Privacy Policy
Data controller
The data controller is Sovereign Architecture Ltd (company number [COMPANY_NUMBER_PENDING]), registered office: [PHYSICAL_ADDRESS_PENDING]. Email: [CONTACT_EMAIL_PENDING].
Data processor (email delivery)
Transactional and marketing email dispatch is carried out using Resend, Inc. as a processor under our instructions. The processor processes email addresses and related delivery data as needed to send messages and maintain suppression/unsubscribe status.
Personal data and purposes
We process the email address you provide, subscription status, and technical data (e.g. IP and user agent where collected) to perform the free subscription insights service, evidence consent, and meet legal obligations.
We collect this data directly from you when you submit it via our subscription form.
Lawful basis
Processing for the newsletter is based on consent (Article 6(1)(a) UK GDPR) where consent is required for electronic marketing.
Technical data (IP/UA) is processed based on legitimate interests for security and consent evidence.
Electronic marketing (PECR)
We use a double opt-in mechanism. We comply with PECR 2003 regarding prior consent.
We use a double opt-in mechanism to verify your consent. You will only receive emails after confirming your subscription via a verification email.
International transfers
Where personal data is transferred outside the United Kingdom to processors such as Resend, Inc., appropriate safeguards are applied, such as Standard Contractual Clauses or equivalent mechanisms as required under UK GDPR.
Retention
Data are retained while the subscription is active. After unsubscribe, we may retain minimal data (such as your email address) on a suppression list to ensure you do not receive further communications, unless deletion is required by law.
Automated decision-making and profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
Your rights (UK GDPR)
You have the right of access to your personal data and the right to erasure where applicable. You also have rights to rectification, restriction of processing, objection where applicable, and data portability where applicable.
You have the right to withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.
Complaints
You may lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO) (https://ico.org.uk).