Last Updated: June 19, 2026
We are committed to complying with the General Data Protection Regulation and protecting the personal data of individuals who interact with our services. This statement outlines how we fulfill our obligations under GDPR.
We process personal data under the following lawful bases:
For the purposes of GDPR, the data controller is the entity operating under the twilight-phantom.com twilight-phantom.com, contactable at [email protected].
As a data subject, you have the following rights:
You may request confirmation of whether we process your personal data and obtain access to such data along with information about how it is processed.
You may request correction of inaccurate personal data and completion of incomplete data.
You may request deletion of your personal data under certain circumstances, including when data is no longer necessary for the purposes for which it was collected.
You may request restriction of processing under certain circumstances, such as when you contest the accuracy of data or object to processing.
You have the right to receive personal data you provided to us in a structured, commonly used, machine-readable format and to transmit that data to another controller.
You may object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Where processing is based on consent, you have the right to withdraw that consent at any time.
We implement appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are reviewed and updated as necessary to maintain appropriate security levels.
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. When data is no longer required, it is securely deleted or anonymized.
We do not transfer personal data outside the United Kingdom or European Economic Area. Should such transfers become necessary, appropriate safeguards will be implemented to ensure data protection standards are maintained.
We do not use personal data for automated decision-making, including profiling, which produces legal effects or similarly significantly affects individuals.
In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within seventy-two hours of becoming aware of the breach. Affected individuals will be informed without undue delay if the breach is likely to result in high risk to their rights and freedoms.
To exercise any of your rights under GDPR, contact us at [email protected]. We will respond to your request within one month, though this period may be extended by two additional months for complex or numerous requests.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office, the UK supervisory authority for data protection.
This GDPR compliance statement may be updated to reflect changes in our practices or legal requirements. Material changes will be communicated through this website.