GDPR Compliance

Last updated: June 2, 2026

Our Commitment to Data Protection

Tangible Knowledge is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and respect your rights as a data subject.

Data Controller

Tangible Knowledge acts as the data controller for personal information collected through our website and services. We determine the purposes and means of processing your personal data.

Contact Details:
Email: [email protected]
Address: 42 Ashwood Lane, Bridgnorth, Shropshire WV16 4DN, United Kingdom

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to fulfill a contract with you
  • Legal Obligation: When we must process data to comply with legal requirements
  • Legitimate Interests: When processing serves our legitimate business interests without overriding your rights

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy and this GDPR page.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive multiple requests, this may be extended by up to two additional months, and we will inform you of the extension.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach poses a high risk to you, we will also notify you directly without undue delay.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risks to individuals' rights and freedoms.

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we ensure they provide sufficient guarantees to implement appropriate technical and organizational measures. Data processing agreements are in place with all processors.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

Children's Data

Our services are not directed to children under 18. We do not knowingly collect or process personal data from children without parental consent.

Retention Periods

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Typical retention periods include:

  • Client project records: 7 years
  • Email correspondence: 3 years
  • Website analytics: 26 months
  • Marketing consent records: Duration of consent plus 3 years

Complaints

If you have concerns about how we handle your personal data, please contact us first. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Page

We review and update this GDPR compliance information regularly to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates when the most recent changes were made.