GDPR Compliance

Your data protection rights explained

Our Commitment to GDPR

luster-bliss is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and have implemented comprehensive measures to protect your personal data.

Who We Are

luster-bliss is the data controller for the personal information we collect. Our contact details are:

luster-bliss
47 Meadowbrook Lane
Westfield Business Park
Bristol BS8 4TH
United Kingdom
Email: [email protected]

Your Rights Under GDPR

The UK GDPR provides you with specific rights regarding your personal data:

Right to Be Informed

You have the right to know how we collect and use your personal data. This information is provided in our Privacy Policy and at the point of data collection.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We will make corrections within one month of being notified.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

  • When the data is no longer necessary for its original purpose
  • When you withdraw consent
  • When you object to processing and there are no overriding legitimate grounds

Right to Restrict Processing

You can request that we limit how we use your data while concerns are investigated or verified.

Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format, and have it transferred to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

You have rights relating to automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of these rights, please contact us:

  • Email: [email protected]
  • Post: 47 Meadowbrook Lane, Westfield Business Park, Bristol BS8 4TH

We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests.

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Contract: Processing necessary to provide services you've booked
  • Legitimate Interests: Processing necessary for our business operations, provided it doesn't override your rights
  • Consent: Where you've given clear consent for specific processing activities
  • Legal Obligation: Processing required by law

Data Protection Measures

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Staff training on data protection
  • Access controls and authentication
  • Data minimisation practices
  • Regular policy reviews

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in high risk to you, we will also notify you directly without undue delay.

International Transfers

Your personal data is stored and processed within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Complaints

If you're unhappy with how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Page

We review and update our GDPR compliance information regularly. This page was last updated in January 2024.