Advertising Content

GDPR Compliance

Our commitment to data protection under the General Data Protection Regulation

Last updated: January 2026

Our Commitment to GDPR

neo-leaf is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have implemented robust policies, procedures, and technologies to maintain the security of all personal data from the point of collection to destruction.

Data Controller Information

For the purposes of the General Data Protection Regulation (GDPR), neo-leaf acts as the data controller for the personal information we collect through this website.

Contact details:
neo-leaf
47 Chancery Lane
London, WC2A 1PL
United Kingdom

Email: [email protected]

Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information free of charge within one month of receiving your request.

Right to Rectification

You have the right to request that we correct any personal information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions. This right is not absolute and only applies in certain circumstances.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data under certain conditions, particularly if we are processing it for direct marketing purposes.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so. The lawful bases we rely on include:

  • Consent: Where you have given us clear consent to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for the performance of a contract we have with you.
  • Legal obligation: Where processing is necessary for compliance with a legal obligation.
  • Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, unless overridden by your rights.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of the effectiveness of security measures
  • Staff training on data protection requirements
  • Access controls to limit who can access personal data
  • Secure disposal of data when no longer required

Data Breach Procedures

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

International Data Transfers

Where we transfer personal data outside the United Kingdom or European Economic Area, we ensure that appropriate safeguards are in place to protect the data in accordance with GDPR requirements.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us using the details provided above. We may ask you to verify your identity before processing your request. We will respond to your request within one month, although this period may be extended by two further months for complex requests.

Complaints

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: https://ico.org.uk

Updates to This Page

We may update this GDPR compliance page from time to time. Any changes will be posted on this page with an updated revision date.