GDPR Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union and United Kingdom. As a UK-based business, Dazzling Surge is fully committed to GDPR compliance and protecting the personal data of all individuals who interact with our services.
Legal Basis for Processing
We process your personal data under the following legal bases:
- Consent: When you explicitly agree to our processing of your data, such as when submitting a contact form
- Contract: When processing is necessary for fulfilling our contractual obligations to you
- Legitimate Interest: When we have a legitimate business interest, such as improving our services or preventing fraud
- Legal Obligation: When we are required by law to process your data
Your Rights Under GDPR
As a data subject, you have the following rights:
Right to Access
You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a commonly used electronic format.
Right to Rectification
If you believe any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.
Right to Erasure
Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object
You have the right to object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at:
Email: [email protected]
Subject Line: GDPR Data Request
Address: 42 Greenfield Business Park, Bristol BS16 7FH, United Kingdom
We will respond to your request within one month of receipt. In complex cases, this period may be extended by two additional months, and we will inform you of any such extension.
Data Protection Officer
For any questions regarding our data protection practices or GDPR compliance, you may contact our Data Protection Officer at [email protected].
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit and at rest
- Regular security assessments and audits
- Access controls and authentication mechanisms
- Staff training on data protection and security
- Incident response and breach notification procedures
International Data Transfers
We primarily process data within the United Kingdom. If we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, where feasible.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
- Service delivery and customer support
- Legal and regulatory compliance
- Resolution of disputes and enforcement of agreements
When data is no longer required, we securely delete or anonymize it in accordance with our data retention policy.
Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Website: dazzling-surge.com
Updates to This Statement
We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised date.