legislation. This statement outlines how we protect your rights and handle personal data in accordance with these regulations.

1. Legal Basis for Processing

We process personal data only when we have a valid legal basis. Our processing activities rely on the following lawful bases:

Consent: When you voluntarily provide information through our contact forms or service requests
Legitimate Interests: To respond to inquiries, improve our services, and maintain website security
Contractual Necessity: To fulfill service agreements with clients
Legal Obligations: To comply with applicable laws and regulations

2. Data Subject Rights

Under GDPR, you have comprehensive rights regarding your personal data:

Right of Access

You may request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You can request correction of inaccurate or incomplete personal information we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restriction of Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the information.

Right to Data Portability

You may request your personal data in a structured, commonly used, and machine-readable format for transmission to another organization.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant impact. We do not currently employ such automated decision-making processes.

Exercising Your Rights: To exercise any of these rights, contact us at [email protected] with your specific request. We will respond within thirty days and verify your identity before processing the request.

3. Data Protection Principles

We adhere to the following GDPR principles when handling personal data:

Lawfulness, Fairness, and Transparency: We process data legally, fairly, and in a transparent manner
Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes
Data Minimization: We collect only the data necessary for the stated purposes
Accuracy: We take reasonable steps to ensure personal data is accurate and up to date
Storage Limitation: Data is retained only as long as necessary for its purpose
Integrity and Confidentiality: We implement appropriate security measures to protect your data
Accountability: We are responsible for demonstrating compliance with these principles

4. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by the European Commission
Adequacy decisions confirming equivalent data protection standards
Other legally recognized transfer mechanisms

5. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two hours of becoming aware of the breach. If the breach presents a high risk to you, we will also communicate the breach directly to you without undue delay.

6. Data Protection Officer

While we are not legally required to appoint a Data Protection Officer, we have designated personnel responsible for overseeing data protection compliance. For data protection inquiries, contact us at [email protected].

7. Children's Data

We do not knowingly process personal data of individuals under the age of eighteen. Our services are directed toward businesses and adult decision-makers.

8. Cookies and Tracking

Our website uses cookies and similar technologies. You can manage your cookie preferences at any time. For detailed information, see our Cookies Policy.

9. Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we ensure they:

Process data only according to our documented instructions
Maintain appropriate technical and organizational security measures
Comply with GDPR requirements
Are bound by confidentiality obligations

10. Retention Periods

We retain personal data for different periods depending on the purpose:

Service inquiry data: Three years from last contact
Client contract data: Seven years following contract termination for legal and tax purposes
Website analytics: Anonymized after fourteen months
Marketing consent records: Until consent is withdrawn

11. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk

12. Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The revision date at the top of this page indicates when the statement was last modified.

13. Contact Us

For GDPR-related questions or to exercise your rights:

Email: [email protected]

Address: 127 Riverside Quarter, Bristol BS1 4RW, United Kingdom