GDPR Compliance

Last updated: 18 June 2026

Our commitment to data protection

asteroid-gear.com is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This document outlines how we comply with GDPR requirements and explains your rights under this regulation.

Legal basis for processing

We process your personal data under the following legal bases:

  • Consent: When you submit inquiry forms or agree to receive communications
  • Contract: When processing is necessary to fulfill service agreements
  • Legitimate interests: For business operations, website improvement, and fraud prevention
  • Legal obligation: When required to comply with applicable laws

Your GDPR rights

Under GDPR, you have the following rights regarding your personal data:

Right to access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

Right to rectification

You can request that we correct inaccurate or incomplete personal data we hold about you.

Right to erasure

You may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent.

Right to restrict processing

You can request that we limit how we use your personal data in specific situations, such as while we verify the accuracy of disputed data.

Right to data portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another data controller.

Right to object

You may object to processing of your personal data when we rely on legitimate interests as the legal basis, or when processing is for direct marketing purposes.

Right to withdraw consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Data controller information

The data controller responsible for your personal data is:

asteroid-gear
42 Cranfield Lane
Bristol, BS8 4RJ
United Kingdom
Email: [email protected]

Data processing activities

We process personal data for the following activities:

  • Managing client inquiries and service requests
  • Delivering animation production services
  • Maintaining communication with clients and prospects
  • Website analytics and improvement
  • Legal compliance and record-keeping

Data retention periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Inquiry data: 24 months from last contact
  • Client project data: Duration of business relationship plus 7 years for legal compliance
  • Website analytics data: 26 months
  • Email correspondence: 7 years for business record purposes

International data transfers

We primarily store and process data within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Data security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection practices

Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Exercising your rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though this period may be extended by two additional months for complex requests.

Right to lodge a complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Updates to this document

We may update this GDPR compliance document to reflect changes in our data processing activities or legal requirements. Significant changes will be communicated through our website and, where appropriate, by direct notification.