Our commitment to handling your personal data lawfully, transparently and with care.
Last updated: June 2026
Our Commitment
Fiolta Digital is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a business that handles sensitive personal documents on behalf of our clients — including wills, birth certificates, medical records, business records and family photographs — we take our data protection responsibilities extremely seriously.
This statement explains how we meet our obligations as a data controller and what that means for you as a customer or enquirer.
Data Controller: Stephen Loye, Fiolta Digital Address: 11a Ballyheifer Road, Magherafelt, BT45 5DX Email:info@fioltadigital.co.uk Registered: Under the UK Data Protection Act 2018
The 7 Principles of UK GDPR
UK GDPR sets out seven key principles that govern how personal data must be handled. Here is how Fiolta Digital applies each one:
Principle 1
Lawfulness, Fairness & Transparency
We only collect data with a clear legal basis, we are open about how we use it, and we never use it in ways that would be unexpected or harmful.
Principle 2
Purpose Limitation
Data collected for a quote or project is used only for that purpose. We do not repurpose, sell or use your data for marketing without your explicit consent.
Principle 3
Data Minimisation
We only collect what is strictly necessary — typically your name, email, phone number and project details. Nothing more.
Principle 4
Accuracy
We keep your details accurate and up to date. You can contact us at any time to correct information we hold about you.
Principle 5
Storage Limitation
Enquiry data is deleted within 12 months. Customer records are retained for 6 years as required by HMRC. Your digital files are deleted 30 days after delivery.
Principle 6
Integrity & Confidentiality
Your data and physical documents are stored securely in a CCTV-monitored facility. Digital files are transferred via encrypted links. Only Stephen Loye handles your data.
Principle 7
Accountability
We take responsibility for our data protection obligations. We maintain records of our processing activities and are registered under the Data Protection Act 2018. We review our practices regularly to ensure ongoing compliance.
Our Lawful Basis for Processing
We process personal data on the following legal grounds under UK GDPR Article 6:
Contractual necessity (Art. 6(1)(b)) — to provide the digitisation services you have engaged us for
Legitimate interests (Art. 6(1)(f)) — to respond to enquiries and manage our business operations
Legal obligation (Art. 6(1)(c)) — to retain financial records as required by HMRC for 6 years
Where we process special category data (such as sensitive personal documents you submit for scanning), we do so solely to fulfil the contracted service and do not read, analyse or retain content beyond what is required for digitisation.
Your Rights Under UK GDPR
As a data subject you have the following rights. To exercise any of them, contact us at info@fioltadigital.co.uk — we will respond within 30 days, free of charge.
Right of Access
Request a copy of all personal data we hold about you (a Subject Access Request).
Right to Rectification
Ask us to correct any inaccurate or incomplete personal data without undue delay.
Right to Erasure
Request deletion of your data where there is no lawful reason to continue holding it.
Right to Portability
Receive your personal data in a structured, machine-readable format to transfer to another service.
Right to Object
Object to processing based on legitimate interests where you feel your rights override ours.
Right to Restriction
Ask us to limit how we use your data while a dispute or objection is being resolved.
Data Breach Procedure
In the unlikely event of a personal data breach, Fiolta Digital will:
Assess the risk to individuals within 24 hours of becoming aware
Report any high-risk breach to the ICO within 72 hours as required by UK GDPR Article 33
Notify affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms
Document all breaches in our internal breach register regardless of whether reporting is required
Third-Party Data Processors
We use a small number of trusted third-party services. All are GDPR-compliant and subject to data processing agreements:
Formspree (formspree.io) — processes website contact form submissions. Data is encrypted in transit and stored briefly before forwarding. Privacy policy →
Google LLC — Google Fonts are loaded from Google's servers when you visit our website. Your IP address may be transmitted to Google as a result. Privacy policy →
We do not use any advertising platforms, social media tracking pixels, or analytics tools that would result in your data being shared with third parties for marketing purposes.
Supervisory Authority
Fiolta Digital is registered under the UK Data Protection Act 2018. The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO).
If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the ICO:
Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would always appreciate the opportunity to address your concerns directly before you contact the ICO — please reach out to us first at info@fioltadigital.co.uk.