Information on this site is advertising in nature

GDPR Compliance

Our commitment to protecting your data rights

Last Updated: January 2026

comet-sparrow is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about how we process personal data in accordance with these regulations.

Data Controller

comet-sparrow acts as the data controller for personal information collected through this website and our services. As data controller, we determine the purposes and means of processing personal data and are responsible for ensuring compliance with data protection legislation.

Contact Details:
comet-sparrow
45 Colmore Row
Birmingham, B3 2AA
United Kingdom
Email: [email protected]

Categories of Personal Data

We process the following categories of personal data:

  • Identity Data: First name, last name, title
  • Contact Data: Email address, postal address
  • Technical Data: IP address (anonymised), browser type, device information
  • Usage Data: Information about how you use our website and services
  • Financial Data: Information you provide during consultations (processed with explicit consent)
  • Communication Data: Your preferences in receiving communications from us

Lawful Bases for Processing

We rely on the following lawful bases for processing your personal data:

  • Consent (Article 6(1)(a)): For marketing communications and processing of special category data
  • Contract (Article 6(1)(b)): To perform our contractual obligations to you when providing services
  • Legal Obligation (Article 6(1)(c)): To comply with legal and regulatory requirements
  • Legitimate Interests (Article 6(1)(f)): For business operations, improving services, and ensuring security

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided through this GDPR page and our Privacy Policy.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a "subject access request". We will respond within one month of receiving your request.

Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete. Please contact us if you believe any information we hold about you is incorrect.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purpose it was collected, or where you withdraw consent.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making systems.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond to your request within one month, though this period may be extended by two further months for complex requests.

There is no fee for exercising your rights, although we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Staff training on data protection
  • Access controls to limit who can view personal data
  • Secure disposal of data when no longer needed

International Transfers

We do not routinely transfer personal data outside the United Kingdom. If such transfers become necessary, we will ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities.

Data Breach Procedures

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where a breach is likely to result in a high risk to your rights and freedoms, we will also inform you directly.

Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us in the first instance.

Updates to This Information

We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date.

We use cookies to improve your experience on our site. By continuing to browse, you agree to our use of cookies. Learn more