EU Representative — Article 27 GDPR
Regulation (EU) 2016/679 (General Data Protection Regulation)
Version 1.0 | Last updated: 11 May 2026
SummitBridge Horizon Ltd | Companies House 16419201 | ICO ZC112810
Why this page exists
SummitBridge Horizon Ltd is established in the United Kingdom, which since 1 January 2021 is a third country under the EU GDPR. Where we offer goods or services to data subjects in the EU, or monitor their behaviour as far as their behaviour takes place within the EU (Art. 3(2) GDPR), Article 27 GDPR requires us to designate in writing a representative in the Union.
Current status
Appointment in progress
The selection of our Article 27 EU representative is in its final vendor-evaluation phase. Once executed, this page will be updated with the representative's legal name, registered EU address, electronic-communication channel, and the supervisory authority of the Member State in which the representative is established.
Until the appointment is published here, data subjects in the EU may contact SummitBridge Horizon Ltd directly via the channels below. We treat such enquiries with the same diligence and within the same statutory timelines as if they had been received via an established representative.
Direct contact (interim)
- Data Protection Officer: [email protected]
- Privacy team: [email protected]
- Postal: Data Protection Officer, SummitBridge Horizon Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
- Online rights request: /legal/data-subject-rights
Role of an Article 27 representative
The EU representative is the point of contact for supervisory authorities and data subjects on all issues related to processing, in addition to or instead of the controller. The representative does not replace the controller's direct accountability and is not liable for the controller's compliance failures (recital 80 GDPR). Its core duties are:
- Receive enquiries from EU data subjects and forward them to us promptly;
- Cooperate with supervisory authorities on enforcement actions;
- Maintain a copy of the records of processing required under Article 30 GDPR.
Exemption assessment
We do not rely on the Article 27(2) exemption. Although our current EU-resident user base is limited (and we therefore qualify on the “occasional”-processing limb), our processing includes special-category data under Article 9 (CV/interview data through HumanBaseIQ) and is therefore not “unlikely to result in a risk to the rights and freedoms of natural persons”. The exemption does not apply and a representative is required.
Related pages
- Data Subject Rights Request — how to exercise your GDPR rights.
- AI Transparency Report — EU AI Act Article 13 disclosure.
- Sub-processors — current list of GDPR Art. 28 sub-processors.
- Impressum — service-provider information per § 5 DDG (Germany).