GDPR Compliance | Shine Spiral

Our Commitment to GDPR

Shine Spiral Ltd is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the protection of personal data seriously and have implemented comprehensive measures to safeguard the information entrusted to us.

Data Controller Information

For the purposes of data protection law, Shine Spiral Ltd is the data controller responsible for your personal data.

Registered Address:
Shine Spiral Ltd
47 Greenway Business Centre
Bristol BS2 0QD
United Kingdom

Company Registration: 08472193

Contact Email: [email protected]

Principles We Follow

In accordance with GDPR requirements, we adhere to the following data protection principles:

Lawfulness, fairness, and transparency: We process personal data lawfully and transparently
Purpose limitation: We collect data only for specified, explicit, and legitimate purposes
Data minimisation: We limit data collection to what is necessary
Accuracy: We keep personal data accurate and up to date
Storage limitation: We retain data only for as long as necessary
Integrity and confidentiality: We ensure appropriate security measures are in place
Accountability: We can demonstrate compliance with these principles

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to know how your personal data is being used. Our Privacy Policy and this GDPR statement provide this information.

Right of Access

You can request a copy of the personal data we hold about you. We will respond to such requests within one month.

Right to Rectification

If you believe any personal data we hold is inaccurate or incomplete, you can request correction.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we limit how we use your data while a complaint is being investigated or if processing is unlawful but you do not want the data erased.

Right to Data Portability

Where technically feasible, you can request your data in a structured, commonly used, machine-readable format to transfer to another organisation.

Right to Object

You can object to processing based on legitimate interests or direct marketing at any time.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Post: 47 Greenway Business Centre, Bristol BS2 0QD

We will respond to your request within one month. In complex cases, we may extend this by a further two months, in which case we will inform you of the extension and reasons.

Data Protection Measures

We have implemented appropriate technical and organisational measures to ensure the security of personal data, including:

Encryption of data in transit and at rest
Access controls limiting who can view personal data
Regular security assessments and updates
Staff training on data protection requirements
Secure disposal procedures for data no longer needed
Incident response procedures for data breaches

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in a high risk to you, we will also inform you directly without undue delay.

Complaints

If you are not satisfied with how we have handled your personal data or addressed your rights, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first so we can try to resolve any issues.

Updates to This Statement

This GDPR compliance statement may be updated periodically to reflect changes in our practices or legal requirements. The date of the last update is shown at the top of this page.

Last updated: January 2024