GDPR Compliance
Last updated: 4 April 2026
We are fully committed to GDPR compliance. The Electronic High Street complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we protect your personal data and your rights.
1. Our Data Protection Commitment
The Electronic High Street recognises that the protection of personal data is a fundamental right. We have implemented comprehensive technical and organisational measures to ensure that all personal data is handled lawfully, fairly, and transparently. Data protection is embedded into every aspect of our services — "Privacy by Design and by Default".
2. The Seven GDPR Principles
We comply with all seven principles of UK GDPR:
- Lawfulness, Fairness, and Transparency — we only process data with a valid legal basis and are open about what we collect and why
- Purpose Limitation — we collect data only for specified, legitimate purposes and never use it beyond those purposes
- Data Minimisation — we collect only the minimum data necessary to provide our services
- Accuracy — we take reasonable steps to ensure data is accurate and up to date
- Storage Limitation — we do not keep data longer than necessary. Server logs are deleted after 90 days.
- Integrity and Confidentiality — we protect data with SSL encryption, firewalls, fail2ban intrusion prevention, daily malware scanning, and strict access controls
- Accountability — we can demonstrate our compliance through our policies, procedures, and technical measures
3. Lawful Bases for Processing
We rely on the following lawful bases under Article 6 of UK GDPR:
- Consent (Art. 6(1)(a)) — for newsletter subscriptions and contact form submissions. You can withdraw consent at any time.
- Legitimate Interest (Art. 6(1)(f)) — for website security, fraud prevention, and aggregate analytics to improve our services
- Legal Obligation (Art. 6(1)(c)) — where required by UK law (e.g., tax records)
4. Your Rights Under UK GDPR
You have powerful rights over your personal data:
- Right of Access (Article 15) — request a copy of all data we hold about you. We will respond within 30 days.
- Right to Rectification (Article 16) — ask us to correct inaccurate or incomplete data
- Right to Erasure (Article 17) — ask us to delete your data ("right to be forgotten")
- Right to Restrict Processing (Article 18) — ask us to limit how we use your data
- Right to Data Portability (Article 20) — receive your data in a machine-readable format
- Right to Object (Article 21) — object to processing based on legitimate interests
- Right to Withdraw Consent (Article 7) — withdraw consent at any time without affecting prior processing
5. How to Exercise Your Rights
Email marlin69@protonmail.com with "GDPR Request" in the subject line. Include your name, the email address associated with any account, and a description of what you are requesting. We will verify your identity and respond within 30 days.
6. Security Measures
We implement robust security to protect your data:
- TLS/SSL encryption on all pages — your data is encrypted in transit
- Enterprise firewalls with strict access rules
- fail2ban intrusion prevention — automated blocking of brute-force attacks
- Daily malware scanning using ClamAV antivirus
- Rootkit detection via rkhunter
- Key-based SSH only — no password-based server access
- Two-factor authentication on all admin panels
- Country-level blocking of high-risk regions (RU, KP, IR, BY)
- Regular encrypted backups
- Root access disabled on all servers
7. Data Breach Procedures
In the event of a data breach, we will:
- Assess the breach immediately upon discovery
- Notify the Information Commissioner's Office (ICO) within 72 hours if it poses a risk to individuals
- Notify affected individuals without undue delay if there is a high risk
- Document the breach and take measures to prevent recurrence
8. International Data Transfers
Our servers are located in Europe. Some third-party services (PayPal, affiliate networks) may process data outside the UK/EEA. Where this occurs, appropriate safeguards including Standard Contractual Clauses are in place.
9. Supervisory Authority
If you are not satisfied with how we handle your data, you can complain to:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concerns first — please email marlin69@protonmail.com.
10. Contact
For any GDPR or data protection questions: marlin69@protonmail.com