Home About Services Contact

GDPR Compliance

Last updated: 15 January 2026

Fusion Ark Consulting Limited is committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about our compliance measures and your rights as a data subject.

Our Commitment

We recognise that personal data protection is fundamental to maintaining trust with our clients, website visitors, and business contacts. We have implemented comprehensive policies and procedures to ensure that all personal data is:

Data Controller Information

For data processing activities related to our website and direct business relationships, the data controller is:

Fusion Ark Consulting Limited
47 Moorgate
London EC2R 6BH
United Kingdom

Company Registration: 09127483
ICO Registration: ZA421856

Data Protection Officer

We have appointed an internal Data Protection Officer who oversees compliance with data protection legislation. You may contact the DPO for any matters relating to the processing of your personal data or the exercise of your rights:

Email: [email protected]

Lawful Bases for Processing

We rely on the following lawful bases under Article 6 of the UK GDPR:

Contract Performance (Article 6(1)(b))

We process personal data where necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This applies to:

Legitimate Interests (Article 6(1)(f))

We process certain personal data based on our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:

We have conducted legitimate interest assessments for these processing activities. You may request copies by contacting our DPO.

Consent (Article 6(1)(a))

Where required, we obtain your explicit consent before processing. This applies to:

You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.

Legal Obligation (Article 6(1)(c))

We process personal data where necessary to comply with our legal obligations, including tax reporting, anti-money laundering requirements, and responses to lawful requests from authorities.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You may request confirmation of whether we process your personal data and, if so, access to that data along with supplementary information about our processing activities. We will provide a copy of your personal data free of charge, though we may charge a reasonable fee for additional copies or manifestly unfounded requests.

Right to Rectification (Article 16)

You may request correction of inaccurate personal data or completion of incomplete data. We will respond within one month and notify any recipients of the rectification.

Right to Erasure (Article 17)

You may request deletion of your personal data in certain circumstances, including where:

This right does not apply where we need to retain data for legal compliance or the establishment, exercise, or defence of legal claims.

Right to Restriction of Processing (Article 18)

You may request restriction of processing while we verify the accuracy of data you have contested, while we consider your objection to processing, or where processing is unlawful but you do not want erasure.

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you may receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object (Article 21)

You may object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests. You have an absolute right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

We do not currently make decisions based solely on automated processing that produce legal or similarly significant effects. Should this change, we will provide information about the logic involved and ensure appropriate safeguards.

Exercising Your Rights

To exercise any of these rights, please submit a request to our Data Protection Officer at [email protected]. To verify your identity, we may request additional information. We will respond to valid requests within one month, though this period may be extended by up to two months for complex requests.

We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse the request.

Data Processing in Client Engagements

During consulting engagements, we may process personal data on behalf of our clients. In these circumstances, the client typically acts as the data controller and we act as a data processor. Our processing activities are governed by written agreements that specify:

We implement appropriate technical and organisational measures to ensure security and confidentiality of client data.

International Data Transfers

Our primary operations are within the United Kingdom. Where we transfer personal data outside the UK, we ensure compliance with Chapter V of the UK GDPR through:

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Data Breach Notification

In the event of a personal data breach likely to result in risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware. Where a breach is likely to result in high risk, we will also notify affected individuals without undue delay.

Records of Processing Activities

We maintain records of our processing activities as required under Article 30 of the UK GDPR. These records include the purposes of processing, categories of data subjects and personal data, recipients, international transfers, retention periods, and security measures.

Data Protection Impact Assessments

We conduct data protection impact assessments where processing is likely to result in high risk to individuals' rights and freedoms, particularly for new technologies, profiling, or large-scale processing of sensitive data.

Supervisory Authority

The supervisory authority for data protection in the United Kingdom is the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: ico.org.uk
Helpline: 0303 123 1113

You have the right to lodge a complaint with the ICO if you believe your data protection rights have been violated.

Updates to This Information

We review our GDPR compliance measures regularly and update this page as necessary. Material changes will be communicated through our website. The date at the top of this page indicates when it was last revised.

Contact

For any questions about our GDPR compliance or to exercise your data protection rights, please contact:

Data Protection Officer
Fusion Ark Consulting Limited
47 Moorgate
London EC2R 6BH
Email: [email protected]

Cookie Notice

We use cookies to improve your experience on our site. Some are essential for the site to function, while others help us understand how you use it.

Cookie Preferences

Essential Cookies

Required for the website to function. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness.