GDPR Compliance

Our commitment to protecting your data rights under the General Data Protection Regulation.

Effective date: January 2024

glittering-carrier is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about how we meet our obligations under these regulations.

Who We Are

For the purposes of data protection law, glittering-carrier is the data controller. This means we determine how and why your personal data is processed.

Business name: glittering-carrier
Registered address: 47 Colmore Row, Birmingham, B3 2BS, United Kingdom
Data protection contact: [email protected]

Principles We Follow

We adhere to the core principles of data protection as set out in the UK GDPR:

Lawfulness, Fairness, and Transparency

We process personal data only when we have a valid legal basis to do so. We are clear and open about how we use your information, and we do not use it in ways you would not reasonably expect.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes. We do not use data in ways incompatible with those original purposes without informing you.

Data Minimisation

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. We have procedures in place to rectify or erase inaccurate information.

Storage Limitation

We keep personal data only for as long as necessary for the purposes for which it was collected. We have established retention periods and securely dispose of data when it is no longer needed.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

Your Rights Under GDPR

The UK GDPR provides you with specific rights regarding your personal data:

Right to Be Informed

You have the right to know how we collect and use your personal data. This is provided through our Privacy Policy and any specific notices given at the point of data collection.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will action rectification requests within one month.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This right is not absolute and applies when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and no other legal basis applies
  • You object to processing based on legitimate interests and there are no overriding grounds
  • Data has been unlawfully processed
  • Erasure is required by law

Right to Restrict Processing

You can request that we limit the way we use your data in certain situations, such as while we verify the accuracy of data you have challenged.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose immediately.

Rights Related to Automated Decision-Making

You have rights regarding decisions made about you by automated processes, including profiling. We do not currently make any solely automated decisions that produce legal or similarly significant effects.

Exercising Your Rights

To exercise any of your rights under UK GDPR, please contact us at [email protected]. We may need to verify your identity before actioning your request.

We respond to all valid requests within one month. In exceptional circumstances involving complex or numerous requests, this may be extended by two months, and we will inform you of any such extension.

There is no fee for exercising your rights in most cases. However, we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when introducing new processing activities that may present high risks to individuals' rights and freedoms. This helps us identify and minimise data protection risks.

Data Breach Procedures

We have procedures in place to detect, investigate, and report personal data breaches. Where a breach is likely to result in a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Affected individuals will be informed directly if the breach poses a high risk to them.

International Data Transfers

We primarily process and store data within the United Kingdom. Where international transfers occur, we ensure adequate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules where applicable

Staff Training and Awareness

All staff members who handle personal data receive regular training on data protection principles and practices. This ensures everyone understands their responsibilities in protecting your information.

Supervisory Authority

The supervisory authority for data protection in the United Kingdom is the Information Commissioner's Office (ICO). If you have concerns about how we handle your data that we cannot resolve, you have the right to lodge a complaint with the ICO.

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our GDPR compliance practices regularly and update this page to reflect any changes. Material changes will be communicated to existing clients where appropriate.

Contact Us

For any questions about our GDPR compliance or to exercise your data protection rights, please contact:

Email: [email protected]
Address: Data Protection, glittering-carrier, 47 Colmore Row, Birmingham, B3 2BS