GDPR
General Data Protection Regulation statement
firm-pillar is committed to protecting personal data in line with GDPR requirements in the United Kingdom. This page summarises how we meet key obligations.
Data controller
firm-pillar is the data controller for personal information collected through our website and services. We determine the purposes and methods of processing.
Lawful processing
We process data based on contractual necessity, legitimate interest in providing care services, and consent where required for optional activities.
Data minimisation
We collect only the data needed to deliver care, respond to enquiries, and maintain accurate records. We avoid unnecessary or excessive data collection.
International transfers
We store data within approved UK or EEA-based services. If a transfer is required, we ensure appropriate safeguards are in place.
Data security
Access to personal data is limited to authorised team members. We maintain secure storage and audit access regularly.
Individual rights
You have the right to access, rectify, restrict processing, and request deletion of your data. You can also request data portability where applicable.
Data retention
We retain information for as long as necessary to provide ongoing care and to meet legal requirements. Records are reviewed periodically.
Contact for GDPR matters
For GDPR-related requests, contact us via [email protected]. We aim to respond within one month of receiving your request.
Last reviewed: April 2026