GDPR Compliance

Last updated: 31 March 2026

Our Commitment to Data Protection

Forward Motion Limited complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our data protection responsibilities seriously and have implemented comprehensive measures to ensure your personal information receives appropriate protection.

This page provides detailed information about your rights under UK GDPR and how we fulfil our obligations as a data controller.

Data Controller Details

For the purposes of UK data protection legislation, the data controller is:

Forward Motion Limited
27 Kensington Gardens
London, W2 4BQ
United Kingdom
Company Number: 11456789
Email: [email protected]

Your Rights Under UK GDPR

UK GDPR grants you comprehensive rights regarding your personal data. We respect these rights and have established procedures to facilitate their exercise.

Right of Access

You can request confirmation of whether we process your personal data and, if so, access to that data. This includes information about:

  • What personal data we hold about you
  • Why we process it
  • Who we share it with
  • How long we retain it
  • Where we obtained it

We provide this information free of charge in most cases. Excessive or repetitive requests may incur reasonable administrative fees.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you can request correction. We update or complete your data promptly upon verification of the correct information.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in specific circumstances:

  • The data is no longer necessary for the purposes we collected it
  • You withdraw consent and we have no other legal basis for processing
  • You object to processing and we have no overriding legitimate grounds
  • We processed your data unlawfully
  • Legal obligations require erasure

This right is not absolute. We may need to retain certain information to comply with legal obligations or establish legal claims.

Right to Restriction of Processing

You can request we limit how we use your personal data in certain situations:

  • You contest the accuracy of the data
  • Processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you require it for legal claims
  • You've objected to processing pending verification of legitimate grounds

When processing is restricted, we store your data but don't actively use it without your consent, except for legal claims or protecting others' rights.

Right to Data Portability

You can receive personal data you provided to us in a structured, commonly used, machine-readable format. This right applies when:

  • Processing is based on consent or contract performance
  • Processing is carried out by automated means

Where technically feasible, you can request we transmit this data directly to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. When you object to marketing communications, we cease such processing immediately. For objections based on legitimate interests, we assess whether compelling legitimate grounds override your rights.

Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling. Currently, we don't engage in automated decision-making that produces legal effects or similarly significantly affects you. Should this change, we'll provide appropriate information and safeguards.

Exercising Your Rights

To exercise any of your data protection rights, contact us at [email protected] with details of your request. Include sufficient information to allow us to verify your identity and locate your data.

We respond to requests within one month of receipt. Complex requests or multiple requests may require up to two additional months, about which we'll inform you within the initial month.

We don't charge fees for most requests unless they're manifestly unfounded, excessive, or repetitive. In such cases, we may charge reasonable administrative fees or refuse the request.

Lawful Basis for Processing

We process personal data only when we have a lawful basis:

Consent

We process certain data based on your explicit consent, particularly for marketing communications. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Contract Performance

Processing is necessary to fulfil contractual obligations when you purchase from us or engage our services. This includes processing orders, arranging delivery, and providing customer support.

Legal Obligation

We process data to comply with legal requirements, including tax regulations, accounting standards, and consumer protection laws.

Legitimate Interests

We process data for legitimate business interests, including:

  • Improving our products and services
  • Ensuring website security
  • Preventing fraud
  • Understanding customer preferences
  • Managing business operations efficiently

We balance these interests against your rights and freedoms, ensuring appropriate safeguards.

Data Protection Principles

We adhere to UK GDPR's core principles, ensuring personal data is:

  • Processed lawfully, fairly, and transparently: We're open about our processing activities and maintain lawful bases for all processing
  • Collected for specified, explicit purposes: We clearly define why we collect data and don't use it for incompatible purposes
  • Adequate, relevant, and limited: We collect only data necessary for stated purposes
  • Accurate and up to date: We maintain data accuracy and correct errors promptly
  • Retained no longer than necessary: We implement retention schedules ensuring data isn't kept unnecessarily
  • Processed securely: We employ appropriate technical and organisational measures protecting against unauthorised access, loss, or damage

International Transfers

We primarily process data within the United Kingdom. When transfers to countries outside the UK occur, we ensure appropriate safeguards protect your information, including:

  • Standard contractual clauses approved by UK authorities
  • Adequacy decisions recognising equivalent data protection
  • Binding corporate rules where applicable

We assess third-party processors' data protection practices before engaging their services.

Data Breach Procedures

We maintain procedures to detect, report, and investigate personal data breaches. Should a breach occur that's likely to result in risk to your rights and freedoms, we'll notify you without undue delay. Where required, we report breaches to the Information Commissioner's Office within 72 hours of becoming aware.

Data Protection by Design and Default

We implement data protection principles from the earliest stages of system design and throughout data processing. This includes:

  • Minimising data collection to essential information
  • Pseudonymising and encrypting data where appropriate
  • Ensuring confidentiality, integrity, and availability of systems
  • Regular testing and evaluation of security measures
  • Privacy settings defaulting to most protective options

Children's Data

We don't knowingly process personal data of children under 16 without parental consent. Our services target adults, and we take reasonable steps to verify user age where appropriate. If we discover we've collected children's data without proper consent, we delete it promptly.

Complaints

If you believe we've processed your personal data unlawfully or violated your rights, please contact us first so we can address your concerns. You also have the right to lodge complaints with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Information

We review and update our GDPR compliance information regularly to reflect changes in legislation, guidance from supervisory authorities, or our processing activities. Significant changes will be communicated through our website.

Further Information

For detailed information about our data processing practices, see our Privacy Policy. For questions specifically about GDPR compliance or exercising your rights, contact [email protected].