Home About Us Services Contact Get a Quote

GDPR Compliance

Your data protection rights under UK GDPR

Home/GDPR

Last updated: January 2024

Our Commitment to GDPR

gleam-facade is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and ensure that all personal data is processed lawfully, fairly, and transparently.

Data Controller

gleam-facade is the data controller responsible for your personal data. Our contact details are:

gleam-facade
47 Whitmore Lane
Leeds, LS12 4TH
United Kingdom
Email: [email protected]

Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR statement.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects. We do not use automated decision-making in our services.

Lawful Bases for Processing

We process personal data based on the following lawful bases:

  • Consent: Where you have given explicit consent for specific processing activities
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legal obligation: Where we are required to process data to comply with UK law
  • Legitimate interests: Where processing is necessary for our legitimate business interests, provided your rights do not override these interests

Data Processing Activities

We process personal data for the following purposes:

  • Responding to enquiries and providing quotes
  • Delivering renovation and design services
  • Managing client relationships
  • Sending service-related communications
  • Marketing communications (with consent)
  • Website analytics and improvement
  • Compliance with legal and regulatory requirements

Data Retention

We retain personal data only for as long as necessary:

  • Enquiry data: 2 years if no project proceeds
  • Client project data: 7 years after project completion
  • Financial records: 7 years as required by law
  • Marketing preferences: Until consent is withdrawn

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures

International Transfers

We do not routinely transfer personal data outside the United Kingdom. If any transfer becomes necessary, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk to your rights, we will also notify you directly.

Exercising Your Rights

To exercise any of your rights under UK GDPR, please contact us at [email protected]. We will respond to your request within one month. If we need more time, we will inform you of the delay and the reasons.

There is no fee for exercising your rights in most circumstances. However, we may charge a reasonable fee or refuse to comply with requests that are manifestly unfounded or excessive.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Statement

We may update this GDPR statement from time to time. Any changes will be posted on this page with an updated revision date.

We use cookies to improve your browsing experience and analyse site traffic. By clicking "Accept", you consent to our use of cookies. Learn more