GDPR Compliance

Last updated: June 4, 2026

Our Commitment to Data Protection

fern-saga is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights as a data subject.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to fulfil our service obligations to you
• Legitimate Interests: When we have legitimate business interests that do not override your rights
• Legal Obligation: When we must process data to comply with legal requirements

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you, and to complete incomplete data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected, or if you withdraw consent.

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests, or where we are processing your data for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

gdpr at fern-saga.com

We will respond to your request within one month. If your request is particularly complex, we may extend this period by two additional months, and we will inform you of any such extension.

Data Protection Officer

For matters related to data protection, you may contact our Data Protection Officer at:

dpo at fern-saga.com

International Data Transfers

We primarily process data within the United Kingdom. If we transfer your data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay, as required by GDPR. We will also report the breach to the relevant supervisory authority within 72 hours of becoming aware of it.

Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your data appropriately. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO).

Updates to GDPR Compliance

We regularly review our data protection practices to ensure ongoing GDPR compliance. Any updates to this information will be reflected on this page with a revised date.