Legal
GDPR Statement
Last Updated: January 2026
The UK General Data Protection Regulation gives you control over your personal data. This statement explains how Meridian Concepts complies with UK GDPR and protects your rights.
Summary
GDPR at a Glance
Your Data, Your Rights
Access, rectify, erase, or restrict your data at any time.
Transparent Processing
We're clear about what we collect and why we collect it.
Secure Storage
Your data is encrypted and protected against unauthorised access.
Limited Retention
We only keep data for as long as legally or operationally necessary.
For full details, see our Privacy Policy.
Compliance
The Six GDPR Principles
How we uphold each of the core GDPR data protection principles.
Lawfulness, Fairness & Transparency
Data must be processed legally, fairly, and transparently.
- βClear Privacy Policy explaining all data use
- βValid legal basis for every processing activity
- βNo hidden or unexpected data use
- βOpen and honest about our practices at all times
Purpose Limitation
Data collected only for specific, explicitly stated purposes.
- βDefine purposes clearly before collection
- βInform you of all purposes at the point of collection
- βNever use data for incompatible purposes
- βSeek fresh consent if purposes change
Data Minimisation
We only collect what is strictly necessary.
- βRequest only essential information
- βNo collection of "nice to have" data
- βRegular reviews to eliminate unnecessary fields
- βOptional fields are clearly marked as such
Accuracy
Data must be accurate and kept up to date.
- βMechanisms provided for you to update your data
- βCritical information verified at point of use
- βInaccuracies corrected promptly on request
- βWe encourage you to notify us of any changes
Storage Limitation
Data is not kept longer than necessary.
- βClear retention schedules for all data categories
- βAutomatic deletion after retention periods expire
- βSecure data destruction procedures
- βRegular data audits to remove stale records
Integrity & Confidentiality
Data must be processed securely at all times.
- βSSL/TLS encryption in transit
- βSecure, access-controlled storage systems
- βRegular staff data protection training
- βStrict internal access controls
Data Subject Rights
Your Rights Under UK GDPR
Right to Be Informed
You have the right to clear, accessible information about how we use your personal data.
We provide this through our Privacy Policy, this GDPR Statement, and collection notices at point of data capture.
Right of Access
You can request a copy of the personal data we hold about you (Subject Access Request).
We respond within 1 month. This service is free of charge.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
We will act on corrections promptly and within 1 month.
Right to Erasure
You can request deletion of your personal data β the "right to be forgotten".
Subject to legal retention requirements β for example, financial records must be retained for 7 years.
Right to Restrict Processing
You can limit how we use your data in certain circumstances.
While restricted, data is stored but not actively processed.
Right to Data Portability
You can receive your personal data in a portable, machine-readable format.
Available in CSV, JSON, or PDF. Applies to data processed on the basis of consent or contract.
Right to Object
You can object to us processing your data, particularly for direct marketing.
Marketing communications will be stopped immediately on request, no questions asked.
Automated Decision-Making Rights
You have protection from decisions made solely by automated means.
We do not use automated decision-making processes that have a significant effect on individuals.
How to Exercise Your Rights
Response Time
Within 1 month
We acknowledge within 2 business days
Cost
Free of charge
ID verification may be required
Get in Touch
Contact & Complaints
We'll acknowledge your request within 2 business days and provide a full response within 1 month.
Call Us
+44 (0) XXX XXX XXX
MonβFri, 9:00 AM β 5:00 PM GMT