GDPR Compliance

Last updated: April 2026

Our Commitment to GDPR

barbarabbi is committed to complying with the General Data Protection Regulation (GDPR) and ensuring the protection of your personal data. This page outlines how we fulfill our obligations under GDPR and explains your rights as a data subject.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you voluntarily provide information through our forms or subscribe to our communications
  • Contract Performance: To fulfill equipment rental or service agreements with you
  • Legitimate Interests: To improve our services and communicate relevant business information
  • Legal Obligation: To comply with applicable laws and regulations

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a commonly used electronic format.

Right to Rectification

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to our processing of your personal data for direct marketing purposes or when we process your data based on legitimate interests.

Right to Withdraw Consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]

Subject line: "GDPR Request - [Your Request Type]"

We will respond to your request within one month of receipt. In some cases, we may extend this period by two additional months if your request is complex or we receive multiple requests.

Data Processing Activities

We process personal data for the following purposes:

  • Processing equipment rental and service requests
  • Customer communication and support
  • Marketing communications (with your consent)
  • Website analytics and improvement
  • Fraud prevention and security
  • Legal compliance

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Rental and service records: 7 years (for accounting and legal purposes)
  • Marketing communications: Until you unsubscribe or request deletion
  • Website analytics: 26 months
  • Customer inquiries: 3 years

International Data Transfers

We primarily process data within the United Kingdom and European Economic Area. If we transfer your data outside these regions, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Staff training on data protection

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

ICO Website: https://ico.org.uk

ICO Helpline: 0303 123 1113

Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact:

barbarabbi
47 Kingsland Road
Shoreditch, London E2 8AD
United Kingdom

Email: [email protected]