GDPR Compliance Statement

Last Updated: May 11, 2026

Our Commitment to GDPR

dusky-sages is fully committed to compliance with the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting personal data and have implemented comprehensive measures to ensure lawful, fair, and transparent processing.

Data Controller

dusky-sages acts as the data controller for personal information collected through our services. Our contact details are:

Email: [email protected]
Address: 47 Wellington Street, Leeds LS1 4HZ, United Kingdom

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you engage our services and provide explicit consent
• Contract: To fulfill our contractual obligations in providing benefits guidance
• Legal Obligation: To comply with statutory requirements
• Legitimate Interests: To operate our business and improve service delivery

Your GDPR Rights

Under UK GDPR, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data, subject to certain legal limitations.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Special Category Data

We may process special category data (health information, financial hardship details) when necessary for benefits claims. We do so under explicit consent and with enhanced security measures.

Data Security Measures

We implement technical and organizational measures including:

• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments and updates
• Staff training on data protection principles
• Secure disposal of physical and electronic records

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours.

Third-Party Processing

When we engage third-party processors, we ensure they provide sufficient guarantees of GDPR compliance through written contracts and regular audits.

International Data Transfers

We do not transfer personal data outside the United Kingdom. Should this change, we will implement appropriate safeguards under UK GDPR.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy. Client case files are retained for seven years to comply with professional and legal obligations.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond within one month.

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.dusky-sages.com

Updates to This Statement

We review and update this GDPR Compliance Statement regularly to reflect changes in our practices or legal requirements.