GDPR Data

Effective Date: July 2025

This GDPR Data Protection Policy outlines how Animus Corporation Limited ("we," "our," or "us") ensures compliance with the General Data Protection Regulation (GDPR) and processes personal data in accordance with the rights and freedoms of individuals.

This policy applies to all personal data processed by Animus Corporation Limited, whether that data relates to employees, clients, suppliers or third-party service providers. It is designed to protect the privacy rights of individuals and support data protection best practices across our operations.

We process personal data lawfully under the following GDPR Article 6 bases:

• Consent
• Contractual necessity
• Legal obligation
• Legitimate interests

Where special category data is involved, we ensure compliance with Article 9 of the GDPR.

We may collect and process the following categories of data:

• Identity data: name, ID number, VAT number
• Contact data: email address, telephone number, physical address
• Transactional data: invoices, payment records orders
• Technical data: IP address, device type, browser details
• Communications: emails, messages, support requests

Under GDPR, individuals have the right to:

• Access their personal data
• Correct or update their data
• Erase their data (“right to be forgotten”)
• Restrict or object to processing
• Data portability
• Withdraw consent
• File a complaint with the Information Commissioner's Office (ICO)

To exercise these rights, contact us at: [email protected]

We implement appropriate technical and organizational measures to secure personal data, including:

• SSL encryption and HTTPS protocols
• Secure internal data handling systems
• Staff access controls and confidentiality agreements
• Firewall and malware protection
• Regular backups and disaster recovery processes

We only share data with trusted third parties who comply with GDPR or equivalent standards. These include:

• Logistics and delivery partners
• Payment processors
• IT support providers
• Legal and tax advisors

Where data is transferred outside the UK or EEA, we ensure:

• Adequate legal safeguards (e.g., Standard Contractual Clauses)
• Due diligence on third-party data handling

We retain personal data only as long as necessary to fulfill contractual, legal or business obligations:

• Transactional data: 6–7 years (for accounting compliance)
• Customer communication data: 3 years from last interaction
• Marketing data: Until consent is withdrawn or 2 years of inactivity

All employees are provided with internal data protection guidelines. We store HR data securely and limit access to authorized HR personnel. Employees are trained in GDPR and confidentiality responsibilities.

In the event of a personal data breach, we will:

• Notify the ICO within 72 hours (where applicable)
• Inform affected individuals without undue delay when high risk is determined
• Record all breach details in our internal incident log

We have appointed a Data Protection Contact to oversee compliance, handle data access requests and liaise with regulatory authorities:

All staff are required to:

• Read and adhere to this GDPR Data Protection Policy
• Complete GDPR training
• Report potential breaches or risks to the DPO immediately

We conduct regular internal audits to assess GDPR compliance. This policy is reviewed annually or in response to regulatory or operational changes.

We reserve the right to amend this policy as needed. Updates will be posted on our website with a new effective date. Continued engagement with our services implies acceptance of the updated terms.