GDPR Compliance

Your data protection rights explained

Last updated: January 2024

The General Data Protection Regulation (GDPR) provides enhanced data protection rights for individuals within the European Union and European Economic Area, and has been incorporated into UK law following Brexit. At sparkle-frost, we are committed to upholding these rights and ensuring transparent data practices.

Our Commitment

We process personal data in accordance with GDPR principles, which require us to:

  • Process data lawfully, fairly, and transparently
  • Collect data only for specified, explicit, and legitimate purposes
  • Ensure data is adequate, relevant, and limited to what is necessary
  • Keep data accurate and up to date
  • Retain data only for as long as necessary
  • Process data securely with appropriate technical and organisational measures

Your Rights Under GDPR

As a data subject, you have several rights regarding your personal information:

Right to Be Informed

You have the right to know how your data is being collected and used. Our Privacy Policy provides this information in detail. We will always be clear about what data we collect and why.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to such requests within one month, providing the information free of charge in most circumstances.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We encourage you to keep us informed of any changes to your contact details or other information.

Right to Erasure

Also known as the "right to be forgotten," you may request that we delete your personal data in certain circumstances. This includes situations where the data is no longer necessary for its original purpose, or where you withdraw consent previously given.

Right to Restrict Processing

You can ask us to limit how we use your data while we address concerns you have raised, or in other specific circumstances defined by the regulation.

Right to Data Portability

Where technically feasible, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another organisation.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. Where you object to marketing, we will stop processing your data for that purpose immediately.

Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. Depending on the type of processing, this may include:

Contractual Necessity

We process data to fulfil our service agreements with you, including managing bookings, providing pet care, and handling payments.

Legal Obligations

Some processing is required to comply with laws and regulations, such as maintaining financial records for tax purposes.

Legitimate Interests

We may process data for legitimate business purposes, such as improving our services or ensuring security, provided this does not override your fundamental rights.

Consent

Where required, we will seek your explicit consent before processing. You have the right to withdraw consent at any time, and doing so will not affect the lawfulness of processing prior to withdrawal.

International Transfers

We primarily store and process data within the United Kingdom. If any data transfer outside the UK becomes necessary, we will ensure appropriate safeguards are in place as required by law.

Data Protection Officer

Given the scale of our operations, we have not appointed a formal Data Protection Officer. However, data protection queries are handled seriously by our management team and can be directed to [email protected].

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it. Where the breach poses a high risk, we will also notify affected individuals directly.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Address: Unit 7, Meadowbrook Business Park, Willow Lane, Cheshire, CW9 8TH

We may need to verify your identity before processing your request. We aim to respond to all legitimate requests within one month. If your request is particularly complex, we may extend this period by up to two further months, in which case we will inform you of the extension.

Complaints

If you are not satisfied with how we handle your data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:

Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns directly before you approach the ICO.

Updates to This Information

We may update this page to reflect changes in our practices or legal requirements. We encourage you to review it periodically.