GDPR Compliance

Last updated: May 14, 2026

Our Commitment to GDPR

GlimmerHaze Spire is committed to complying with the General Data Protection Regulation (GDPR) and UK data protection laws. This page outlines how we meet our obligations and protect your rights.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for us to process your information
  • Contract: When processing is necessary to fulfill our service agreement with you
  • Legal Obligation: When required by law
  • Legitimate Interests: When necessary for our legitimate business interests, provided your rights are not overridden

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your data in specific situations.

Right to Data Portability

You can request a copy of your data in a commonly used format for transfer to another provider.

Right to Object

You can object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to complain to the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In some cases, we may request additional information to verify your identity before fulfilling your request.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. Booking and service records are typically retained for:

  • Active client records: Duration of service provision plus 6 years
  • Email correspondence: 3 years from last contact
  • Website analytics: 26 months

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encrypted data transmission (SSL/TLS)
  • Secure data storage with access controls
  • Regular security assessments
  • Staff training on data protection
  • Secure backup procedures

Data Processing Activities

We process personal data for the following purposes:

  • Service delivery and booking management
  • Communication with clients
  • Website functionality and improvement
  • Legal compliance and record-keeping
  • Fraud prevention and security

Third-Party Data Sharing

We may share data with third parties only when necessary and under appropriate safeguards:

  • Service providers bound by confidentiality agreements
  • Legal authorities when required by law

We do not sell personal data to third parties.

International Data Transfers

Your data is stored and processed within the United Kingdom. If we need to transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Data Protection Officer

For data protection queries, please contact:

Email: [email protected]

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated via email or website notification.