GDPR Compliance

Last updated: January 2024

Our Commitment to Data Protection

Glimmer Hands is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We respect your privacy and are dedicated to protecting your personal data.

Data Controller

Glimmer Hands acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact details:
Glimmer Hands
47 Brentwood Lane
Manchester, M15 4QH
Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides the following rights:

Right to Be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides this information.

Right of Access

You can request a copy of all personal data we hold about you. We will respond within one month of receiving your request.

Right to Rectification

You can ask us to correct any inaccurate personal data or complete incomplete data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can ask us to limit how we use your personal data while we verify its accuracy or determine the legitimate grounds for processing.

Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format to transfer to another organisation.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling in ways that produce legal effects concerning you.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Contract: Processing necessary to fulfil a contract with you
• Legitimate Interests: Processing necessary for our legitimate business interests, provided these do not override your rights
• Consent: Where you have given clear consent for us to process your data for a specific purpose
• Legal Obligation: Processing necessary to comply with the law

Data Transfers

We primarily store and process data within the United Kingdom. If data is transferred outside the UK, we ensure appropriate safeguards are in place to protect your information.

Data Retention

We retain personal data only for as long as necessary:

• Enquiry data: 2 years from last contact if no project proceeds
• Project data: 7 years after project completion (for warranty and legal purposes)
• Marketing preferences: Until you withdraw consent

Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly.

Exercising Your Rights

To exercise any of your rights, contact us at:

Email: [email protected]

We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity of the request.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Notice

We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.