GDPR Compliance

Last updated: 25 June 2026

Our Commitment

We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we ensure compliance with GDPR requirements and how you can exercise your rights.

Data Controller

For the purposes of GDPR, the data controller is ash-quest, located at 42 Clerkenwell Road, London EC1M 5PS, United Kingdom. We are responsible for determining how and why your personal data is processed.

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly when processing is based on legitimate interests.

Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at: [email protected]

We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by two further months, but we will inform you of any such extension.

Data Protection Principles

We ensure that all personal data is:

  • Processed lawfully, fairly, and transparently
  • Collected for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Kept for no longer than necessary
  • Processed in a secure manner

Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

International Data Transfers

We do not routinely transfer personal data outside the European Economic Area. If such transfers become necessary, we will ensure appropriate safeguards are in place in accordance with GDPR requirements.

Contact the Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO at www.ico.org.uk

Updates to This Page

We may update this GDPR compliance information from time to time. We will notify you of any significant changes by posting a notice on our website.