GDPR Compliance

Data Controller Information

The data controller responsible for your personal information is:

bright-phantom
47 Cavendish Street
Manchester M15 6BG
United Kingdom

Contact: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfill equipment rental agreements
• Legitimate Interests: Processing for business operations and service improvement
• Consent: Processing for marketing communications when explicit consent is provided
• Legal Obligation: Processing required to comply with accounting and tax regulations

Data Subject Rights

Under GDPR, you have the following rights:

Right to Access

You may request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You may request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure

You may request deletion of personal data when processing is no longer necessary, consent is withdrawn, or data was unlawfully processed. This right is subject to legal retention obligations.

Right to Restriction

You may request restriction of processing when accuracy is contested, processing is unlawful, or you object to processing.

Right to Data Portability

You may request transfer of personal data in a structured, machine-readable format for data processed based on consent or contract.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

When processing is based on consent, you may withdraw that consent at any time.

How to Exercise Your Rights

To exercise any GDPR rights, submit a request to [email protected]. Include:

• Specific right you wish to exercise
• Sufficient information to identify your records
• Verification of your identity

We will respond to valid requests within one month, with possible extension to three months for complex requests.

Data Processing Activities

We process personal data for the following purposes:

• Managing equipment rental bookings and inquiries
• Communicating regarding services and technical support
• Maintaining financial and transaction records
• Analyzing website usage through anonymized data
• Sending service updates when consent is provided

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encrypted data transmission
• Secure server infrastructure
• Access controls and authentication
• Regular security assessments
• Employee training on data protection

Data Retention

Personal data is retained only as long as necessary for the purposes outlined. Standard retention periods:

• Booking inquiries: Until service completion or inquiry closure
• Transaction records: Seven years for legal compliance
• Marketing data: Until consent withdrawal

International Data Transfers

Personal data is processed within the United Kingdom. Any transfers outside the UK occur only with appropriate safeguards under GDPR requirements.

Automated Decision Making

We do not employ automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant supervisory authorities as required by GDPR within 72 hours of breach discovery.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing violates GDPR.

United Kingdom supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk

Updates to This Information

This GDPR compliance information may be updated to reflect changes in processing activities or legal requirements.

Last updated: June 19, 2026