Legal

Data Protection Policy

Our internal commitments to protecting your data.

Principles

We process data lawfully, fairly and transparently; collect only what's needed; keep it accurate; retain only as long as required; and protect it appropriately.

Security

Encryption in transit and at rest, role-based access, audit logging, vendor due diligence and routine review of access rights.

Incident response

We notify affected users and relevant authorities within 72 hours of confirming a personal data breach.

Training

Every team member completes data protection training on onboarding and annually thereafter.

Last updated: 16 May 2026