Our commitment to protecting your data under the General Data Protection Regulation
Last updated: January 2024
gloss-harmony is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have implemented measures to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For the purposes of the GDPR, gloss-harmony acts as the Data Controller for personal information collected through our website and services.
Contact Details:
gloss-harmony
47 Meadowbrook Lane
Kensington, London W8 4PL
Email: [email protected]
The GDPR provides you with the following rights regarding your personal data:
You have the right to know how your data is being collected and used. Our Privacy Policy provides detailed information about our data processing activities.
You can request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month.
If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will make the necessary amendments promptly.
Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose.
You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
You can object to processing based on legitimate interests, direct marketing, or processing for research and statistical purposes.
You have rights related to automated decision-making, including profiling. We do not currently engage in automated decision-making that produces legal or similarly significant effects.
To exercise any of your GDPR rights, please contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.
We maintain records of our processing activities as required under Article 30 of the GDPR. Our processing activities include:
We rely on the following legal bases for processing personal data:
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
We have procedures in place to detect, investigate, and report personal data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.
We primarily process data within the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We review our GDPR compliance regularly and may update this document periodically. Please check back for the latest information about our data protection practices.