Legal

GDPR Statement

Last updated: 5 July 2026

Banny Digital Ltd is committed to protecting personal data in line with the UK GDPR and the Data Protection Act 2018.

Our role

We act as a data controller for our own website visitors, enquiries and staff data, and as a data processor for personal data our clients ask us to handle inside their apps, portals and websites.

Data Processing Agreements

Every client engagement that involves processing personal data on your behalf is covered by a Data Processing Agreement (DPA). Contact hello@banny.co.uk for a copy.

Data subject rights

Individuals can request access, rectification, erasure, restriction, portability, or object to processing. We respond within one calendar month.

International transfers

Where personal data is transferred outside the UK/EEA, we rely on approved safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses.

Security

We apply appropriate technical and organisational measures — encryption in transit, access controls, backups, least-privilege permissions and vetted processors.

Breach notification

In the unlikely event of a personal data breach that affects our clients, we notify the affected client without undue delay and support the required ICO reporting.

Sub-processors

A current list of the sub-processors we rely on (hosting, email, database, analytics, payments) is available on request.

Contact

For any GDPR-related question, email hello@banny.co.uk.

Banny Digital Ltd · Company No. 14911385 · Registered in England & Wales · hello@banny.co.uk

This document is provided as a plain-English starting point. Please review with your solicitor before relying on it in a dispute.