GDPR Compliant Since 2024

Your Rights Protected

Full transparency. Complete control. Absolute protection of your personal data.

Last updated: January 18, 2026

Full GDPR Compliance

Navigation

99.7%
Data requests resolved within 30 days
100%
International transfers use SCCs
ISO 27001
Certified infrastructure

Your Data Protection Rights

Under GDPR, you have powerful rights to control your personal data. Each right is designed to protect your privacy and give you full transparency.

Art. 15 GDPR

Right to Access

Request copies of your personal data and know how we're using it.

What you can request:

  • All personal data we hold about you
  • How we're processing your data
  • Who we share your data with
  • How long we'll keep your data
  • The source of your data (if not from you)

Response time: 30 days (free for first request)

Art. 16 GDPR

Right to Rectification

Correct inaccurate data or complete incomplete information.

When to use this right:

  • Your contact details have changed
  • We have incorrect information about you
  • Information is outdated or incomplete

We will: Update the data and notify third parties we shared it with (if applicable)

Premium Right
Art. 17 GDPR

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Valid grounds for erasure:

  • Data no longer necessary for original purpose
  • You withdraw consent (consent-based processing)
  • You object and we have no overriding legitimate interest
  • Data processed unlawfully
  • Legal obligation requires erasure

Exceptions: We may refuse if required by law or for legal claims

Art. 18 GDPR

Right to Restrict Processing

Limit how we use your data while we verify accuracy or legitimacy.

When restriction applies:

  • You contest data accuracy (during verification)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You object to processing (pending verification)

Effect: We can store but not process your data

Premium Right
Art. 21 GDPR

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Objection scenarios:

  • Direct marketing: Absolute right (we must stop)
  • Legitimate interests: We'll stop unless we have compelling legitimate grounds
  • Profiling: Object to automated decision-making

Effect: We must cease processing unless exemptions apply

Art. 20 GDPR

Right to Data Portability

Receive your data in a machine-readable format or transfer it to another provider.

Conditions for portability:

  • Processing is based on consent or contract
  • Processing is automated
  • Only applies to data you provided to us

Format: JSON, CSV, or XML

Direct transfer: Where technically feasible, we can transfer directly to another provider

Your Rights Request Workflow

Simple, transparent, and secure. Here's exactly what happens when you exercise your rights.

1. Submit Request
Via email or contact form
2. Identity Verification
We confirm your identity (security measure)
3. Processing
We locate and prepare your data
4. Delivery
Response within 30 days

Exercise Your Rights

Submit your data subject request directly through this form. We'll respond within 30 days.

Response time: 30 days

We'll verify your identity before processing your request to protect your data security.

Lawful Basis for Processing

We only process your data when we have a legal right to do so. Here are the lawful bases we rely on.

Consent

You've given clear, informed consent for us to process your data for a specific purpose. You can withdraw consent at any time.

Contract

Processing is necessary to fulfill our contractual obligations to you or because you've asked us to take steps before entering into a contract.

Legal Obligation

Processing is necessary to comply with the law (excluding contractual obligations).

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, unless your rights and freedoms override those interests.

Data We Collect

Complete transparency on what personal data we collect and why.

Identity Data
First name, last name, title, job title, company name
Contact Data
Email address, telephone number, postal address
Technical Data
IP address, browser type, device information, operating system, screen resolution
Usage Data
Information about how you use our website, services, products, and content
Marketing Data
Your preferences for receiving marketing communications and your communication preferences
Transaction Data
Details about payments to and from you, and other details of products and services purchased

Data Security Measures

Multi-layered security to protect your personal data from unauthorized access, loss, or disclosure.

Encryption

All data is encrypted both in transit (TLS/SSL) and at rest using industry-standard AES-256 encryption algorithms.

Access Control

Strict access controls ensure only authorized personnel can access personal data on a need-to-know basis with full audit trails.

Secure Infrastructure

Our systems are hosted on ISO 27001 certified infrastructure with regular security audits and penetration testing.

  • Regular security assessments and penetration testing
  • Multi-factor authentication for system access
  • Comprehensive data backup and disaster recovery procedures
  • Mandatory employee training on data protection and security
  • Incident response and breach notification procedures
  • Regular software updates and security patches
  • Data minimization and pseudonymization where possible
  • Secure development lifecycle (SDLC) practices

International Data Transfers

Full transparency on UK-China data flows with robust safeguards to protect your data across borders.

UK to China international data transfer safeguards

UK China

All data transfers between our UK and China operations are protected by EU-approved Standard Contractual Clauses and regular Transfer Impact Assessments.

Standard Contractual Clauses (SCC)
Data Transfer Agreements
Transfer Impact Assessments

How We Protect Your Data Internationally

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for all data transfers to China, ensuring the same level of protection as within the EU.
  • Binding Data Transfer Agreements: All third-party processors are contractually bound to protect your data to EU standards, regardless of location.
  • Transfer Impact Assessments (TIAs): We regularly assess the legal and practical conditions in China to ensure adequate protection for transferred data.
  • Supplementary Measures: Additional technical and organizational measures (encryption, pseudonymization, access controls) to enhance protection.

Request a Copy: You have the right to request a copy of the safeguards we have in place for international data transfers. Contact us at ceo@valutoria.com

Data Retention

We only keep your data for as long as necessary. Here's how we determine retention periods.

Retention Criteria

To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Legal, regulatory, tax, accounting, or other requirements

Secure Deletion: When we no longer need your personal data, we securely delete or anonymize it. If immediate deletion isn't possible (e.g., backup archives), we isolate the data from further processing until deletion is feasible.

Right to Lodge a Complaint

If you believe we've infringed your data protection rights, you can complain to the UK supervisory authority.

UK Supervisory Authority

Information Commissioner's Office (ICO)

TELEPHONE

0303 123 1113

ADDRESS

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

But Contact Us First

We'd appreciate the chance to address your concerns before you approach the ICO. Please contact us first at ceo@valutoria.com and we'll work to resolve the issue promptly.

Contact for Data Protection Inquiries

Questions about this GDPR statement or our data protection practices? We're here to help.

COMPANY

Valutoria Ltd

UK OFFICE

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

BEIJING OFFICE

北京浩尔特曼科技有限公司
北京市昌平区北七家镇未来科学城南区英才南一街3号院1号楼3层302室

BEIJING PHONE

+86 185 0003 2744

Related Legal Documents

Navigation

Request Submitted Successfully!