GDPR Compliance

Our Commitment to GDPR

At dazzle-clean, we are fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We respect your privacy rights and implement robust data protection practices across all our operations.

Data Controller Information

For the purposes of UK GDPR, dazzle-clean acts as the data controller for personal information we collect and process. Our contact details are:

Company Name: dazzle-clean
Email: [email protected]
Address: 42 Green Park Road, Manchester M15 6BT, United Kingdom

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so under UK GDPR Article 6:

1. Consent

We obtain your explicit consent before processing data for marketing communications or optional services. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

2. Contract Performance

Processing your personal information is necessary to fulfill our service contract with you, including scheduling, service delivery, and payment processing.

3. Legal Obligation

We process certain data to comply with legal requirements, such as tax laws, accounting regulations, and health and safety obligations.

4. Legitimate Interests

We may process data for legitimate business interests, such as fraud prevention, network security, and service improvement, provided these interests do not override your fundamental rights and freedoms.

Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request, along with details about how we use your data.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances, such as when data is no longer necessary for its original purpose or when you withdraw consent.

Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal or similarly significant effects. All service decisions involve human review.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: [email protected] with "GDPR Request" in the subject line
• Mail: 42 Green Park Road, Manchester M15 6BT, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this period by two months and will inform you of any delay along with the reasons.

Identity Verification

To protect your privacy, we will verify your identity before fulfilling data subject rights requests. We may request additional information to confirm your identity, particularly for access or erasure requests.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls with role-based permissions
• Staff training on data protection and security practices
• Incident response procedures for data breaches
• Regular backup and disaster recovery protocols

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach poses a high risk
• Document all data breaches, including facts, effects, and remedial actions taken

Data Protection by Design and Default

We incorporate data protection principles into all our business processes and systems from the outset. This includes:

• Collecting only necessary personal data
• Limiting access to personal data to authorized personnel
• Implementing privacy-enhancing technologies
• Regular privacy impact assessments for new processing activities
• Default privacy settings that maximize data protection

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we:

• Ensure they provide sufficient guarantees of GDPR compliance
• Execute written data processing agreements that specify their obligations
• Monitor their compliance with data protection requirements
• Ensure they implement appropriate security measures

International Data Transfers

We primarily store and process data within the United Kingdom. Any international transfers are conducted in accordance with UK GDPR Chapter V requirements, using appropriate safeguards such as:

• Adequacy decisions for countries with equivalent protection
• Standard contractual clauses approved by regulatory authorities
• Additional security measures where necessary

Children's Data

We do not knowingly process personal data of individuals under 18 years of age. Our services are directed to adults. If we discover we have inadvertently collected data from a minor, we will delete it promptly.

Data Retention Periods

We retain personal data only as long as necessary for the purposes for which it was collected:

• Service records: 7 years (accounting and legal requirements)
• Marketing consents: Until withdrawn
• Website analytics: 26 months
• Correspondence: 3 years after final contact

Accountability and Governance

We maintain comprehensive documentation demonstrating our GDPR compliance, including:

• Records of processing activities (Article 30)
• Data protection impact assessments for high-risk processing
• Evidence of consent where processing relies on consent
• Documentation of data subject rights requests and responses
• Staff training records on data protection

Supervisory Authority

The Information Commissioner's Office (ICO) is the UK supervisory authority for data protection. You have the right to lodge a complaint with the ICO if you believe we have not complied with data protection law:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: dazzle-clean.com

Updates to GDPR Compliance

We regularly review and update our GDPR compliance practices to reflect changes in legislation, guidance from regulatory authorities, and developments in our business operations. This page will be updated to reflect any significant changes.

Contact Our Data Protection Team

For any questions regarding GDPR compliance, data protection practices, or to exercise your rights, please contact us:

Email: [email protected]
Subject Line: GDPR Inquiry
Address: 42 Green Park Road, Manchester M15 6BT, United Kingdom