GDPR Compliance

Last updated: May 20, 2026

Our Commitment to GDPR

Quiet Sojourn is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

Data Controller

Quiet Sojourn is the data controller responsible for your personal data. Our contact details are:

Email: [email protected]
Address: 42 Aldgate Street, London EC3N 1AA, United Kingdom

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to fulfill our contractual obligations to you
  • Legal obligation: When we must process your data to comply with legal requirements
  • Legitimate interests: When processing is necessary for our legitimate business interests, provided these don't override your rights

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

Right to Rectification

You have the right to request that we correct information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected]

We will respond to your request within one month of receipt. In some cases, we may extend this period by a further two months if your request is complex.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

We do not transfer your personal data outside the UK or European Economic Area. If this changes, we will ensure appropriate safeguards are in place and inform you accordingly.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Enquiry data: 2 years from last contact
  • Client project data: 7 years after project completion (for legal and warranty purposes)
  • Marketing consent data: Until consent is withdrawn

Automated Decision Making

We do not use automated decision-making or profiling in ways that produce legal effects or similarly significantly affect you.

Complaints

If you believe we have not complied with GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Policy

We may update this GDPR compliance statement from time to time. We will notify you of any significant changes by posting a notice on our website.