GDPR Compliance

Your data protection rights explained

The UK General Data Protection Regulation (UK GDPR), together with the Data Protection Act 2018, sets out rules for how organisations must handle personal data. This page explains how Glimplex Tiles Ltd complies with these requirements and outlines your rights as a data subject.

Our Commitment

We take data protection seriously. Our approach is built on the following principles:

  • We collect only the personal data necessary for specific, stated purposes
  • We are transparent about what data we collect and how we use it
  • We implement appropriate security measures to protect your information
  • We retain data only for as long as necessary
  • We respect and facilitate your rights as a data subject

Data Controller

Glimplex Tiles Ltd acts as the data controller for personal information collected through our shop, website, and services. This means we determine why and how your data is processed.

Contact details:
Glimplex Tiles Ltd
47 Riverside Walk
Bristol, BS1 4QH
Email: [email protected]

Lawful Bases for Processing

Under UK GDPR, we must have a valid legal reason to process personal data. We rely on the following lawful bases:

Contract Performance

When you purchase from us or subscribe to our services, we process your data to fulfil our contractual obligations. This includes processing orders, arranging delivery, and managing your subscription preferences.

Legitimate Interests

We may process data where we have a legitimate business interest, provided it doesn't unfairly affect your rights. Examples include improving our services, preventing fraud, and maintaining security. We conduct balancing tests to ensure our interests don't override yours.

Consent

For certain processing activities, such as sending marketing communications or using non-essential cookies, we obtain your explicit consent. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Legal Obligation

Sometimes we must process data to comply with the law, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.

Your Rights Under UK GDPR

You have several rights regarding your personal data:

Right to Be Informed

You have the right to know how we collect and use your data. Our Privacy Policy and this page provide this information. We will notify you if we intend to use your data for any new purpose.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of receiving your request, free of charge in most cases. If requests are manifestly unfounded or excessive, we may charge a reasonable fee.

Right to Rectification

If the data we hold is inaccurate or incomplete, you have the right to have it corrected. We aim to process rectification requests within one month.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your data in certain circumstances, such as when it's no longer necessary for the original purpose or you withdraw consent. This right doesn't apply where we have a legal obligation to retain data.

Right to Restrict Processing

You can ask us to limit how we use your data while a complaint is investigated or if you contest its accuracy. During restriction, we may store but not actively use the data.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used format (such as CSV) to transfer to another provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. For marketing, we will stop processing immediately upon objection. For other objections, we will consider whether our interests override your rights.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. Our book recommendations involve human curation and do not constitute automated decision-making in this sense.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected] with:

  • Your name and contact details
  • The specific right you wish to exercise
  • Any relevant details to help us locate your data

We may need to verify your identity before processing your request. We will respond within one month, though complex requests may take up to three months (we will inform you if this is the case).

International Transfers

We primarily process data within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Data Breaches

We have procedures to detect, report, and investigate personal data breaches. Where a breach is likely to result in high risk to your rights and freedoms, we will notify you without undue delay and inform the Information Commissioner's Office within 72 hours where required.

Complaints

If you have concerns about how we handle your data, please contact us first so we can address the issue. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our GDPR compliance regularly and may update this page as our practices evolve or as regulations change. Significant updates will be communicated appropriately.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing, you consent to our use of cookies. Learn more