GDPR Compliance

Last updated: May 17, 2026

Our Commitment to GDPR

Cyto-Matic is committed to full compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page outlines how we ensure the protection of your personal data.

Data Controller

Cyto-Matic acts as the data controller for personal information collected through our website and services.

Contact details:
Email: [email protected]
Address: 47 Wellington Street, Birmingham, B15 2ET, United Kingdom

Lawful Basis for Processing

We process personal data only when we have a lawful basis:

  • Consent: You have given clear consent for processing your personal data for specific purposes
  • Contract: Processing is necessary to fulfill our contractual obligations
  • Legal obligation: Processing is necessary to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or those of a third party

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

Right to Rectification

You have the right to request correction of any information you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data under certain conditions.

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions.

Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you under certain conditions.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month.

Data Protection Measures

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Staff training on data protection
  • Regular backups and disaster recovery procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Service delivery and customer support
  • Legal, accounting, or reporting requirements
  • Resolving disputes and enforcing agreements

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Transfers to countries with adequate data protection
  • Other legally approved transfer mechanisms

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom.

ICO website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Page

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements.