GDPR Policy

1. Scope and who this policy applies to

This GDPR Policy explains how Design Glyphe LLC approaches personal data processing for people in the United Kingdom, European Union, and European Economic Area who interact with Forja, the enterforja.com website, related application flows, partnership enquiries, newsletter signups, and account/authentication experiences.

It is a companion to our Privacy Policy, which remains the main description of how we collect, use, retain, and protect personal data across Design Glyphe LLC services. It should also be read with our Cookie Policy and Terms & Conditions.

2. Controller identity and contact details

Design Glyphe LLC is the controller responsible for personal data processed through the Forja website and related service flows described on this page.

We do not currently identify a separate Data Protection Officer, EU representative, or UK representative on this website. If that changes, this page will be updated.

For rights requests, privacy complaints, or GDPR-related questions, contact legal@contact.enterforja.com.

3. Categories of personal data we may process

Depending on how you interact with Forja, we may process:

• contact details such as name, email address, phone number, country, and business identifiers
• application and business information submitted for Stage One, Stage Two, or partner qualification
• account and authentication data needed for sign-in, verification, and session security
• communications data from enquiries, legal notices, support requests, or email interactions
• limited usage and device data such as IP address, browser information, and site interaction signals
• records needed for prize administration, due diligence, finance, tax, or compliance where applicable

We do not use this page to claim processing of special category data as a standard website practice. If an exceptional process ever requires more sensitive information, we would address that through a more specific notice or agreement.

4. Lawful bases for processing

We rely on different lawful bases depending on the purpose of the processing.

Where we rely on legitimate interests, we do so only where those interests are not overridden by your rights and freedoms. Where we rely on consent, you may withdraw it at any time.

5. How this applies to key Forja flows

The main GDPR-sensitive flows on this website are straightforward:

• Competition applications. We process the information needed to review eligibility, administer participation, verify claims, and manage contestant communications.
• Partner enquiries. We process business and contact details to evaluate fit, respond, and manage follow-up conversations.
• Newsletter and contact flows. We process the details you submit to answer your request and, if you opt in, to send relevant updates.
• Account and authentication flows. We process sign-in credentials, verification codes, and session data to secure access and operate protected features.

We do not state here that every interaction is subject to the same legal basis. The basis depends on the exact activity, as described above and in the Privacy Policy.

6. International transfers and third-party processors

Forja relies on third-party service providers to operate the website and related workflows, including providers for hosting, database/authentication infrastructure, and transactional email. Based on the current site setup, this includes services such as Vercel, Convex, and Resend.

Some of these providers may process personal data outside the UK, EU, or EEA. Where that happens, we intend to rely on appropriate safeguards such as adequacy decisions, contractual protections, or other lawful transfer mechanisms made available under applicable data protection law.

For broader processor and retention detail, see the Privacy Policy.

7. Your GDPR rights

If UK GDPR, EU GDPR, or related data protection law applies to your interaction with us, you may have the right to:

• request access to the personal data we hold about you
• request correction of inaccurate or incomplete data
• request deletion of personal data in appropriate cases
• request restriction of processing in appropriate cases
• object to processing based on legitimate interests
• withdraw consent where consent is the legal basis
• request portability of data you provided to us
• complain to a relevant supervisory authority if you believe your rights have been infringed

To exercise any of these rights, email legal@contact.enterforja.com. We may need to verify your identity before fulfilling a request.

8. Retention principles and complaints

We keep personal data only for as long as it is reasonably needed for the purpose it was collected, for ongoing contractual or pre-contractual activity, for security and anti-fraud needs, or to satisfy legal and record-keeping obligations.

Specific retention examples are described in the Privacy Policy. If you believe we are processing your data unlawfully, contact us first so we can try to resolve the issue directly.

If you are not satisfied with our response, you may complain to the UK Information Commissioner's Office or, where applicable, another competent supervisory authority in the EU or EEA member state that is relevant to your situation.

9. How this page relates to our other legal policies

This page is meant to make our GDPR posture easier to review for UK and EU audiences. It does not replace the rest of our legal framework.

• Use the Privacy Policy for the primary explanation of data collection, use, retention, security, and contacts.
• Use the Cookie Policy for cookie categories, consent choices, and browser controls.
• Use the Terms & Conditions for the legal terms governing use of the website and participation in Forja.