Introduction

Sparkling Shore is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains our data protection practices and your rights as a data subject.

Data Controller

Sparkling Shore is the data controller responsible for your personal information. Our contact details are:

Sparkling Shore
17 Meadowbank Lane
Kendal, Cumbria
LA9 4RH
United Kingdom
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for us to process your data
  • Contract: When processing is necessary for a contract with you
  • Legal Obligation: When we must process data to comply with the law
  • Legitimate Interests: When processing is necessary for our legitimate business interests

Your Rights Under UK GDPR

Right to Access

You have the right to request a copy of the personal information we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal information.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your personal information.

Right to Data Portability

You can request a copy of your data in a structured, commonly used format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.

International Data Transfers

We do not transfer personal data outside the United Kingdom. If this changes, we will ensure appropriate safeguards are in place.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are:

  • Enquiry data: 2 years from last contact
  • Client data: 7 years after project completion
  • Website analytics: 26 months

Complaints

If you believe we have not handled your data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page.