GAPC is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). We treat data protection as a core responsibility, not a compliance exercise.
Our approach to data protection
We apply the following principles to all personal data processing:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Data controller
For the purposes of data protection law, GAPC acts as the Data Controller for personal data collected through this website and direct engagement.
Data subject rights
Individuals have the right to:
- Be informed about how data is used
- Access personal data held about them
- Request correction or erasure
- Restrict or object to processing
- Data portability (where applicable)
Requests can be made via the Contact page.
Third-party processors
Where third-party processors are used (e.g. hosting, analytics, email), we ensure appropriate contractual and security measures are in place.
Responsible AI & data ethics
Where AI-enabled tools or advisory services are involved, we apply responsible AI principles, including transparency, governance, risk awareness, and regulatory alignment.