GDPR Compliance

Last updated: 1 June 2026

Agile Crater is committed to ensuring the protection of your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our commitment to data protection and your rights under these regulations.

1. Data Controller

Agile Crater is the data controller responsible for your personal data. Our contact details are:

Agile Crater
47 Culinary Lane
Kensington, London W8 5DL
United Kingdom
Email: [email protected]

2. Our GDPR Principles

We adhere to the following principles when processing your personal data:

  • Lawfulness, fairness, and transparency: We process data lawfully and transparently
  • Purpose limitation: We collect data only for specified, explicit, and legitimate purposes
  • Data minimisation: We only collect data that is necessary for the intended purpose
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We ensure appropriate security of personal data
  • Accountability: We take responsibility for compliance with these principles

3. Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month of receiving it.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will make corrections within one month.

Right to Erasure

You have the right to request the deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we limit how we use your data while a complaint is being investigated or verified.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making.

4. How to Exercise Your Rights

To exercise any of your rights, please contact us at:

We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests.

5. Data We Collect

We collect the following categories of personal data:

  • Identity data: Name, title
  • Contact data: Email address, postal address
  • Technical data: IP address, browser type, device information
  • Usage data: Information about how you use our website
  • Marketing preferences: Your preferences for receiving marketing

6. Legal Bases for Processing

We rely on the following legal bases for processing your personal data:

  • Consent: Where you have given clear consent (e.g., newsletter sign-up)
  • Contract: Where processing is necessary to perform our contract with you (e.g., booking a workshop)
  • Legitimate interests: Where processing is in our legitimate business interests and not outweighed by your rights
  • Legal obligation: Where we need to comply with a legal requirement

7. Data Retention

We retain personal data according to the following schedule:

  • Booking and transaction records: 7 years (for legal and accounting purposes)
  • Marketing consent records: Until consent is withdrawn
  • General enquiries: 3 years
  • Website analytics: 26 months

8. Data Security

We have implemented appropriate technical and organisational measures to secure personal data, including:

  • SSL/TLS encryption for data in transit
  • Secure storage systems with access controls
  • Regular security assessments
  • Staff training on data protection

9. International Transfers

We primarily store and process data within the UK. Where international transfers occur, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.

10. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

11. Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Learn more