Legal : Forly GDPR Policy
Last Updated: 06.01.25
Introduction
Forly Group LTD (hereafter “Forly,” “we,” “us,” or “our”) is committed to protecting the privacy and rights of all individuals whose data we process. This GDPR Policy explains how we comply with the General Data Protection Regulation (EU) 2016/679 (GDPR) when processing personal data related to individuals in the European Economic Area (EEA).
Scope
This policy applies to all employees, contractors, officers, and agents of Forly who handle or have access to personal data controlled or processed by Forly. It also applies to any third parties engaged by us to process personal data on our behalf.
Lawful Basis for Processing
Under GDPR, we only process personal data if we have a valid lawful basis. These include:
Consent: We obtain clear and explicit consent from individuals for specific processing activities (e.g., sending marketing emails).
Contract: Processing is necessary for the performance of a contract with the data subject (e.g., to provide our storytelling services via the Forly App).
Legal Obligation: Where processing is required by law (e.g., retaining financial records).
Legitimate Interests: We may process data to further our legitimate interests, provided that such processing does not override the fundamental rights and freedoms of data subjects.
Data Collection and Use
Minimal Data: We collect only the personal data strictly necessary for the purposes stated in our Privacy Policy.
Children’s Data: We implement additional safeguards where children’s data is concerned, including parental consent mechanisms and high-privacy defaults.
Purpose Limitation: We ensure data is used only for the purpose(s) stated at the time of collection or compatible purposes.
Accuracy: We strive to keep personal data accurate and up to date, and encourage data subjects to notify us of any changes.
Data Subjects’ Rights
Individuals have the right to:
Access their personal data and obtain a copy (Article 15).
Rectification of inaccurate or incomplete data (Article 16).
Erasure (“Right to be Forgotten”) under certain conditions (Article 17).
Restriction of processing (Article 18).
Data Portability (Article 20).
Object to processing based on legitimate interests or direct marketing (Articles 21-22).
Withdraw Consent at any time, if processing is based on consent (Article 7).
Forly responds to data subject requests without undue delay and within one month at the latest, subject to any extensions permitted by law.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected (e.g., providing our services) or as required by law. Please see our Privacy Policy for retention schedules related to different data categories.
Data Security
Technical Measures: Encryption, secure servers, firewalls, and access controls.
Organizational Measures: Internal policies and training for staff, access on a need-to-know basis, and vendor due diligence.
Breach Notification: In the event of a personal data breach likely to result in a high risk to individual rights and freedoms, we will notify the relevant supervisory authority (and potentially affected data subjects) without undue delay.
International Data Transfers
If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or adequacy decisions.
Updates to This Policy
We may occasionally update this GDPR Policy to reflect changes in legislation or our data processing practices. Any updates will be posted on our website, and the “Last Updated” date at the top will indicate when the changes took effect.
Contact Us
If you have questions about this GDPR Policy, your rights, or wish to lodge a complaint, please contact us at:
Forly Group LTD
Address: 13 Old Port Road, Wenvoe, Vale of Glamorgan, UK, CF56AL
Email: hello@forlygroup.com
If you remain unsatisfied, you have the right to lodge a complaint with your local data protection authority in the EEA.