GDPR Compliance
Your data protection rights explained
dazzlerush Ltd is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and explains your rights under these regulations.
Our Commitment to Data Protection
We take the security and privacy of your personal data seriously. Our data protection practices are designed to ensure that your information is handled lawfully, fairly, and transparently. We only collect data that is necessary for the purposes we have specified, and we take appropriate measures to keep it secure.
Data Controller
dazzlerush Ltd is the data controller for the personal data we process. This means we are responsible for deciding how your personal data is used and for ensuring it is processed in accordance with data protection law.
Data Controller: dazzlerush Ltd
Registration Number: 10847293
ICO Registration: ZA492817
Address: 47 Chancery Lane, London, WC2A 1PL, United Kingdom
Data Protection Contact: [email protected]
Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely on include:
Performance of a Contract
When you book our services, we process your personal data to fulfil our contractual obligations to you. This includes processing your contact details, session records, and payment information.
Legitimate Interests
We may process your data when it is in our legitimate interests to do so, provided these interests do not override your fundamental rights. For example, we may use your contact details to respond to enquiries or analyse website usage to improve our services.
Consent
For certain processing activities, such as sending marketing communications, we rely on your explicit consent. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Legal Obligation
We may process your data when required to comply with legal obligations, such as maintaining financial records for tax purposes.
Your Rights Under UK GDPR
The UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.
Right to Access
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month, free of charge in most circumstances.
Right to Rectification
You have the right to request correction of any inaccurate personal data we hold about you. We aim to rectify inaccurate data without undue delay.
Right to Erasure
In certain circumstances, you have the right to request deletion of your personal data. This right applies when the data is no longer necessary for its original purpose, you withdraw consent, or the data has been unlawfully processed.
Right to Restriction of Processing
You have the right to request that we limit how we use your data in certain circumstances, such as while we verify the accuracy of contested data.
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making in our services.
How to Exercise Your Rights
To exercise any of your rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by a further two months, in which case we will inform you.
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) when introducing new processing activities that may result in high risks to individuals' rights and freedoms. This helps us identify and minimise data protection risks.
Data Breach Procedures
We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and, where required, communicate the breach to affected individuals without undue delay.
International Data Transfers
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses, or other approved mechanisms, to provide adequate protection for your data.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, taking into account legal, accounting, and reporting requirements. Our retention periods are detailed in our Privacy Policy.
Third-Party Processors
When we engage third parties to process personal data on our behalf, we ensure they provide sufficient guarantees regarding their data protection practices. We enter into written contracts requiring processors to act only on our instructions and to implement appropriate security measures.
Complaints
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
Updates to This Information
We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically.
Contact Us
For any questions about our GDPR compliance or to exercise your data protection rights, please contact:
Data Protection Contact
dazzlerush Ltd
47 Chancery Lane
London, WC2A 1PL
Email: [email protected]