1. Introduction

This Policy sets out the obligations of Polished Rock Ltd. T/A MARTECH3D, a company registered in England and Wales under number 07467364, whose registered office is at International House, 64 Nile Street, London, N1 7SR (“the Company”) regarding data protection and the rights of customers and business contacts (“data subjects”) in respect of their personal data under Data Protection Law.

This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.


2. Definitions

Term Definition
Consent Freely given, specific, informed, and unambiguous indication of a data subject’s wishes.
Data Controller Natural or legal person/organization that determines the purposes and means of processing personal data.
Data Processor A person/organization processing personal data on behalf of a data controller.
Data Subject A living, identified, or identifiable natural person about whom the Company holds personal data.
EEA European Economic Area (EU Member States, Iceland, Liechtenstein, Norway).
Personal Data Any information relating to an identifiable natural person.
Personal Data Breach A breach leading to accidental/unlawful destruction, loss, or unauthorized access to personal data.
Processing Any operation performed on personal data, including collection, storage, retrieval, and deletion.
Pseudonymisation Processing personal data in a way that it cannot be linked to an individual without additional information.
Special Category Personal Data Data revealing racial/ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual orientation, biometric, or genetic data.

3. Scope


4. The Data Protection Principles

The GDPR sets out key principles that must be followed when handling personal data:

  1. Lawfulness, fairness, and transparency – Personal data must be processed lawfully and fairly.
  2. Purpose limitation – Data must be collected for specific, explicit, and legitimate purposes.
  3. Data minimization – Data collected should be relevant and limited to what is necessary.
  4. Accuracy – Data must be kept accurate and up to date.