GDPR Compliance Statement

How WYLLØ LAB™ complies with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act.

Introduction

WYLLØ LAB™ (“we”, “us”, “our”) is committed to full compliance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act. We ensure transparent, secure and lawful processing of all personal data collected through our website, forms, communications and project interactions.

Scope of This Statement

This GDPR Compliance Statement applies to:

  • Visitors to our website
  • Clients and potential clients
  • Vendors and business partners
  • Individuals submitting inquiries or project briefs
  • Users exercising their privacy rights

Data Controller Information

WYLLØ LAB™ acts as the Data Controller for all personal data submitted through:

  • Contact forms
  • Email communication
  • Uploaded project files
  • Analytics (with consent)

You may contact us at: hello@wyllolab.com

Legal Basis for Processing

We process personal data under the following GDPR legal bases:

  • Art. 6(1)(b): Performance of a contract (project communication)
  • Art. 6(1)(a): Consent (forms, analytics cookies)
  • Art. 6(1)(f): Legitimate interest (security, system performance)
  • Art. 6(1)(c): Legal obligations (accounting, compliance)

Categories of Personal Data We Process

We may process one or more of the following:

  • Identity information (name, company name)
  • Contact information (email, phone)
  • Project details and briefs
  • Uploaded media and files
  • Website usage analytics (with consent)
  • Technical data (IP address, device information)

Processing Purposes

We process personal data to:

  • Communicate with you
  • Provide project estimates
  • Deliver design or creative work
  • Improve our services
  • Ensure website security
  • Prepare contracts and invoices

We do not sell personal data.

Data Protection Principles

We comply fully with GDPR principles:

  • Lawfulness, fairness, transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Your Rights Under GDPR & UK DPA

Users have the right to:

Access their data

Correct inaccurate data

Erase (“Right to be forgotten”)

Restrict processing

Object to processing

Data portability

Withdraw consent

Lodge a complaint

You can exercise any right by emailing: hello@wyllolab.com

Our Compliance Measures

We implement:

  • Encrypted TLS communication
  • Restricted data access
  • Secure infrastructure
  • Regular software updates
  • File minimization + deletion schedule
  • Consent-based analytics loading
  • Cookie preference management
  • Staff data protection awareness
  • Vendor compliance checks

International Data Transfers

If personal data is transferred outside the EU/UK, we use:

  • SCCs (Standard Contractual Clauses)
  • GDPR-compliant safeguards
  • Adequacy decisions

Data Retention

Typical retention:

  • Inquiry emails: 12–24 months
  • Project files: until project conclusion + legal period
  • Analytics data: per your cookie preferences

Updates to This Statement

This GDPR statement may be updated periodically to reflect legal or operational changes.

Last Updated: 2025-03-01

Questions about your privacy?

We respond to every inquiry related to data protection.

Contact Us