GDPR Compliance

Last updated: June 1, 2026

Our Commitment to Data Protection

Flexorin CapitalTech is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides information about how we comply with data protection laws and your rights as a data subject.

Data Controller

For the purposes of UK data protection legislation, Flexorin CapitalTech is the data controller responsible for your personal data.

Flexorin CapitalTech
47 Bedford Square
London WC1B 3DP
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The lawful bases we rely on include:

Consent

We may process your data based on your consent when you:

  • Submit a contact form or consultation request
  • Subscribe to our communications
  • Agree to participate in optional surveys or feedback

You have the right to withdraw your consent at any time by contacting us.

Contract Performance

We process your data when necessary to perform a contract with you, such as when you engage our services or participate in our programs.

Legitimate Interests

We may process your data based on our legitimate business interests, such as:

  • Improving our services and website functionality
  • Analyzing how our services are used
  • Detecting and preventing fraud
  • Maintaining the security of our systems

We always balance our legitimate interests against your rights and freedoms.

Legal Obligation

We process certain data to comply with legal obligations, such as tax and accounting requirements.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

1. Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy and this GDPR page.

2. Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information free of charge within one month of your request.

3. Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you can request that we correct or complete it.

4. Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

5. Right to Restrict Processing

You can request that we restrict how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.

7. Right to Object

You can object to processing of your personal data where we rely on legitimate interests as the legal basis. You also have an absolute right to object to processing for direct marketing purposes.

8. Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

  • Email: [email protected]
  • Write to: Data Protection Officer, Flexorin CapitalTech, 47 Bedford Square, London WC1B 3DP, United Kingdom

We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by two further months, in which case we will inform you.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication measures
  • Employee training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where required by law.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and purpose:

  • Contact form inquiries: Up to 2 years from last contact
  • Client data: Duration of engagement plus 7 years for tax and legal compliance
  • Marketing communications: Until you unsubscribe or 3 years of inactivity
  • Website analytics: Up to 26 months

International Data Transfers

We primarily process data within the United Kingdom. If we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses
  • Binding corporate rules

Third-Party Processors

We may engage third-party service providers to process personal data on our behalf. When we do so, we:

  • Only use processors that provide sufficient guarantees of compliance with UK GDPR
  • Enter into written contracts that specify their data processing obligations
  • Ensure they process data only on our instructions
  • Verify they maintain appropriate security measures

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it promptly.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Tel: 0303 123 1113
Website: www.ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

Updates to This Page

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will post any updates on this page with a revised "Last updated" date.

Contact Us

If you have questions about our GDPR compliance or data protection practices, please contact us:

Email: [email protected]
Address: 47 Bedford Square, London WC1B 3DP, United Kingdom