GDPR Compliance

Last Updated: 15 January 2026

Our Commitment to Data Protection

Verdant Fund Limited is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting personal data and respecting the privacy rights of individuals.

This document provides specific information about our GDPR compliance practices and your rights under data protection legislation.

Data Controller Information

Verdant Fund Limited is the data controller for personal information collected through our website and business operations.

Registered Company: Verdant Fund Limited
Registration Number: 11456782
Registered Address: 42 Kingsway, London WC2B 6EX, United Kingdom
Contact Email: [email protected]

Data Protection Principles

We adhere to the following data protection principles when handling personal information:

  • Lawfulness, Fairness, and Transparency: We process data lawfully and are transparent about how we use it
  • Purpose Limitation: We collect data for specific, explicit purposes and do not use it in ways incompatible with those purposes
  • Data Minimization: We only collect data that is adequate, relevant, and necessary for our purposes
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date
  • Storage Limitation: We retain data only as long as necessary for the stated purposes
  • Integrity and Confidentiality: We implement appropriate security measures to protect against unauthorized processing, loss, or damage
  • Accountability: We can demonstrate compliance with these principles

Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal information:

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data along with information about how it's being used.

Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, including when it's no longer necessary for the purposes it was collected or you withdraw consent.

Right to Restriction of Processing

You can request that we limit how we use your data in specific situations, such as when you contest its accuracy or object to processing.

Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes, including profiling related to such marketing.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not currently engage in automated decision-making of this nature.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with "GDPR Request" in the subject line. Include the following information:

  • Your full name and contact details
  • A description of your request and the specific right you wish to exercise
  • Any information that will help us locate your data

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

We may need to verify your identity before processing your request. This is a security measure to ensure personal data is not disclosed to unauthorized individuals.

Lawful Bases for Processing

We process personal data only when we have a lawful basis to do so. The specific lawful bases we rely on include:

Contract Performance

Processing is necessary to fulfill our contractual obligations to clients, including delivering consulting services, project implementation, and ongoing support.

Legitimate Interests

We process data to pursue legitimate business interests such as:

  • Responding to inquiries and managing client relationships
  • Improving our services and website functionality
  • Detecting and preventing fraud
  • Ensuring network and information security

We balance these interests against your rights and freedoms and only proceed when our interests do not override your rights.

Consent

For certain activities such as sending marketing communications, we obtain your explicit consent before processing your data. You can withdraw consent at any time.

Legal Obligations

We process data when necessary to comply with legal and regulatory requirements, such as tax laws and professional standards.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls limiting data access to authorized personnel only
  • Secure authentication and password policies
  • Regular staff training on data protection and security
  • Incident response procedures for data breaches
  • Regular backups and disaster recovery planning

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by law.

Our notification will include:

  • The nature of the breach
  • The likely consequences
  • Measures taken or proposed to address the breach
  • Contact details for further information

Third-Party Processing

When we engage third parties to process personal data on our behalf, we ensure:

  • They process data only on our documented instructions
  • Appropriate data processing agreements are in place
  • They implement adequate technical and organizational security measures
  • They assist us in complying with data subject rights requests
  • They notify us of any data breaches

We conduct due diligence on all processors and regularly review their compliance.

International Data Transfers

We primarily store and process data within the United Kingdom. When transferring personal data outside the UK or European Economic Area, we implement appropriate safeguards such as:

  • Standard Contractual Clauses approved by regulatory authorities
  • Transfers to countries with adequacy decisions
  • Other mechanisms recognized under UK GDPR

Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

Data Protection Impact Assessments

Where processing is likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) before commencing such processing. This includes evaluating the necessity and proportionality of processing and identifying measures to mitigate risks.

Record Keeping

We maintain records of our processing activities as required by GDPR, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Recipients of personal data
  • International transfers
  • Retention periods
  • Security measures

Complaints and Supervisory Authority

If you have concerns about our data processing practices, we encourage you to contact us first so we can address the issue. However, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Information

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Significant updates will be communicated to affected individuals and reflected in the "Last Updated" date above.

Contact Us

For questions, concerns, or requests related to GDPR compliance and your data protection rights, please contact us:

Email: [email protected]
Subject Line: GDPR Inquiry
Postal Address: Verdant Fund Limited, 42 Kingsway, London WC2B 6EX, United Kingdom