Your data protection rights explained
Beryl Glow is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and ensure that all personal data is processed lawfully, fairly, and transparently.
Beryl Glow acts as the data controller for personal information collected through our website and services. Our contact details are:
Beryl Glow
47 George Street
Edinburgh EH2 2HT
Email: [email protected]
The GDPR provides you with the following rights regarding your personal data:
You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month of receiving it.
If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will respond to your request within one month.
Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, including:
You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing.
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
You have the right to object to processing based on legitimate interests, direct marketing, and processing for research or statistical purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making in our services.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:
Where processing is likely to result in a high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise data protection risks.
To exercise any of your GDPR rights, please contact us at [email protected]. Please provide sufficient information to verify your identity and specify which right(s) you wish to exercise.
We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by a further two months, but we will inform you within the first month.
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance information from time to time. Any significant changes will be communicated through our website.