Legal · GDPR

GDPR Compliance

Motion House is committed to the principles of the European General Data Protection Regulation and to equivalent international standards. This page outlines how we apply those principles in practice.

Last updated · January 2026
01

GDPR Statement

Motion House handles personal data in a lawful, fair, and transparent manner. We process data only for clearly defined purposes, retain it only as long as necessary, and protect it with appropriate technical and organizational measures.

02

Data Protection Standards

  • Privacy by design and by default across all internal systems.
  • Documented records of processing activities maintained internally.
  • Vendor due diligence on every subprocessor before engagement.
  • Periodic reviews of access controls, retention schedules, and incident response procedures.
03

Lawful Processing

We process personal data on the basis of contractual necessity, legitimate interest, legal obligation, or explicit consent, as appropriate to the activity. Each processing purpose is mapped to a clearly identified lawful basis.

04

Your Rights

  • Right of access to the personal data we hold about you.
  • Right to rectification of inaccurate data.
  • Right to erasure where no overriding obligation requires retention.
  • Right to restriction of, or objection to, processing.
  • Right to data portability in a commonly used machine-readable format.
  • Right to lodge a complaint with your supervisory authority.
05

Access Requests

You may request a copy of the personal data we hold about you by contacting privacy@motionhouse.co. We respond to verified requests within thirty (30) days and may extend by a further sixty (60) days for complex requests with notice.

06

Deletion Requests

You may request deletion of your personal data at any time. We will honor verified deletion requests except where retention is required by law, necessary for the establishment or defense of legal claims, or otherwise permitted under Article 17(3) of the GDPR.

07

Retention Periods

  • Inquiry and contact data: up to 24 months from last interaction.
  • Operator profiles: for the duration of network membership and up to 24 months thereafter.
  • Engagement records and invoices: as required by applicable tax and accounting law (typically 6–10 years).
  • Analytics data: aggregated and retained on a rolling basis for service improvement.
08

Security Standards

We maintain technical and organizational measures appropriate to the risk, including encryption in transit and at rest, role-based access control, secure software development practices, and regular backups. Suspected incidents are investigated promptly and notified in accordance with applicable law.

09

International Compliance

Motion House operates globally and applies GDPR-grade standards across all jurisdictions in which it operates, including the United Kingdom GDPR, Switzerland's revised FADP, and applicable regulations in the United States, Canada, and the Asia–Pacific region. International transfers rely on Standard Contractual Clauses or equivalent safeguards.

This document forms part of Motion House's standard agreements. Back to Motion House