GDPR Compliance

Last updated: June 1, 2026

Our Commitment to GDPR

Beacon Fable is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union and United Kingdom. This page outlines how we fulfill our obligations under GDPR.

Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you provide explicit consent for us to process your personal data for specific purposes, such as receiving marketing communications.
• Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate Interests: When processing is necessary for our legitimate interests, such as improving our services, provided this does not override your rights.
• Legal Obligation: When processing is necessary to comply with legal obligations to which we are subject.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data upon request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data under certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we process your data based on your consent, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: [email protected]
• Post: Beacon Fable Consultancy, 47 Harborne Road, Edgbaston, Birmingham B15 3HE, United Kingdom

We will respond to your request within one month, though this period may be extended in complex cases. We will inform you of any extension and the reasons for the delay.

Data Protection Officer

For questions specifically related to data protection and privacy, you may contact our Data Protection Officer at [email protected].

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication procedures
• Staff training on data protection principles
• Incident response procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Our standard retention periods are:

• Active client records: Duration of engagement plus seven years
• Inquiry records (non-clients): Three years from last contact
• Marketing consent records: Until consent is withdrawn
• Website analytics data: 26 months

International Data Transfers

When we transfer personal data outside the UK or EU, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Other legally approved transfer mechanisms

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

Children's Data

Our services are not directed to children under 16 years of age. We do not knowingly collect or process personal data from children without appropriate parental consent.

Changes to Our GDPR Practices

We may update our GDPR compliance practices from time to time. Any changes will be reflected on this page with an updated revision date.

Supervisory Authority

The supervisory authority responsible for monitoring our compliance with GDPR in the United Kingdom is:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk

Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us:

Beacon Fable Consultancy
47 Harborne Road
Edgbaston, Birmingham B15 3HE
United Kingdom
Email: [email protected]