GDPR Compliance
Your data protection rights under UK GDPR
Our Commitment to Data Protection
Spritz Glint is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we comply with these regulations and how you can exercise your rights.
Data Controller Information
Spritz Glint is the data controller responsible for your personal data. Our contact details are:
Spritz Glint
128 Shoreditch High Street
London E1 6JE
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process your personal data under the following lawful bases:
Contract
Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes booking services, processing payments, and delivering our cooking services.
Legitimate Interests
Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests. This includes improving our services, fraud prevention, and internal business administration.
Consent
You have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications. You can withdraw consent at any time.
Legal Obligation
Processing is necessary to comply with legal obligations, such as tax and accounting requirements.
Your Rights Under UK GDPR
1. Right to Be Informed
You have the right to clear, transparent information about how we use your personal data. This is provided through our Privacy Policy and this GDPR page.
2. Right of Access
You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.
3. Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.
4. Right to Erasure (Right to Be Forgotten)
In certain circumstances, you can request deletion of your personal data. This applies when:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Note: We may be required to retain certain data for legal or accounting purposes.
5. Right to Restrict Processing
You can request that we limit the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
6. Right to Data Portability
You can request to receive your personal data in a structured, commonly used, and machine-readable format and have it transferred to another data controller.
7. Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
8. Rights Related to Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
How to Exercise Your Rights
To exercise any of your GDPR rights, email us at [email protected] with "GDPR Request" in the subject line. Include:
- Your full name and contact information
- Description of your request and which right you're exercising
- Any relevant details that help us locate your data
We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this by two additional months and will inform you of the extension.
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.
Data Protection Officer
Given the size and nature of our operations, we are not required to appoint a Data Protection Officer. However, data protection queries should be directed to [email protected].
Third-Party Processing
We work with third-party service providers who process data on our behalf (data processors). These include:
- Payment processing services
- Email communication platforms
- Website hosting providers
All processors are contractually bound to protect your data and process it only according to our instructions.
International Transfers
Your personal data is primarily stored and processed within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place, such as:
- Adequacy decisions by the UK government
- Standard contractual clauses approved by the ICO
- Binding corporate rules
Complaints
If you believe we have not handled your personal data correctly or that your rights have been violated, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: spritz-glint.com
We encourage you to contact us first so we can address your concerns directly.
Updates to This Page
We may update this GDPR compliance page to reflect changes in our data processing practices or legal requirements. Check back periodically for updates.