Your data protection rights
glowing-dust is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the privacy and security of your personal data seriously.
glowing-dust is the data controller responsible for your personal data. Our contact details are:
glowing-dust
47 Culinary Lane
Marylebone, London W1U 4PQ
Email: [email protected]
Under UK GDPR, you have the following rights regarding your personal data:
You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month.
You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.
Also known as the "right to be forgotten", you can request that we delete your personal data in certain circumstances, including:
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we can demonstrate compelling legitimate grounds.
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you. We do not currently use automated decision-making processes.
To exercise any of these rights, please contact us at:
We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this by a further two months, but we will inform you of any extension within the first month.
We only process your personal data when we have a lawful basis to do so. The lawful bases we rely on include:
We primarily store and process your data within the United Kingdom. If we need to transfer your data outside the UK, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.
Last updated: January 2024