GDPR Compliance

At Gleam Spot, we are committed to ensuring that your personal data is protected and handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about our compliance measures and your rights.

Data Controller

Gleam Spot is the data controller responsible for your personal data. Our contact details are:

Gleam Spot
47 Meadow Lane
Bristol, BS4 2TP
Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. We are committed to honouring these rights:

Right to Be Informed

You have the right to know how your personal data is being collected and used. Our Privacy Policy and this GDPR page provide this information transparently.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to valid requests within one month.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make corrections promptly upon verification.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

• When the data is no longer necessary for its original purpose
• When you withdraw consent (where consent was the legal basis)
• When the data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your personal data while we verify accuracy or investigate concerns.

Right to Data Portability

You can request your personal data in a structured, commonly used format and have it transferred to another organisation where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling. We do not currently use automated decision-making that has legal or similarly significant effects.

How We Process Your Data

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The bases we rely on include:

• Contractual necessity: Processing required to deliver our pet care services
• Consent: Where you have explicitly agreed, such as for marketing emails
• Legitimate interests: For business operations, service improvement and security
• Legal obligation: Where required by law

Data We Collect

We collect only the data necessary for providing our services:

• Contact information for booking and communication
• Pet information to deliver appropriate care
• Payment details processed securely by third parties
• Website usage data for improving our services

Data Protection Measures

We implement appropriate technical and organisational measures to protect your data:

• Secure storage systems with access controls
• Encryption for data transmission
• Regular security assessments
• Staff training on data protection
• Data minimisation practices
• Regular review of data retention

Data Retention

We retain personal data only for as long as necessary:

• Active client records: Duration of service relationship plus 7 years
• Marketing consent records: Until withdrawal of consent
• Website analytics: 26 months maximum
• Enquiry records: 2 years from last contact

International Data Transfers

Your data is primarily stored within the UK. Where data is transferred internationally (for example, through cloud service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Third-Party Processors

We work with carefully selected third-party processors who comply with UK GDPR requirements. These include:

• Payment processors for secure transactions
• Email service providers for communications
• Website hosting services
• Analytics tools for website improvement

All processors are bound by data processing agreements ensuring your data is protected.

Data Breach Procedures

In the unlikely event of a personal data breach, we have procedures in place to:

• Detect and investigate the breach promptly
• Notify the ICO within 72 hours where required
• Inform affected individuals where there is high risk
• Document all breaches and actions taken

Exercising Your Rights

To exercise any of your data protection rights, please contact us:

• Email: [email protected]
• Post: Gleam Spot, 47 Meadow Lane, Bristol, BS4 2TP

Please provide sufficient information to verify your identity and specify which right you wish to exercise. We will respond within one month of receiving your request.

Complaints

If you are unhappy with how we have handled your data, you have the right to complain to the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

Updates to This Information

This GDPR information page may be updated periodically to reflect changes in our practices or legal requirements. We recommend reviewing it regularly.