GDPR Compliance
Last updated: 31 March 2026
Maree Group LTD is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Our Commitment
As a company registered in England and Wales, we are subject to UK data protection law. We process personal data lawfully, fairly, and transparently. We collect only what is necessary, keep it accurate, and retain it only for as long as required.
2. Data Controller
- Controller: Maree Group LTD
- Company Number: 16662247
- Jurisdiction: England and Wales
- Contact: [email protected]
3. Legal Basis for Processing
| Purpose | Legal Basis | Details |
|---|---|---|
| Providing the Platform | Contract (Art. 6(1)(b)) | Necessary to fulfil our service agreement |
| Account authentication | Contract (Art. 6(1)(b)) | Session management, identity verification |
| Payment processing | Contract (Art. 6(1)(b)) | Stripe subscription management |
| Security and fraud prevention | Legitimate Interest (Art. 6(1)(f)) | Protecting our Platform and users |
| Analytics and improvement | Legitimate Interest (Art. 6(1)(f)) | Understanding usage to improve services |
| Tax and legal compliance | Legal Obligation (Art. 6(1)(c)) | HMRC, Companies House requirements |
| Marketing communications | Consent (Art. 6(1)(a)) | Only with explicit opt-in |
4. Your GDPR Rights
| Right | Description | How to Exercise |
|---|---|---|
| Right of Access | Obtain a copy of your personal data | Email [email protected] with "SAR" in subject |
| Right to Rectification | Correct inaccurate data | Via account settings or email |
| Right to Erasure | Request deletion of your data | Email [email protected] |
| Right to Restriction | Limit how we process your data | Email [email protected] |
| Right to Portability | Receive data in machine-readable format | Email [email protected] |
| Right to Object | Object to processing based on legitimate interest | Email [email protected] |
| Right to Withdraw Consent | Revoke consent at any time | Via account settings or email |
We will respond to all requests within 30 calendar days as required by UK GDPR.
5. Sub-Processors
| Sub-Processor | Location | Purpose | Safeguards |
|---|---|---|---|
| Stripe Inc. | USA | Payment processing | EU-US DPF, SCCs |
| OpenAI Inc. | USA | AI inference (managed mode) | DPA, SCCs |
| Anthropic Inc. | USA | AI inference (managed mode) | DPA, SCCs |
| Google LLC | USA | OAuth, SMTP, AI inference | EU-US DPF, SCCs |
| Microsoft Corp. | USA | OAuth, AI inference | EU-US DPF, SCCs |
Where data is transferred outside the UK, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs).
6. International Transfers
We transfer personal data to third countries outside the UK for processing by our sub-processors. We ensure that these transfers are made in accordance with UK GDPR requirements, including the use of Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) to protect your data.
7. Complaints
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF