GDPR compliance.
Slick is built and hosted in the UK and built for the GDPR — the UK GDPR, and the EU GDPR for customers in the EEA. Here's our commitment, and how to exercise your rights.
Our commitment
The General Data Protection Regulation is the baseline we designed around, not a checkbox we bolted on. Data is hosted in the UK (England), access is controlled by default, and processing happens only for clear, stated purposes.
Lawful basis
We process personal data under performance of a contract, legitimate interests, consent and legal obligation, as set out in our Privacy Policy.
Your rights
If you're in the UK or EEA (and we extend these to everyone), you have the right to:
- Access — a copy of the personal data we hold about you.
- Rectification — correction of inaccurate data.
- Erasure — deletion, where no overriding obligation applies.
- Restriction & objection — to limit or object to certain processing.
- Portability — your data in a structured, machine-readable format.
How to exercise them
Email [email protected]. For data inside a workspace, your organisation is the controller, so we may route your request to your workspace administrator. We respond within one month, as the UK GDPR requires.
Data processing & subprocessors
Customers act as controllers for workspace content; Slick acts as processor under our Data Processing Agreement. We engage vetted subprocessors under equivalent terms and keep a current list.
International transfers
Data stays in the UK (England) by default. Any transfer outside the UK relies on UK adequacy regulations or the UK International Data Transfer Agreement (IDTA).
Breach notification
We maintain processes to detect and respond to personal-data breaches and to notify the ICO and affected customers within the timelines the UK GDPR sets.
Data Protection Officer
Reach our DPO at [email protected] for any privacy or data-protection matter.